Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by M on zo 24/05/2015 at 19:55:07,51. Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\M\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24/05/2015 20:03:05 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\AVS4YOU deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\Common Files\Sony Shared deleted successfully C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\PROGRA~2\CorelDRAW Essentials Suite X5 deleted successfully C:\Users\M\AppData\Roaming\Canon deleted successfully C:\Users\M\AppData\Roaming\dlg deleted successfully C:\Users\M\AppData\Roaming\RemoteDrive deleted successfully C:\Users\M\AppData\Roaming\TP deleted successfully C:\Users\M\AppData\Roaming\WandoujiaUsbDriver deleted successfully C:\Users\M\AppData\Local\DriverTuner deleted successfully C:\Users\M\AppData\Local\FSP deleted successfully C:\Users\M\AppData\Local\photoOptimizeHistoryDataBase deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{16C34878-8D99-4910-9C0E-4B96290A89EC} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B90E4D2C-B528-4B2D-8989-8A18695E3F0B} deleted successfully HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.14) MUI Adobe Refresh Manager Albelli.be Fotoboeken AM Usb Card Reader Driver AOP Framework Ashampoo Photo Commander Ashampoo Snap Belgium e-ID middleware 4.0.7 (build 7453) Canon Easy-PhotoPrint EX Canon IJ Network Scan Utility Canon IJ Network Tool Canon MP980 series MP Drivers Contr“le ActiveX Windows Live Mesh pour connexions … distance CyberLink LabelPrint CyberLink Power2Go CyberLink PowerDVD 10 CyberLink YouCam CyberLink YouPaint D3DX10 Finger Sensing Pad Driver Fresco Logic USB3.0 Host Controller Galerˇa fotogr fica de Windows Live Galerie de photos Windows Live Google Chrome Google Toolbar for Internet Explorer Google Update Helper Intel PROSet Wireless Intel(R) Graphics Media Accelerator Driver Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel(R) PROSet/Wireless WiFi Software Java 7 Update 67 Java 8 Update 45 Java Auto Updater Junk Mail filter update Medion Home Cinema Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft OneDrive Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileWiFi MSVCRT MSXML 4.0 SP2 (KB973688) mystartsearch uninstall Pixum Fotoboek Ralink RT2870 Wireless LAN Card Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Remote Drive 2.1.1.259(P) Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Skype Click to Call Skype Web Plugin SkypeT 7.4 Spelling Dictionaries Support For Adobe Reader X Stuurprogrammapakket voor Windows - Fedict SmartCard (03/25/2014 4.0.7.4) TomTom HOME TomTom HOME Visual Studio Merge Modules Visual Studio C++ 10.0 Runtime Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Resources Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Xirrus Wi-Fi Inspector ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\ProgramData\DatacardService\HWDeviceService.exe C:\Program Files\XTab\ProtectService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\DatacardService\DCSHelper.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Bluetooth\mediasrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\M\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k utcsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Program Files\AVS4YOU not found {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} not found C:\PROGRA~2\CorelDRAW Essentials Suite X5 not found C:\Users\M\AppData\Roaming\mystartsearch deleted C:\Users\M\.android deleted C:\PROGRA~2\IHProtectUpDate deleted C:\PROGRA~2\WindowsMangerProtect deleted C:\Users\M\AppData\Local\FileTypeAssistant deleted C:\Users\M\AppData\Local\globalUpdate deleted