Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by V‚ronique on 22/05/2015 at 18:11:14,05. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dokter\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-05-22-160414.log 14226 bytes ==== Empty Folders Check ====================== \1D4.tmp \2432.tmp \8036.tmp \acrord32_sbx \acro_rd_dir \Adobe_ADMLogs \avastBCLTMP \comh.121925 \Edu App \Low \plugtmp \plugtmp-1 \WPDNSE \_avast_ ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1386569922-1583113225-2031889642-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-1386569922-1583113225-2031889642-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-6.exe C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.exe C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\hnsbCD80.tmp C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe C:\Users\Dokter\Downloads\zoek(1).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rycimizu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rycimizu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SearchProtectionService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LavasoftTcpService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\8tghpy5z.default ---- FireFox user.js and prefs.js backups ---- user_052015_1833_.backup prefs_052015_1833_.backup ProfilePath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default ---- Lines ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893 removed from prefs.js ---- user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.InstallationThankYouPage", true); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.InstallationTime", 1432143193); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.active", true); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.addressbar", "NA"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.addressbarenhanced", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.asyncdb.was_copied", "true"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.asyncinternaldb.was_copied", "true"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.backgroundver", 9); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.certdomaininstaller", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.changeprevious", false); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+ user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallationTime.value", "%221432143193%22"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002974%22%2 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.load_balancer.expiration", "Fri May 22 2015 22:37:37 GMT+020 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+010 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.previous_page.value", "%22https%3A//nl.unibet.be/start%22"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Rom user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.user_id.value", "%2214d7264a8ab0d3843c93e39224eea56a%22"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comad4db60df25f14dae user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comad4db60df25f14dae user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncdb_dbWasSet" user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncdb_dbWasSet_ user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncinternaldb_d user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.comasyncinternaldb_d user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.description", "Lights out for YouTube"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.domain", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.enablesearch", false); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.homepage", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.iframe", false); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A% user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 G user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002974% user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%2200 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_b user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_appVer.value", "61"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:0 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GM user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_nextCheck.expiration", "Fri May 22 2015 22:31: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 G user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__ad_server_domain.expiration", "Fri Feb 01 20 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__ad_server_domain.value", "%7B%22a%22%3A%22sl user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__ad_server_domains_last_update.expiration", " user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__ad_server_domains_last_update.value", "14323 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.expiration", "Fri Feb 01 20 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_rules.expiration", "Fri Feb 01 20 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_version.expiration", "Fri Feb 01 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_version.value", "4"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__global_rules.expiration", "Fri Feb 01 2030 0 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__global_rules.value", "%5B%7B%22rules%22%3A%7 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__global_rules_verion.expiration", "Fri Feb 01 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__global_rules_verion.value", "8"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_daily_visit.expiration", "Sat May 23 20 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_daily_visit.value", "1432305457677"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_fifty_test_update_check.expiration", "F user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_fifty_test_update_check.value", "143223 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_impression_time.expiration", "Fri Feb 0 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__last_impression_time.value", "1432305666697" user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__marketing_rules.expiration", "Fri Feb 01 203 