C:\Windows\system32\config\systemprofile\AppData\Local\FileTypeAssistant deleted C:\Users\M\Downloads\rcpsetupst_RC1_ZZ_L_1.exe deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\sho60E4.tmp deleted C:\Windows\System32\sho8249.tmp deleted "C:\Program Files\XTab\SupTab.dll" deleted "C:\Program Files\XTab" not deleted ==== System Specs ====================== Windows: Windows 7 Starter Edition Service Pack 1 (Build 7601) Memory (RAM): 1015 MB CPU Info: Intel(R) Atom(TM) CPU N570 @ 1.66GHz CPU Speed: 522.1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) Graphics Media Accelerator 3150 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1024 X 600 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Wireless-N 130 | Realtek PCIe FE Family Controller | Bluetooth Device (Personal Area Network) CD / DVD Drives: No optical drives found. Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 201.8GB | D: 28.0GB | Q: 0.0MB Hard Disks - Free: C: 12.0GB | D: 13.0GB | Q: 0.0MB Manufacturer *: H90MB BIOS Info: AT/AT COMPATIBLE | 08/16/32 | MEDION - 20110424 Time Zone: Romance (standaardtijd) Motherboard *: Medion E122X Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 43.0.2357.65 Internet Explorer Version: 11.0.9600.17801 Google Chrome version: 43.0.2357.65 Adobe Reader version: 10.1.14.11 Sun Java version: 1.8.0_45 (32-bit) Flash Player version: 10.2.153.1 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\M\AppData\Local\Temp ==== 2015-05-18 08:20:38 F4474EE9CF0F246F068A720A3A9807F3 220672 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\npglobalupdateUpdate4.dll 2015-05-18 08:20:38 A9ECA902185F41CF0FDEF207705B8C8C 155648 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\psuser.dll 2015-05-18 08:20:38 613B73392333921CB5D6455F28BBB77C 155648 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\psmachine.dll 2015-05-18 08:20:37 E4D152690272A4D782B66024DBE95111 761856 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\goopdate.dll 2015-05-18 08:20:36 F3E0BCAC0A50EA3B7571407A7DA325C7 32768 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateHelper.msi 2015-05-18 08:20:36 8DF6560ADF608ECDCE5CAF299062A135 46080 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateOnDemand.exe 2015-05-18 08:20:35 6419BCBF0B2569AACF4023942EADFCB8 46080 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateBroker.exe 2015-05-18 08:20:35 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdate.exe 2015-05-18 08:20:34 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateCrashHandler.exe 2015-05-17 21:20:47 41594BD2505E13E4EEE1951005D01220 73229 ----a-w- C:\Users\M\AppData\Local\Temp\DLG_SY0X6ukc\exe\d39beb6051796658ddce90a8b0615bfd\WebProtectPD.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-05-20 09:29:02 B01B8C949EDEC1B8A856E3056BDA7C42 1372160 ----a-w- C:\Windows\System32\dwmcore.dll 2015-05-20 09:28:53 F7F135F7702E0FB3EFE89283E2BE2EBB 67584 ----a-w- C:\Windows\System32\dwmapi.dll 2015-05-18 08:20:33 0BB0A141F3D85AE970D70CD0CF6F19BD 4 ----a-w- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 2015-05-18 07:12:53 D8AAE88C042C04776FBAE040436363CA 177 ----a-w- C:\Windows\System32\SetupComponents.exe 2015-05-14 10:06:22 6EC244F102C7F129678E5F7309D1366D 909312 ----a-w- C:\Windows\System32\FntCache.dll 2015-05-14 10:06:20 C22AB1781BC6F0BB1C9B352CF66DBFFC 1250816 ----a-w- C:\Windows\System32\DWrite.dll 2015-05-14 10:06:19 E62FA8858669B48E66DA21C366257F64 2382336 ----a-w- C:\Windows\System32\win32k.sys 2015-05-13 09:03:21 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 06:47:37 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\System32\wpdshext.dll 2015-05-13 06:46:55 47DE8B7A482D4BABBCC70C0199E35881 36864 ----a-w- C:\Windows\System32\UtcResources.dll 