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__marketing_rules.value", "%7B%22rules%22%3A%5 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__marketing_rules_verion.expiration", "Fri Feb user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__marketing_rules_verion.value", "59"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pages_visited_count.expiration", "Fri Feb 01 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pages_visited_count.value", "2"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pagevies_count_22.4.2015.expiration", "Mon J user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pagevies_count_22.4.2015.value", "10"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pagevies_count_23.4.2015.expiration", "Tue J user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__pagevies_count_23.4.2015.value", "18"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__total_impressions_today.expiration", "Sat Ma user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__total_impressions_today.value", "3"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__total_impressions_today_siteunder.expiration user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__total_impressions_today_siteunder.value", "3 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__verions_data.expiration", "Fri May 22 2015 2 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__verions_data.value", "%7B%22global_rules_ver user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00: user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__defualt_browser__.value", "%22crossbrowser%22"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+010 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%2 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Fe user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledWithHash.value", "null"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_regBundledWithSoftware.expiration", user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B% user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.reporting_user_key_index.expiration", "Sat May 17 2025 1 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.reporting_user_key_index.value", "750"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.lastDailyReport", "1432305059688"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.lastUpdate", "1432305057795"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.manifesturl", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.name", "CinemaPlus-3.2c"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.newtab", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.opensearch", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.pluginsurl", "http://js.devopenrack.com/plugin/apps/72893/plugins/n user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.pluginsversion", 48); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.publisher", "Cinema Plus"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.searchstatus", 0); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.setnewtab", false); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.thankyou", ""); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.updateinterval", 360); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.ver", 61); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.apps", "72893"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.bic", "14d7264a8ab0d3843c93e39224eea56a"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.cid", 72893); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.firstrun", false); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.hadappinstalled", true); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.installationdate", 1432143309); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.installerAdditionalInfo", "{\"asw\":[67108866, -2147483643, 4096, 1057024 user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.modetype", "production"); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.reportInstall", true); user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.statsDailyCounter", 4); ---- Lines quick_start removed from prefs.js ---- user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "14d7264a8ab0d3843c93e39224eea56a"); ---- Lines Sweet removed from prefs.js ---- user_pref("browser.search.defaultenginename", "sweet-page"); user_pref("browser.search.searchengine.alias", "sweet-page"); user_pref("browser.search.searchengine.iconURL", "http://www.sweet-page.com/favicon.ico"); user_pref("browser.search.searchengine.name", "sweet-page"); user_pref("browser.search.searchengine.url", "http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=c user_pref("browser.search.selectedEngine", "sweet-page"); user_pref("extensions.sweetsearch@gmail.com.install-event-fired", true); ---- FireFox user.js and prefs.js backups ---- user_052015_1833_.backup prefs_052015_1833_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "WinCheck"=- "SmartWeb"=- "gmsd_be_199"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "upgmsd_be_199.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== C:\Users\Dokter\AppData\Local\D831B801-1432149605-11CB-A2B6-C4FDB65A6E5B not found C:\Users\Dokter\AppData\Local\gmsd_be_199 not found C:\Program Files (x86)\globalUpdate not found c:\programdata\{a1e262a4-779b-1e0b-a1e2-262a47798a91} not found C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com not found C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\extensions\searchffv2@gmail.com not found C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\extensions\sweetsearch@gmail.com not found C:\Users\Dokter\AppData\Roaming\Enigma Software Group not found C:\Program Files (x86)\f1010b47-1aed-4f3a-bb98-d3773f914500 not found C:\ProgramData\b0d0f4e400000620 not found C:\ProgramData\{a1e262a4-779b-1e0b-a1e2-262a47798a91} not found C:\ProgramData\45208a21000034dd not found C:\Users\Dokter\AppData\Roaming\sweet-page not found C:\Program Files (x86)\Crossbrowse deleted C:\Program Files (x86)\gmsd_be_199 deleted C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B deleted C:\Program Files\Enigma Software Group deleted C:\Program Files (x86)\Edu App deleted C:\windows\SysNative\Tasks\Periodic Synchronize Task deleted C:\Program Files (x86)\Adobe\1413783d-df69-49fb-b2c0-e383e43c78e5.dll deleted C:\Program Files (x86)\Adobe\f1010b47-1aed-4f3a-bb98-d3773f914500.dll deleted C:\Users\Dokter\AppData\Roaming\VOPackage deleted C:\Users\Dokter\AppData\Roaming\sisreader.txt deleted C:\Users\Dokter\AppData\Roaming\ParetoLogic deleted C:\Users\Dokter\AppData\Roaming\DriverCure deleted C:\Users\Dokter\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted C:\Users\Dokter\AppData\Local\D831B801-1432149774-11CB-A2B6-C4FDB65A6E5B deleted C:\Users\Dokter\AppData\Local\globalUpdate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP deleted C:\Users\Dokter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted C:\Users\Dokter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-7.