2015-05-13 06:46:54 E95DE5B790B2D16706DAC8472E51F31A 851456 ----a-w- C:\Windows\System32\diagtrack.dll 2015-05-13 06:46:52 8D50ED3F0FBE3590AB0D43BF7B60E57A 3989440 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-05-13 06:46:49 0A66C88B087249742381924AB8F9EFCC 3934144 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-05-13 06:46:47 D0F574320615303ADECDCB452EBB8930 635392 ----a-w- C:\Windows\System32\tdh.dll 2015-05-13 06:46:45 7410C9F088E4F13C981F981B52475B5E 1307648 ----a-w- C:\Windows\System32\ntdll.dll 2015-05-13 06:46:40 7A5824DC9A85FCE4334F57FF0795853E 641536 ----a-w- C:\Windows\System32\advapi32.dll 2015-05-13 06:46:39 D362BFE84A44A442CB6B8CBFE6DE027D 1061376 ----a-w- C:\Windows\System32\lsasrv.dll 2015-05-13 06:46:38 EB058143B57ED460AC4F2DFBA104BBFF 364544 ----a-w- C:\Windows\System32\tracerpt.exe 2015-05-13 06:46:37 7CC0547B9FD90649731E021DA2763086 400896 ----a-w- C:\Windows\System32\srcore.dll 2015-05-13 06:46:36 54A01CC4BC47B31C5CD082D064AB37BC 550912 ----a-w- C:\Windows\System32\kerberos.dll 2015-05-13 06:46:34 C6D2D384B6232B0B800234C03C50979F 82944 ----a-w- C:\Windows\System32\logman.exe 2015-05-13 06:46:34 8C45A65ED20B487085B79EEFCC08D160 92160 ----a-w- C:\Windows\System32\sechost.dll 2015-05-13 06:46:33 7E9A03C1B76CB8A222C9AB232B3118D9 262656 ----a-w- C:\Windows\System32\rstrui.exe 2015-05-13 06:46:32 66D6A06936088E412E29A182679F0D71 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2015-05-13 06:46:31 850F756363237A2EB069B9B25EF8BEC3 172032 ----a-w- C:\Windows\System32\wdigest.dll 2015-05-13 06:46:31 03CD13A169C19558F637C2F36B974BDA 69632 ----a-w- C:\Windows\System32\smss.exe 2015-05-13 06:46:30 0B6E937863837BA3383E9CE9200DDF1E 221184 ----a-w- C:\Windows\System32\ncrypt.dll 2015-05-13 06:46:29 74C0EC1257698176E288DA282F318E1C 40448 ----a-w- C:\Windows\System32\typeperf.exe 2015-05-13 06:46:28 FCB1C8345C794FE89ABA03B4CA3131BB 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2015-05-13 06:46:28 97B30711DC6CA0EA4EACEDCE8080A3B4 37888 ----a-w- C:\Windows\System32\relog.exe 2015-05-13 06:46:26 5DCF39695CD614B162330F5AC27C4654 38912 ----a-w- C:\Windows\System32\csrsrv.dll 2015-05-13 06:46:25 AFFE5747054D03F8CEE18A8518A9AA34 50176 ----a-w- C:\Windows\System32\auditpol.exe 2015-05-13 06:46:24 1667D76FBF42B24B9DE3E8B0A7CF06BE 22528 ----a-w- C:\Windows\System32\lsass.exe 2015-05-13 06:46:23 6C427298E65C1430D232A0529ED9B18E 100352 ----a-w- C:\Windows\System32\sspicli.dll 2015-05-13 06:46:21 F286528898342F0F1EB402606750C391 17408 ----a-w- C:\Windows\System32\diskperf.exe 2015-05-13 06:46:19 ABA025664F9F42C568B2C022AADCB18F 43008 ----a-w- C:\Windows\System32\srclient.dll 2015-05-13 06:46:16 99A508910BB06DFBE99D9AF7D6B4E950 22016 ----a-w- C:\Windows\System32\secur32.dll 2015-05-13 06:46:14 ECB7366ED80E349436FC495A77EAF24C 15872 ----a-w- C:\Windows\System32\sspisrv.dll 2015-05-13 06:46:14 79AF005633B7E41B7A194A7E7B9D3D93 17408 ----a-w- C:\Windows\System32\credssp.dll 2015-05-13 06:46:12 9638DA21E965E23C85C4319F3F66D824 6656 ----a-w- C:\Windows\System32\apisetschema.dll 2015-05-13 06:46:10 D079A408CC3E22A09D1260A6F18FC0FD 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-05-13 06:46:10 86B2AC15999BB4F8B5C84AB6154A1783 686080 ----a-w- C:\Windows\System32\adtschema.dll 2015-05-13 06:46:09 BF9BB4113E9FCDABD4C703DDD06293F3 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-05-13 06:44:25 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\System32\certcli.dll 2015-05-13 06:44:25 2665A3D34D1C62DF303723422215B001 248832 ----a-w- C:\Windows\System32\schannel.dll 2015-05-13 06:43:23 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\System32\apphelp.dll 2015-05-13 06:43:23 12E6A172D72AFC626727B8635DD17E39 62464 ----a-w- C:\Windows\System32\aelupsvc.dll 