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-10_user.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-3.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-4.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-5.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-5_user.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-6.job deleted C:\Windows\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-7.job deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-7 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-3 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-4 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-5 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-6 deleted C:\windows\SysNative\Tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-7 deleted C:\Users\Dokter\Downloads\tb_free.exe deleted C:\Users\Dokter\AppData\LocalLow\SmartWeb deleted C:\windows\SysNative\drivers\innfd_1_10_0_14.sys deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted C:\windows\SysNative\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64.sys deleted C:\windows\SysNative\drivers\{d226c1ba-fd03-4e05-b5d6-46c2e5f82000}Gw64.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\SysWOW64\LavasoftTcpService.dll deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini deleted C:\Users\Dokter\AppData\Roaming\M2nXdhDm5cMnC2eZexuNwc.exe deleted "C:\Windows\tasks\Crossbrowse.job" deleted "C:\Windows\tasks\M2nXdhDm5cMnC2eZexuNwc.job" deleted "C:\Windows\tasks\Periodic Synchronize Task.job" deleted "C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\searchplugins\sweet-page.xml" deleted "C:\windows\SysNative\drivers\EsgScanner.sys" deleted "C:\Windows\Installer\1791fbbb.msi" deleted "C:\Windows\Installer\1791fbc0.msi" deleted "C:\Users\Dokter\AppData\Roaming\M2nXdhDm5cMnC2eZexuNwc" deleted "C:\Windows\tasks\M2nXdhDm5cMnC2eZexuNwc.job" deleted "C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\searchplugins\sweet-page.xml" deleted "C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe" deleted "C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.exe" deleted "C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-6.exe" deleted "C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe" deleted "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\ICSharpCode.SharpZipLib.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Interop.LavasoftTcpServiceLib.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\log4net.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\Newtonsoft.Json.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\System.Data.SQLite.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\WebCompanion.exe" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\en-US\WebCompanion.resources.dll" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\x86\SQLite.Interop.dll" deleted "C:\Users\Dokter\AppData\Local\SmartWeb" deleted "C:\Program Files (x86)\CinemaPlus-3.2cV20.05" not deleted "C:\Program Files (x86)\Infonaut_1.10.0.14" not deleted "C:\PROGRA~2\Lavasoft\Web Companion" deleted "C:\Users\Dokter\AppData\Local\SmartWeb" deleted "C:\Program Files (x86)\Infonaut_1.10.0.14\Service" not deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\en-US" deleted "C:\PROGRA~2\Lavasoft\Web Companion\Application\x86" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3937 MB CPU Info: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz CPU Speed: 2357,6 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; ThinkPad Display 1600x900 | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Intel(R) Centrino(R) Advanced-N 6205 | Bluetooth Device (Personal Area Network) | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7710H Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 281,3GB | Q: 15,6GB Hard Disks - Free: C: 215,5GB | Q: 3,8GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | 05/09/11 | LENOVO - 1090 Time Zone: Romance (standaardtijd) Motherboard *: LENOVO 78595AG Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 38.0.1 Internet Explorer Version: 10.0.9200.17357 Mozilla Firefox version: 38.0.1 (x86 nl) Google Chrome version: 42.0.2311.152 Adobe Reader version: 11.0.9.29 Sun Java version: 1.6.0_37 (32-bit) Flash Player version: 17.0.0.188 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-04-26 09:12:47 2169B4B1EFAA3453A4DA732F1F94C1E1 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Dokter\AppData\Local\Temp ==== 2015-05-20 17:33:41 F3E0BCAC0A50EA3B7571407A7DA325C7 32768 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateHelper.msi 2015-05-20 17:33:41 B38B1A334F5D0C18F9788450D1AFC9A3 220672 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\npglobalupdateUpdate4.dll 2015-05-20 17:33:41 A9ECA902185F41CF0FDEF207705B8C8C 155648 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\psuser.dll 2015-05-20 17:33:41 8DF6560ADF608ECDCE5CAF299062A135 46080 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateOnDemand.exe 2015-05-20 17:33:41 6419BCBF0B2569AACF4023942EADFCB8 46080 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateBroker.exe 2015-05-20 17:33:41 613B73392333921CB5D6455F28BBB77C 155648 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\psmachine.dll 2015-05-20 17:33:41 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateCrashHandler.exe 2015-05-20 17:33:41 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdate.exe 2015-05-20 17:33:41 2419F5578D48A86B42FA40031C6387FB 761856 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\goopdate.dll 