2015-05-13 06:43:22 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\System32\shimeng.dll 2015-05-13 06:43:22 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\System32\sdbinst.exe 2015-05-13 06:43:15 746BBC86351D07859D8B40056447F7B2 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-05-13 06:43:14 FE8453CD0ABE1F1D42A545CCDEBEB044 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-05-13 06:43:14 9025CA7BCD6B7956366FC90B3D6E3933 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2015-05-13 06:43:12 D5EFD1C5F5BB4F7D52D1F77FBBD2342E 685568 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-05-13 06:43:12 C3120D99E6DA7878A1DD2D88138AC60A 30720 ----a-w- C:\Windows\System32\iernonce.dll 2015-05-13 06:43:10 2AB830C47C6C59F378B13BF8233C1D74 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-05-13 06:43:09 AA2F2D55DEF98007839D0189D721D70B 1310208 ----a-w- C:\Windows\System32\urlmon.dll 2015-05-13 06:43:09 6388FC82897DDDA607BBE3580D75AE15 342736 ----a-w- C:\Windows\System32\iedkcs32.dll 2015-05-13 06:43:07 3CE5DE0730C22A54FE783DB8A989E8BD 47104 ----a-w- C:\Windows\System32\jsproxy.dll 2015-05-13 06:43:06 1BBC9CFD29A62D80FB77BB69BFF7513C 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-05-13 06:43:05 CC4974FCF9387F32A0FF87BCE093A5AD 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-05-13 06:43:05 5AAC24BF6C4A54DA526CC6244DEBE227 418304 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-05-13 06:43:04 C2EB0AA5570CF8BC881B36EE55A59337 688640 ----a-w- C:\Windows\System32\msfeeds.dll 2015-05-13 06:43:04 63A2E3E9C771B1D4D7D84942D6FCB661 710144 ----a-w- C:\Windows\System32\ieapfltr.dll 2015-05-13 06:43:03 28313FF0DE83EAD8F5EF1B963D9078C3 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2015-05-13 06:43:01 136687227F11CE928CB05F4FD90319AC 2052608 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-05-13 06:43:00 37625FC1DAF886F1980E2D8F315B93AC 168960 ----a-w- C:\Windows\System32\msrating.dll 2015-05-13 06:42:59 E993B5E929F46A52E9F4EB68A7855CDF 62464 ----a-w- C:\Windows\System32\iesetup.dll 2015-05-13 06:42:56 CB5F450D21B9D76B7F01D006E4AEDB40 1882112 ----a-w- C:\Windows\System32\wininet.dll 2015-05-13 06:42:56 9EA5751205B65A11CC4C3F9FE353B5F3 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2015-05-13 06:42:53 7B4FA4B41FBDBB12C5038FCB6E6652AA 285696 ----a-w- C:\Windows\System32\dxtrans.dll 2015-05-13 06:42:52 BCFA71A878903B5F92A7AFEFCCC5CA97 478208 ----a-w- C:\Windows\System32\ieui.dll 2015-05-13 06:42:51 0E22CD36FC3292CB812CC46CBCFD8444 12828672 ----a-w- C:\Windows\System32\ieframe.dll 2015-05-13 06:42:47 07E82A31808C8BC053D1DE547082C58F 341504 ----a-w- C:\Windows\System32\html.iec 2015-05-13 06:42:45 CFCB89C0FE8EF502A7934C0D20E5DBD6 76288 ----a-w- C:\Windows\System32\mshtmled.dll 2015-05-13 06:42:43 1C5C5B5EF9CFDFC897D4549A2385DB3A 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2015-05-13 06:42:42 8C00AB01B1BC1E2F69765776BBC5A5D1 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll 2015-05-13 06:42:40 C525258A00ECFB4CE089F54C163268C3 2278400 ----a-w- C:\Windows\System32\iertutil.dll 2015-05-13 06:42:35 D74445161E58644309F858342F5E265C 19691008 ----a-w- C:\Windows\System32\mshtml.dll 2015-05-13 06:42:30 6E2B4875B968324E5844F35A37A79260 4305920 ----a-w- C:\Windows\System32\jscript9.dll 2015-05-13 06:42:28 F2DB87F164BC13AB8EF90FBF5D866B65 664576 ----a-w- C:\Windows\System32\jscript.dll 2015-05-13 06:42:27 C1A32612710492D0C3339E46EC15E333 504320 ----a-w- C:\Windows\System32\vbscript.dll 2015-05-13 06:42:13 0780A42DBD7D9969F9BF4A19AA4285B5 259072 ----a-w- C:\Windows\System32\services.exe 2015-05-13 06:42:00 418AEC0CE89A13200F2820079B9CDFD9 216064 ----a-w- C:\Windows\System32\InkEd.dll 2015-05-13 06:38:18 