2015-05-20 17:32:57 3728BDFD965107AA99798A76253610FC 13811544 ----a-w- C:\Users\Dokter\AppData\Local\Temp\3541.exe 2015-05-20 17:32:12 C0157AD57D34D1D608ADEA523B228266 59904 ----a-w- C:\Users\Dokter\AppData\Local\Temp\bitool.dll 2015-05-20 17:31:48 875D1153314632D8D6B6F06255EA9CAE 1918040 ----a-w- C:\Users\Dokter\AppData\Local\Temp\9553.exe 2015-05-20 17:16:27 CF99A6B67F8A4BAFA64775BD7CD49EEB 5794144 ----a-w- C:\Users\Dokter\AppData\Local\Temp\optprosetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-05-14 01:05:51 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:44:08 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:44:08 2665A3D34D1C62DF303723422215B001 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:43:52 418AEC0CE89A13200F2820079B9CDFD9 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll 2015-05-13 12:43:32 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 12:43:32 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 12:43:29 D0F574320615303ADECDCB452EBB8930 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2015-05-13 12:43:28 A44680B810977EA64E280523E96F2EA9 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-05-13 12:43:28 7A5824DC9A85FCE4334F57FF0795853E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2015-05-13 12:43:27 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 12:43:27 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-05-13 12:43:27 8C45A65ED20B487085B79EEFCC08D160 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2015-05-13 12:43:27 54A01CC4BC47B31C5CD082D064AB37BC 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-05-13 12:43:27 1569F20BB9DB9FDC87A6D3C8A3726ABF 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-05-13 12:43:26 FCB1C8345C794FE89ABA03B4CA3131BB 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 12:43:26 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-05-13 12:43:26 D9E25B4BD2120CC5183CCCE9421C7AFE 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-05-13 12:43:26 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-05-13 12:43:26 ABA025664F9F42C568B2C022AADCB18F 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-05-13 12:43:26 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-05-13 12:43:26 850F756363237A2EB069B9B25EF8BEC3 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-05-13 12:43:26 7F99900705E249E9D5C55E490B7D076E 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 12:43:26 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-05-13 12:43:26 66D6A06936088E412E29A182679F0D71 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 12:43:26 0B6E937863837BA3383E9CE9200DDF1E 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 12:43:25 F43CB86F9536B17E5C7CFCFB48ACBE54 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-05-13 12:43:25 99A508910BB06DFBE99D9AF7D6B4E950 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-05-13 12:43:25 79AF005633B7E41B7A194A7E7B9D3D93 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-05-13 12:43:25 741DB93796E7D4F3F804C13537FB40F4 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-05-13 12:43:25 6BB13D5E12C5C4D829C1D640DF269EA0 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-05-13 12:43:25 3346701038E55BD366F3D5CE31F55483 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 12:43:24 D9716B488CC27652C12B1B5E0944987E 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-05-13 12:43:24 D079A408CC3E22A09D1260A6F18FC0FD 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-05-13 12:43:24 9638DA21E965E23C85C4319F3F66D824 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 12:43:24 86B2AC15999BB4F8B5C84AB6154A1783 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-05-13 12:43:23 BF9BB4113E9FCDABD4C703DDD06293F3 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-05-13 12:43:01 C22AB1781BC6F0BB1C9B352CF66DBFFC 1250816 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:42:57 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 12:42:54 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2015-05-13 12:42:49 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll 2015-05-13 12:42:49 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll 2015-05-13 12:42:49 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-05-13 12:42:45 EF79CE2223DBB34195C125CD1B9CD78B 14374400 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:42:37 1726033BFC934BFE2276A4DD2B4951C7 13771776 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:42:35 AE28C39EBBE1FC865742CFC7C9A3A21B 2055680 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:42:35 ACD04580E2E11AAA14CAD27031F91444 1181696 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:42:35 39FA6C7F56B65F6FB3B8074CD5D12A96 1763328 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:42:34 AF35A16DC6EF533B80375E2D79125C31 524288 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:42:34 811F26BEBCC165C788BE88B115CD03AE 690176 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:42:33 9168575AF895E2BEB659BC3206174903 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:42:33 70252873793AD323399C389A25FEA4C5 361984 ----a-w- C:\Windows\SysWOW64\html.iec 2015-05-13 12:42:32 E1AB3DD3AF469497E06DEA5673E63CEC 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:42:32 B698F255B70B9D3497CB3FBEDE165948 80384 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:42:32 93B9C5CF982C696522A712C9561E2951 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:42:32 8D37BEBE3F952454FEC73B45EFD2F68F 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2015-05-13 12:42:32 83463B16F52DBA5F6E35BD54793FE59D 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:42:32 0CA55B9A2916A8B4857B1404DF80D174 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:42:31 B5C9358C6DCAE1D40EF78A30F9D9A793 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-05-13 12:42:31 8D2A465B1A23EE8ACBF1343B69DA5E66 2864640 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:42:31 83C40919BD1CEB87A724812EE2CA646F 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:42:31 7C1AB7A756BEFB4CB293560B5779414B 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:42:31 4517B4EC74477452CF14F7F95C100229 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:42:31 34978AA45AC4561222E4896C2CCB665C 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:42:31 1BBBDF0BB269BE9122A9BED3B851ECDD 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:42:31 065234B88A43D2E462BEDE0E0539DD95 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-05-18 15:47:32 98365BF907B4AE961FA29C91E32B5578 2928 ----a-w- C:\Windows\Sysnative\LavasoftTcpServiceOff.ini 2015-05-18 15:47:30 AE3B39538706AFF8952E7D06EF2D3E2C 429392 ----a-w- C:\Windows\Sysnative\LavasoftTcpService64.dll 2015-05-14 01:05:51 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:44:08 ED4B980701D081AC42F7B121C1E42149 460800 ----a-w- C:\Windows\Sysnative\certcli.dll 2015-05-13 12:44:08 8AD8D17425C75D2621B2CDFE0DEABD21 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-05-13 12:44:00 71C85477DF9347FE8E7BC55768473FCA 328704 ----a-w- C:\Windows\Sysnative\services.exe 2015-05-13 12:43:52 2B36E0C5C262437E1B098344DEFA55F8 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll 2015-05-13 12:43:51 6B0F962B1EE486FFE7BCABBC9C736976 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll 2015-05-13 12:43:35 EA8A3E8C674B03CB4AFA1D344DBD7BC1 1254400 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2015-05-13 12:43:35 D449C36379EBEFD3CCDAEC328002BB5B 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2015-05-13 12:43:34 A985325F4FE72FB003749A2FBBA9952E 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-05-13 12:43:34 8453010B6512DAEAFC61CC0836FA137E 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-05-13 12:43:31 10D39E74B0D5011A8C199B9646579C3F 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2015-05-13 12:43:28 DA8B541825991F6699790E617FF0FF60 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-05-13 12:43:28 B01B21E15671ACD3F0AD131DC4CABFC7 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2015-05-13 12:43:28 408A8232E84515E4AA819E0C95E65257 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-05-13 12:43:28 1C9F2F4A2C603739BD8CC8C64310AFD7 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-05-13 12:43:27 FDF1E0FD74DED0034BA6FFB665E0641E 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-05-13 12:43:27 EE27E1D639E3807229C15AF94320CF0A 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2015-05-13 12:43:27 E55A72876BC5E244D0A8F7F07862A939 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-05-13 12:43:27 D17DD01601460F5899E5C154B3FD0BFA 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-05-13 12:43:27 CCAB9BE9C9100C5F54A5A8F355730841 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-05-13 12:43:27 A0BCD6A64281492EFAE02AC144A335F1 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-05-13 12:43:27 9C5DBA74D0C641C2A4ABDC79969B7BEF 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2015-05-13 12:43:27 52146DBFE253B83FAB1980AA704C7974 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2015-05-13 12:43:27 0CD609B1143961F5C3BA691729A6A5DA 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-05-13 12:43:26 FE60A67032A5C94F6ACE483C8FE84105 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2015-05-13 12:43:26 E1B0C7042BA7B8903D60DF3885F2DFE7 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-05-13 12:43:26 DA5EF2CC0764BE7097BAFA9CAF903FE8 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-05-13 12:43:26 D2602AC48B38FA10956E32D18E7143B0 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-05-13 12:43:26 CD3770C78AFFC223A3B9D38F27B7A309 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-05-13 12:43:26 BB7BAF9532DBA5AB4009E981687D1EA6 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2015-05-13 12:43:26 ACE24D86D2714FCC1639F890DF54951B 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-05-13 12:43:26 A3DCC3D8BB57E31EA07949313CC3A3CF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-05-13 12:43:26 9262D6E2C239EDD6D87B080F2BCCEC9F 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-05-13 12:43:26 8C711AF30BE3991050D0D011D92CFBE0 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-05-13 12:43:26 79F036EB691ABBA84E8EB1715E5F2B17 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2015-05-13 12:43:26 52935C072F8D5A92508AA3A3CC9133C7 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-05-13 12:43:26 4DD0098FFAB4664DB979537C48AE055F 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-05-13 12:43:26 40C5EA47D4AEC96249B09BF0C076A60C 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-05-13 12:43:26 2292CD8500725B94B7D2E3C0C84F2D19 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-05-13 12:43:26 0D9BDBE780DD81757AC5AF87E8B1EBEC 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-05-13 12:43:25 D205305FB0E352A9D4CF922D6A016BF4 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-05-13 12:43:25 ADC2D7B5BFF277E5A9FACE6A21A24ABC 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-05-13 12:43:25 50EBA6640805F6D5EF4A0DCEF2D180AB 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-05-13 12:43:24 AF278DB00C43E925E58C8CA2C0CF4C71 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-05-13 12:43:24 90293AAC2AB0908BFF98ADB89CEBC931 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-05-13 12:43:24 7A448B8CED7F7348C36159D5CC8E19ED 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-05-13 12:43:23 90DC7B112F946B412C9CDC6F459F4053 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-05-13 12:43:01 E612E86FA15EA1EF9A52433A2743C447 1179136 ----a-w- C:\Windows\Sysnative\FntCache.dll 2015-05-13 12:43:01 D858C33B133740D5F1F1CF71C33F6355 3204608 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-05-13 12:43:01 490505F6E53EF046EC70A353BC9CD615 1647104 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-05-13 12:42:57 E5404072A5A9E0B452ADDF1D1339176C 2543104 ----a-w- C:\Windows\Sysnative\wpdshext.dll 2015-05-13 12:42:54 C7E50B04623FC6FF54EAF88938A8936E 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe 2015-05-13 12:42:49 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe 2015-05-13 12:42:49 83BFCCAC53795E8A5055A93672D0C46C 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll 2015-05-13 12:42:49 7E21D3072EB20D5400919D435D549A9B 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll 2015-05-13 12:42:49 31D260ADAF1CCFEFC49DB9FBCE9986DA 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll 2015-05-13 12:42:46 