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\System32\poqexec.exe ====== C:\Windows\system32\drivers ===== 2015-05-13 06:46:37 76C0D35167B1369C68388FEDB56A3048 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-05-13 06:46:37 6DD2A1064DD8AFBED22E71176E2AF59B 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-27 09:56:28 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys ====== C:\Windows\Tasks ====== 2015-05-18 09:01:02 8936BB3D3191711FF842054B03AE8CC8 3150 ----a-w- C:\Windows\system32\Tasks\{21396993-D10E-4124-837C-C3076547AEF5} 2015-05-13 05:40:12 F64A2D5E9C1762DEAFBEB4978044D22B 3874 ----a-w- C:\Windows\system32\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-22 08:49:43 -------- d-----w- C:\Program Files\trend micro 2015-05-17 21:19:26 -------- d-----w- C:\Program Files\XTab 2015-04-27 09:42:50 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Users\M\AppData\Roaming ====== ====== C:\Users\M ====== 2015-05-22 08:48:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\M\Downloads\RSIT.exe 2015-05-19 08:27:16 4647CF365B75257A2F8438E2CADE937B 3027600 ----a-w- C:\Users\M\Downloads\k9pcfsetup_2680 (1).exe 2015-05-19 08:26:52 4647CF365B75257A2F8438E2CADE937B 3027600 ----a-w- C:\Users\M\Downloads\k9pcfsetup_2680.exe ====== C: exe-files == 2015-05-23 08:16:41 CCAF0DCB4BEF3FCD615E15B46B22F349 6714960 ----a-w- C:\Program Files\Google\Update\Install\{32D78CFF-9D93-417C-A6B7-C7360AE8C9F0}\43.0.2357.65_42.0.2311.152_chrome_updater.exe 2015-05-23 08:16:35 CCAF0DCB4BEF3FCD615E15B46B22F349 6714960 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.65\43.0.2357.65_42.0.2311.152_chrome_updater.exe 2015-05-22 09:12:10 B0DC4162D258C923C09F1252C711F518 7676608 ----a-w- C:\Users\M\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2015-05-22 09:12:10 B0DC4162D258C923C09F1252C711F518 7676608 ----a-w- C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\OneDriveSetup.exe 2015-05-22 09:11:48 8FD3DD661931A54C29188DE51090B7E1 149704 ----a-w- C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncConfig.exe 2015-05-22 08:49:44 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\M.exe 2015-05-22 08:48:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\M\Downloads\RSIT.exe 2015-05-20 12:22:42 5C7CA5D6AC5E06F369A44D059E4DFF8D 447920 ----a-w- C:\Users\M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BT35QFD2\picexa[1].exe 2015-05-19 08:27:16 4647CF365B75257A2F8438E2CADE937B 3027600 ----a-w- C:\Users\M\Downloads\k9pcfsetup_2680 (1).exe 2015-05-19 08:26:52 4647CF365B75257A2F8438E2CADE937B 3027600 ----a-w- C:\Users\M\Downloads\k9pcfsetup_2680.exe 2015-05-18 08:20:36 8DF6560ADF608ECDCE5CAF299062A135 46080 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateOnDemand.exe 2015-05-18 08:20:35 6419BCBF0B2569AACF4023942EADFCB8 46080 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateBroker.exe 2015-05-18 08:20:35 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdate.exe 2015-05-18 08:20:34 3C14AAE26EA06BADAC98520773772CEB 68608 ----a-w- C:\Users\M\AppData\Local\Temp\comh.317176\globalupdateCrashHandler.exe 2015-05-17 21:20:47 41594BD2505E13E4EEE1951005D01220 73229 ----a-w- C:\Users\M\AppData\Local\Temp\DLG_SY0X6ukc\exe\d39beb6051796658ddce90a8b0615bfd\WebProtectPD.exe 2015-05-17 21:19:41 0F803BAAA7607457AAE0A34312CC7618 398160 ----a-w- C:\Users\M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YHL12JX\download-freefileviewer (1).exe 2015-05-17 21:16:59 C00085400ED1E87B017DF1B9EA533C09 398160 ----a-w- C:\Users\M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YHL12JX\download-freefileviewer.exe === C: other files == 2015-05-22 09:11:42 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\M\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4174719909-4000535656-3623657698-1000\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "FLxHCIm"="C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files\Intel\Bluetooth\btmshell.dll,TrayApp" "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "fspuip"="%ProgramFiles%\FSP\fspuip.