97EC5A7687742297BE7D31163CD86738 19291136 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-05-13 12:42:39 86DB2157AE231B30C1FAC7426AB95B82 15414784 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-05-13 12:42:36 1AE81E63F2B5030C874E89E5E667AAEC 2237440 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-05-13 12:42:35 F8CCAE0AE956F119C6EFECB504D93FF6 1409536 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-05-13 12:42:35 68501FB2A0222B911176EB94EBB98CFE 2656768 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-05-13 12:42:35 10B0D9CB7B39E337E4A3EC40F16331E9 856064 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-05-13 12:42:34 4F7B2F763F14FDCEC2B85BB6E0FDE70F 601600 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-05-13 12:42:34 38EBD11426B4891D2DBF0D62499BB9AD 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-05-13 12:42:33 9ECEAE1A5A6DC821AA25E044BE6AB8E5 441856 ----a-w- C:\Windows\Sysnative\html.iec 2015-05-13 12:42:33 4B70F8851C197DB31DE09F2CCF8A2D89 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-05-13 12:42:32 206597E0D4C5745A8FFC12245DA0F158 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2015-05-13 12:42:32 1CDEEEA83AD86546DCCD25C8A951B67A 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-05-13 12:42:31 E3822AF52706C0E0643611718997FD16 451584 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-05-13 12:42:31 D5BB4B0B9455EAF5ADA0E5A08DD76CB4 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-05-13 12:42:31 AB173B1FB26672ABDA7475ADAB1608AC 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-05-13 12:42:31 A830225A40FD8E0A2435C1EBE3F963FC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-05-13 12:42:31 80336B9BD238FD950D9A04E2E4BC19C8 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-05-13 12:42:31 7CC41B811CBA2F8C251C403677B6104B 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-05-13 12:42:31 646F847078FDFAC6729D88C6F9B334CB 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-05-13 12:42:31 641B5A16EC9AF43B404ABC3BBBF8E41B 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-05-13 12:42:31 2AC38CD231D54600D5F3D3E495BE0C57 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-05-13 12:42:31 284538F66C8345CBE7EA2F04A310E44D 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-05-13 12:42:31 0CB5EA568A4D41393CBABB24EC9123A4 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2015-05-13 12:42:30 8C5E738752A30A871170FB3E34994909 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb ====== C:\Windows\Sysnative\drivers ===== 2015-05-13 12:43:27 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-05-13 12:43:27 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-05-22 14:39:23 813738110E775E72EFBA752B238381C0 3370 ----a-w- C:\Windows\Sysnative\Tasks\PCDoctorBackgroundMonitorTask-Delay 2015-05-22 14:39:22 7474DEBEABACFEF85FEEAF6E27EAB482 528 ----a-w- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job 2015-05-21 16:50:17 4C600A3E10BEEE7C84E7D9C07D01D1E7 3342 ----a-w- C:\Windows\Sysnative\Tasks\SpyHunter4Startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-05-20 17:33:35 -------- d-----w- C:\PROGRA~2\CinemaPlus-3.2cV20.05 2015-05-20 17:31:26 -------- d-----w- C:\PROGRA~2\Infonaut_1.10.0.14 2015-05-20 17:16:27 -------- d-----w- C:\PROGRA~2\GUPlayer 2015-05-18 15:45:43 -------- d-----w- C:\PROGRA~2\Lavasoft ======= C: ===== 2015-05-21 16:50:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Dokter\AppData\Roaming ====== 2015-05-20 17:32:39 -------- d-----w- C:\Users\Dokter\AppData\Local\Crossbrowse 2015-05-18 15:47:40 -------- d-----w- C:\Users\Dokter\AppData\Local\Lavasoft 2015-05-18 15:47:32 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService 2015-05-18 15:40:43 -------- d-----w- C:\Users\Dokter\AppData\Roaming\Lavasoft 2015-05-18 15:01:04 -------- d-----w- C:\Users\Dokter\AppData\Roaming\Scan2PDF ====== C:\Users\Dokter ====== 2015-05-21 19:44:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Dokter\Downloads\RSITx64(1).exe 2015-05-21 19:29:50 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Dokter\Downloads\RSITx64.exe 2015-05-21 16:50:17 -------- d-----w- C:\Users\Dokter\Start Menu 2015-05-21 16:49:00 55BA68218A5BA7A7FCE6E16535640B04 3044736 ----a-w- C:\Users\Dokter\Downloads\SpyHunter-installer.exe 2015-05-20 17:33:44 E201E1AB57839E738097A89AA828C0EC 243480 ----a-w- C:\Users\Dokter\Downloads\Firefox Setup Stub 38.0.1.exe 2015-05-20 17:32:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse 2015-05-18 15:46:21 -------- d-----w- C:\ProgramData\PDF Architect 3 2015-05-18 15:45:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-05-18 15:40:43 -------- d-----w- C:\ProgramData\Lavasoft 2015-05-18 15:38:51 BA3ED253BADFDF8FE4AF9E957B657DB4 457048 ----a-w- C:\Users\Dokter\Downloads\PDFCreatorWebSetup [1].exe ====== C: exe-files == 2015-05-22 07:33:20 CCAF0DCB4BEF3FCD615E15B46B22F349 6714960 ----a-w- C:\Program Files (x86)\Google\Update\Install\{CB4E3676-C6B6-4EDE-A629-EC5CD1399FD0}\43.0.2357.65_42.0.2311.152_chrome_updater.exe 2015-05-22 07:33:20 CCAF0DCB4BEF3FCD615E15B46B22F349 6714960 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.65\43.0.2357.65_42.0.2311.152_chrome_updater.exe 2015-05-21 19:45:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Véronique.exe 2015-05-21 19:44:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Dokter\Downloads\RSITx64(1).exe 2015-05-21 19:29:50 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Dokter\Downloads\RSITx64.exe 2015-05-21 16:49:00 55BA68218A5BA7A7FCE6E16535640B04 3044736 ----a-w- C:\Users\Dokter\Downloads\SpyHunter-installer.exe 2015-05-20 17:33:44 E201E1AB57839E738097A89AA828C0EC 243480 ----a-w- C:\Users\Dokter\Downloads\Firefox Setup Stub 38.0.1.exe 2015-05-20 17:33:41 8DF6560ADF608ECDCE5CAF299062A135 46080 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateOnDemand.exe 2015-05-20 17:33:41 6419BCBF0B2569AACF4023942EADFCB8 46080 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateBroker.exe 2015-05-20 17:33:41 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdateCrashHandler.exe 2015-05-20 17:33:41 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\Dokter\AppData\Local\Temp\comh.121925\globalupdate.exe 2015-05-20 17:32:57 3728BDFD965107AA99798A76253610FC 13811544 ----a-w- C:\Users\Dokter\AppData\Local\Temp\3541.exe 2015-05-20 17:31:48 875D1153314632D8D6B6F06255EA9CAE 1918040 ----a-w- C:\Users\Dokter\AppData\Local\Temp\9553.exe 2015-05-20 17:16:30 ED69001226B4516423FECAD14B02FABC 636552 ----a-w- C:\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe 2015-05-20 17:16:27 CF99A6B67F8A4BAFA64775BD7CD49EEB 5794144 ----a-w- C:\Users\Dokter\AppData\Local\Temp\optprosetup.exe 2015-05-20 17:05:40 D76DE0BF1C1308D08AD592C9A79E6BF1 4311888 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1386569922-1583113225-2031889642-1000\$RRV80QN\Scan to PDF\scantopdf_trial.exe 2015-05-18 15:47:47 727602958ADF261B5ABBCBA93C823980 102400 ----a-w- C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\CertUtils\certutil.exe 2015-05-18 15:46:21 113B1E1BE39278A17E4DEC03D5F60D0B 10752216 ----a-w- C:\ProgramData\PDF Architect 3\Installation\PDFArchitect3Installer.exe 2015-05-18 15:38:51 BA3ED253BADFDF8FE4AF9E957B657DB4 457048 ----a-w- C:\Users\Dokter\Downloads\PDFCreatorWebSetup [1].exe 2015-05-18 15:01:01 7F0456477429E2DB4E961D351DC3DA7E 1543680 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1386569922-1583113225-2031889642-1000\$RRV80QN\Scan2PDF.exe 2015-05-15 17:52:47 F6EEE6848E933962E12E7B3F25C73C88 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe 2015-05-15 17:52:47 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe 2015-05-15 17:52:47 6732C4A894855042FD3618406B6BBD48 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe 2015-05-15 17:52:47 0894890F30B5F6510DF953BC50B5504F 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe 2015-05-15 17:52:40 BB3045B399D898061B926B447C446E05 127816 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe 2015-05-15 17:52:40 6509A96DAE25340772B51AC020CB1094 304968 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe 2015-05-15 17:52:39 8715A0D10CFFC8DEE923957F07DAA042 244040 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe 2015-05-15 17:52:39 0C03FB91E17987EED93F60007B08DAA0 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe 2015-05-15 17:52:35 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{B8869490-FE57-4231-96E1-6F234E14B50A}\GoogleUpdateSetup.exe 2015-05-15 17:52:35 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe === C: other files == 2015-05-21 16:50:59 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2015-05-20 17:42:17 A41C2A5EC4F495BC748017FF0BF913A4 176614 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip 2015-05-20 17:42:17 7705794B4A3B964C217D63988276D3E1 1419267 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip 2015-05-20 17:33:59 593F34D050417C597FDAA95389B89E3B 9634 ----a-w- C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\8tghpy5z.default\extensions\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}.xpi 2015-05-18 15:47:41 7469538D879ECAA7F094E6CD4FB8364F 643 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip 2015-05-18 15:47:38 AD2B8BC22259A8DBA5BDA074DBDD60D7 1840349 ----a-w- C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\CertUtils.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1386569922-1583113225-2031889642-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize" "GoogleChromeAutoLaunch_052FD0D7E121C86B81E529B22E0D4608"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize" "GoogleChromeAutoLaunch_052FD0D7E121C86B81E529B22E0D4608"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "ISUSPM"="C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "MSU"="c:\\Program Files\\MedSecure\\MSU.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALCKRESI.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ALCKRESI.EXE" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\AutoLock\\ALCKRESI.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsMon00] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrStsMon00" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter4] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter4" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ControlCenter4\\BrCcBoot.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUs Tray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\TrayNotify.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EaseUs Watch" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\EuWatch.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\IndexSearch.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LENOVO.TPKNRRES] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LENOVO.TPKNRRES" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\Communications Utility\\TPKNRRES.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PaperPort PTD" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\pptd40nt.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF5 Registry Controller] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDF5 Registry Controller" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nuance\\PDF Viewer Plus\\RegistryController.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFHook] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDFHook" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nuance\\PDF Viewer Plus\\pdfpro5hook.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPort12reminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PPort12reminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\12\\Config\\Ereg\\Ereg.ini\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWMTRV] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWMTRV" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~2\\ThinkPad\\UTILIT~1\\PWMTR64V.DLL,PwrMgrBkGndMonitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RotateImage] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RotateImage" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Integrated Camera Driver\\X64\\RCIMGDIR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sophos AutoUpdate Monitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sophos AutoUpdate Monitor" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sophos\\AutoUpdate\\almon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPHOTKEY] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TPHOTKEY" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\HOTKEY\\TPOSDSVC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TpShocks] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TpShocks" "hkey"="HKLM" "command"="TpShocks.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "item"="Bluetooth" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\ThinkPad\\BLUETO~1\\BTTray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "IgfxTray"="C:\\Windows\\system32\\igfxtray.exe" "Persistence"="C:\\Windows\\system32\\igfxpers.exe" "HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe" ==== Startup Folders ====================== 2015-05-20 17:32:48 2429 ----a-w- C:\Users\Dokter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/09/2012 21:17] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/09/2012 21:17] C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job --a------ C:\Program Files\PC-Doctor\uaclauncher.exe [27/06/2011 17:06] C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job --a------ C:\Program Files\PC-Doctor\uaclauncher.exe [27/06/2011 17:06] C:\Windows\tasks\SystemToolsDailyTest.job --a------ C:\Program Files\PC-Doctor\uaclauncher.exe [27/06/2011 17:06] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MCP" ["C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe"] "C:\Windows\SysNative\tasks\PCDEventLauncher" ["C:\Program Files\PC-Doctor\sessionchecker.exe"] "C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" [C:\Program Files\PC-Doctor\uaclauncher.exe] "C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask-Delay" [C:\Program Files\PC-Doctor\uaclauncher.exe] "C:\Windows\SysNative\tasks\PMTask" [C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe] "C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\Windows\SysNative\tasks\SystemToolsDailyTest" [C:\Program Files\PC-Doctor\uaclauncher.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\TVT\TVSUUpdateTask" ["C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [26/04/2015 11:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\8tghpy5z.default - Edu App 1.0.1 - %ProfilePath%\extensions\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}.xpi ProfilePath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default - Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Belgium eID - %AppDir%\extensions\belgiumeid.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\8tghpy5z.default 3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default 3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6 2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.152 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/03/2015 15:04] Avast Online Security - Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Slides - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Edu App - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbkgfcadlapbbofghpgheommkldfie Google Sheets - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda CinemaPlus-3.2cV20.05 - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp Gmail - Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp deleted successfully C:\Users\Dokter\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbkgfcadlapbbofghpgheommkldfie deleted successfully C:\Users\Dokter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_egbbkgfcadlapbbofghpgheommkldfie_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10028_BE_150518__yaie" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336" "Start Page"="http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336" "Start Page"="http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CA329CEAEB3CC7A4C8BE86228C88FCE2 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\addrbook.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brccboot.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brinstck.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brmfrmss.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brolink0.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brscutil.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brstmonw.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\faxrx.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isoexport.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdlauncher.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfxset.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsu.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windvd.exe deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEC923AC-C3BE-4A7C-8CEB-6822C888CF2E} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEC923AC-C3BE-4A7C-8CEB-6822C888CF2E}_WebCompanion deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5916A24B-59A4-4FDB-9753-499CB1F65362} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_be_199_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV20.05 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\CA329CEAEB3CC7A4C8BE86228C88FCE2 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B42A61954A95BDF4793594C91B6F3526 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_052FD0D7E121C86B81E529B22E0D4608] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe O23 - Service: OmegaSoft Card Reader Server (CardReaderServer) - Unknown owner - C:\Program Files (x86)\OmegaSoft\Card Reader\OSCRDSVC.EXE O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: Infonaut 1.10.0.14 Client Service (insvc_1.10.0.14) - Unknown owner - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Unknown owner - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing) O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dokter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dokter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Dokter\AppData\Local\Mozilla\Firefox\Profiles\pw0fy9o3.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Dokter\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache emptied successfully C:\Users\Dokter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=763 folders=148 581422761 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Dokter\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dokter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\CinemaPlus-3.2cV20.05" not found "C:\Program Files (x86)\Infonaut_1.10.0.14" not found ==== EOF on 22/05/2015 at 18:49:05,48 ======================