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/10/2014 18:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21/10/2014 18:40] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\{1F9770BB-38FA-4289-BAA7-DC10D8D39A97}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{41DFAD9C-E866-4682-9614-37D71E1129F5}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\{CDA490B4-6755-4B85-B18A-3C1B81BBBA47}" ["c:\program files\google\chrome\application\chrome.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [12/07/2014 17:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\M\AppData\Roaming\TomTom\HOME\Profiles\328qcwm9.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.65 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 19:22] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[] selector is not a valid CSS selector - M\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Bookmark Manager - M\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Skype Click to Call - M\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - M\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda MapsGalaxy - M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb ==== Chromium Startpages ====================== C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Preferences uPUpza18XJlhr6jHbny4VJgSsGAOlfMSUpVi5eZDXv72kbnvqg0ZWwTfmq1FK37uQ1/ToqQIDAQAB","manifest_version":2,"name":"MapsGalaxy","permissions":["tabs","cookies","history","contextMenus","management","http://*/*","https://*/*","http://127.0.0.1/*","http://localhost/*","chrome://favicon/*","downloads"],"update_url":"https://clients2.google.com/service/update2/crx","version":"12.9.6.8621","web_accessible_resources":["toolbarUI.html","components/api/window/widgetWindow.html","components/search/html/searchSuggestions.html","common/widget-api/widgets/rss/rssWidget.html","components/moviereviews/html/movieReviews.html","common/components/embedscript/html/embedScriptTemplate.html","common/components/embedhtml/html/embedHtmlTemplate.html","common/components/menu/html/menuframe.html","common/widget-api/widgets/weather/weatherButton.html","components/supertab/html/supertab.html","common/widget-api/widgets/radio/radio-widget.html","js/widgetContentScriptInjectee.js"]},"path":"pcpehlgijbdajfafffojllcaecaecngb\\12.9.6.8621_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"Nitram1943@gmail.com","username":"Nitram1943@gmail.com"}},"homepage":"http://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE","homepage_changed":true,"homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"CB4A48413CBCA72A9AF961DE1BE696ABE017A6E8113D922207F4EED6D50C76BE"},"default_search_provider":{"keyword":"5A6E852E4C8F091ED772E725F065BAE423FF338F252D247CB50B92412733A71C","name":"BD31E54EA193FFE5F575FD3CB6A999A2A4BC9336540088900A50AC8BFA5BDF31","search_url":"53D03D0BE388FDDCE351D759E664827FAF7A436E2229F70A73E163A2D75C3B6A"},"default_search_provider_data":{"template_url_data":"0C6CBB84AD039C067D9BE5DF32C171D133318BF30A59D3A25AD121EAAB788C2A"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"E91E537ED14B6F68BAFBE0BB6B42DA43B2E79A5019D591BD9C4ADDA2A7426DC8","bepbmhgboaologfdajaanbcjmnhjmhfn":"D05988C2AD7EBBBD7AB76B6F68E7DB60A0197655EB0D31B2DA2BCD271AA961F8","cfhdojbkjhnklbpkdaibdccddilifddb":"1B2F6100F905F8F5E17C7EB4A400B90A6EC6110EAB8410FEB5B5697C720818C0","eemcgdkfndhakfknompkggombfjjjeno":"FDB5321A450BD21C048D7FD1AD125FD3D85F5720C04631DF30880B18C3082A7A","ennkphjdgehloodpbhlhldgbnhmacadg":"0E8AC422EACF32BB7C815D244DCE2258035E9606593232FC7F0E88CDBCE5A97D","gfdkimpbcpahaombhbimeihdjnejgicl":"67EB8899A74837FEFC46AC81B72F006EE172074938B99F14BB8B13408186C3BF","gmlllbghnfkpflemihljekbapjopfjik":"616D4531FE697E479AB88E00E199DBA5A5F2A22ECE02ECD894C15BBD6527DD99","kfecnpmgnlnbmipaogfhoacoioifjgko":"BE8E07E12EDBFDB20BE0448AE722204D7A3F17C1DDC92F5E5FCBA33798D0E9AF","kmendfapggjehodndflmmgagdbamhnfd":"167ACA0FA72B19F556AAEFB9F59313E01AF45F3D03CDAB66A0F94E6301EE3149","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"39E5BB0C6EFC65F1F60E588CD395E2510D00891A5A54B8064B98AB73CBC45D46","mfehgcgbbipciphmccgaenjidiccnmng":"C32F49DFA7F2FFA5BB4C6F4A7D4753757787EE5E269D8CB77726EE02C2598FA2","mgndgikekgjfcpckkfioiadnlibdjbkf":"D69E7AB972A774BA31B6BF85D483C8BE121DA12D945D5223749E0644B6E1E059","mhjfbmdgcfjbbpaeojofohoefgiehjai":"CDB6E234268FA96F9BBB8B1040D32F2841F2DFF92005A528177D72835D552FE6","neajdppkdcdipfabeoofebfddakdcjhd":"9D09ACFAB2699FC29DC7CB968389E36DC35430E62F06B2F875D4FF0EE6403D38","nkeimhogjdpnpccoofpliimaahmaaome":"15EC47864696BE737E637C70260A9F6227C1811257DD0621BDD004B5A4D53F87","nmmhkkegccagdldgiimedpiccmgmieda":"BAFE0DBEB7C771D0DE677B3461C57E593004186077B52F95E1B58AE74DD6DF79","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"1B2A6FD6A60BAA3D47FF92E2DE1F8D8C58500C03DE0646BA60E1A3C52B039393","pcpehlgijbdajfafffojllcaecaecngb":"CCABC1FFEB9AF7758B6B80B87D00AEAC2538FE991C7B2182E848F2F79CF2689A"}},"google":{"services":{"last_username":"DEA448690183849561FF2B36ED4E06FF760EC9B3F8A5D56BA4304DA9AFD9E720","username":"64F5ACD170253EB3D2EDEE65924C1E6342604AC5DBAE0EFF28BF13C8DFE94617"}},"homepage":"F7793406C9199375EAD7174AAD6B98E36591D7A54F4647CBB8D48F4F4747E68C","homepage_is_newtabpage":"054A0291B1EE8002883DD47B550078381A8D7C1A1B50955AF27F4392BA811A5F","pinned_tabs":"29BD2FEBD2C6AEFE8CC528E3BD8333274E3B53BF677E8DF0791A7E5124E100DF","prefs":{"preference_reset_time":"3F337060B38DEE82A61FCCF9D59FB943B5C711C63B561255A9A42FC0B35742D5"},"profile":{"reset_prompt_memento":"A77EF89C78490C1F1400691C6C145233E018E8C7A93119476C7E0BE5A95F9F82"},"safebrowsing":{"incidents_sent":"832096927D01FF780AC954735CF0241C9FD0A69AF664D05B3ED59A85306FAF02"},"search_provider_overrides":"A0E08851FE8F512EC3C8C64207CACA1988F45FB9FDBB96FDA1343B2E398CA063","session":{"restore_on_startup":"54D0CED64672F64BCC373301E7460DAE30E5A89BB6FAC3A3E587337E3572ABDA","startup_urls":"324F704D48B6F6DA6BC68D269C233F17F18E9B42C8A76EC193424BDC8D85802C"},"software_reporter":{"prompt_reason":"0AE2248EA18D00C55BF96A72A73F5AD8559913A799AFEA6E67EC7E1505F9A6B0","prompt_seed":"B83DE37E5658496A4FCB63A262D5B8CB7B13F4015726B4D54015B75403CA7C34","prompt_version":"09BCFB9C9003C963BF50BB85B412C7CD3C6496A8D08D40EAFE20FD187FB725DE"},"sync":{"remaining_rollback_tries":"7AD184761703EDA0417120E56E8ECEA4C0BF65AAB7C55C9464C306DAB58850FD"}},"super_mac":"9E259F95EA7FFA1B9133157B8D7B3CF48C1C44E0617C12D6121BA610F0068E30"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE","http://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC","http://www.mystartsearch.com/?type=hp&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX","http://www.google.com/","?type=hppp&ts=1432124412&from=xtab&uid=D6AA852FD2574aec8F8023DA20F2A62B"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-powerpoint.nl.softonic.com_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_microsoft-powerpoint.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage deleted successfully C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pcpehlgijbdajfafffojllcaecaecngb_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX&q={searchTerms}" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== shortcuts on Users Desktops ====================== C:\Users\M\Desktop\Albelli.be Fotoboeken.lnk - C:\Users\M\AppData\Local\Albelli.be Fotoboeken\apc.exe C:\Users\M\Desktop\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\Users\M\Desktop\Windows Live Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\M\Desktop\Wordpad.lnk - C:\Program Files\Windows NT\Accessories\wordpad.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk - C:\Program Files\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE C:\Users\Public\Desktop\Canon IJ Network Tool.lnk - C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE C:\Users\Public\Desktop\eBay.be.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Fotoshow.lnk - C:\Program Files\Pixum\Pixum Fotoboek\Fotoshow.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\Public\Desktop\Microsoft Office 2010.lnk - C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe C:\Users\Public\Desktop\MobileWiFi.lnk - C:\Users\Public\Desktop\Pixum Fotoboek.lnk - C:\Program Files\Pixum\Pixum Fotoboek\Pixum Fotoboek.exe C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk - C:\Program Files\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Burning Studio.lnk - C:\Program Files\Medion MediaPack\Ashampoo Burning Studio\burningstudio.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Photo Commander.lnk - C:\Program Files\Medion MediaPack\Ashampoo Photo Commander\apc.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Photo Optimizer.lnk - C:\Program Files\Medion MediaPack\Ashampoo Photo Optimizer\photooptimizer.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Snap.lnk - C:\Program Files\Medion MediaPack\Ashampoo Snap\ashsnap.exe ==== shortcuts in Users Start Menu ====================== C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\M\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk - C:\Program Files\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Canon IJ Network Tool.lnk - C:\Program Files\Canon\Canon IJ Network Tool\CNMNPUT.EXE C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CyberLink PowerDVD 10.lnk - C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604130000" C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Anytime Upgrade.lnk - C:\Windows\system32\WindowsAnytimeUpgradeUI.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wordpad.lnk - C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1431897513&z=32baa49efcf8eab58cd8710gcz5c9g6b8tcmcwbg6o&from=cvs&uid=HitachiXHTS543225A7A384_E242124200U3TK00U3TKX C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\eBay.be.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\M\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshell.dll",TrayApp O4 - HKLM\..\Run: [fspuip] %ProgramFiles%\FSP\fspuip.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files\MobileWiFi\MobileWiFi O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - SSODL: EldosMountNotificator-cbfs5 - {886BE196-291B-4FB4-A103-EAFD68427E12} - C:\Windows\system32\cbfsMntNtf5.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {886BE196-291B-4FB4-A103-EAFD68427E12} - C:\Windows\system32\cbfsMntNtf5.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ==== Empty IE Cache ====================== C:\Users\M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\M\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=334 folders=124 19587067 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\M\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\M\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\XTab" not found "C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb" deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 24/05/2015 at 21:12:34,22 ======================