Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Edwine on zo 26-07-2015 at 15:40:42,30. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Edwine\Desktop\zoek (1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-07-26-120454.log 666 bytes C:\zoek-results2015-07-26-120719.log 1157 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Gossiper deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\COMMON~1\PX Storage Engine deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\465ac83c00003858 deleted successfully C:\PROGRA~3\55cb00630a9f48b2a5a67e525831ec1b deleted successfully C:\PROGRA~3\5aae4531dc23473f8da7a5bac9f3a51f deleted successfully C:\PROGRA~3\{073730B2-6CAE-4854-85C6-D25002372130} deleted successfully C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC} deleted successfully C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully C:\PROGRA~3\{657095DF-DBDB-4B17-8245-B38845C97069} deleted successfully C:\PROGRA~3\{8D274659-3D84-4410-A197-C170D180BC76} deleted successfully C:\PROGRA~3\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} deleted successfully C:\PROGRA~3\{B0689242-B0A0-4F2C-83E0-F3E560357B90} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} deleted successfully C:\PROGRA~3\{DA06AA03-DF24-4ECE-939E-1B0939235C66} deleted successfully C:\Users\Edwine\AppData\Roaming\Bandoo deleted successfully C:\Users\Edwine\AppData\Roaming\Emeg deleted successfully C:\Users\Edwine\AppData\Roaming\HpUpdate deleted successfully C:\Users\Edwine\AppData\Roaming\SimpleFiles deleted successfully C:\Users\Edwine\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Edwine\AppData\Local\39464E43-1435495007-3337-4258-00269E7787DA deleted successfully C:\Users\Edwine\AppData\Local\Axialis deleted successfully C:\Users\Edwine\AppData\Local\Conduit deleted successfully C:\Users\Edwine\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{37e17185-b07a-47b3-bd86-c675e4e4b89a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\NS.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\NS.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\ooVoo\ooVoo.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe C:\Users\Edwine\AppData\Local\SmartWeb\SmartWebHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Users\Edwine\AppData\Local\SmartWeb\SmartWebApp.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Windows\SysWOW64\ctfmon.exe C:\Users\Edwine\Desktop\zoek (1).exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Edwine\AppData\Local\Popcorn Time\nw.exe C:\Users\Edwine\AppData\Local\Popcorn Time\nw.exe C:\Users\Edwine\AppData\Local\Popcorn Time\nw.exe C:\Users\Edwine\AppData\Local\Popcorn Time\nw.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.7.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.7.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webTinstMKTN84 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\webTinstMKTN84 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default user.js not found ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("browser.BabylonToolbar_i.newTab", ""); user_pref("browser.BabylonToolbar_i.newTabUrl", ""); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.babExt", ""); user_pref("extensions.BabylonToolbar.babTrack", "affID=112059&tt=4512_7"); user_pref("extensions.BabylonToolbar.bbDpng", "20"); user_pref("extensions.BabylonToolbar.cntry", "NL"); user_pref("extensions.BabylonToolbar.dfltLng", "nl"); user_pref("extensions.BabylonToolbar.dpkLst", ""); user_pref("extensions.BabylonToolbar.envrmnt", "production"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.hdrMd5", "A90CB1A53569B56B70434683B3990612"); user_pref("extensions.BabylonToolbar.hmpg", true); user_pref("extensions.BabylonToolbar.id", "f0d3636400000000000000269e7787da"); user_pref("extensions.BabylonToolbar.instlDay", "15654"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.80:06:12"); user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); user_pref("extensions.BabylonToolbar.newTab", false); user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"72\",\"lastVrsn\":\"72\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.sg", "tzb"); user_pref("extensions.BabylonToolbar.smplGrp", "tzb"); user_pref("extensions.BabylonToolbar.srcExt", "ss"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=f0d3636400000000000000269e7787da&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.80:06:12"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112059&tt=4512_7"); user_pref("extensions.BabylonToolbar_i.hardId", "f0d3636400000000000000269e7787da"); user_pref("extensions.BabylonToolbar_i.id", "f0d3636400000000000000269e7787da"); user_pref("extensions.BabylonToolbar_i.instlDay", "15312"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); user_pref("extensions.BabylonToolbar_i.newTab", false); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.80:06:12"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); ---- FireFox user.js and prefs.js backups ---- prefs_26-07-2015_1632_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03828921-3A10-4A9A-85A8-E2B177800C3E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1BB9F86-351A-4D23-8751-E23669C38C7D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8cd3ea-a4d1-48f5-9fae-c8fe18e94ee6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1BB9F86-351A-4D23-8751-E23669C38C7D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SweetIM"=- "My Web Search Bar Search Scope Monitor"=- "vProt"=- "iSkysoft Helper Compact.exe"=- "DelaypluginInstall"=- "SmartWeb"=- "gmsd_nl_005010015"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Gossiper not found C:\PROGRA~2\predm not found C:\Program Files (x86)\BabylonToolbar not found C:\Program Files (x86)\youtubeadblocker not found c:\programdata\flashbeat not found C:\Program Files (x86)\PriceGong not found C:\ProgramData\465ac83c00003858 not found C:\Users\Edwine\AppData\Roaming\SimpleFiles not found C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f not found C:\ProgramData\55cb00630a9f48b2a5a67e525831ec1b not found C:\PROGRA~3\55cb00630a9f48b2a5a67e525831ec1b not found C:\PROGRA~3\5aae4531dc23473f8da7a5bac9f3a51f not found C:\PROGRA~3\{073730B2-6CAE-4854-85C6-D25002372130} not found C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC} not found C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found C:\PROGRA~3\{657095DF-DBDB-4B17-8245-B38845C97069} not found C:\PROGRA~3\{8D274659-3D84-4410-A197-C170D180BC76} not found C:\PROGRA~3\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} not found C:\PROGRA~3\{B0689242-B0A0-4F2C-83E0-F3E560357B90} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~3\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} not found C:\PROGRA~3\{DA06AA03-DF24-4ECE-939E-1B0939235C66} not found C:\PROGRA~2\F1 News deleted C:\Users\Edwine\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted C:\Users\Edwine\AppData\Roaming\mystartsearch deleted C:\Users\Edwine\AppData\Roaming\oursurfing deleted C:\Program Files (x86)\MyWebSearch deleted C:\Program Files (x86)\MiuiTab deleted C:\Program Files (x86)\Bandoo deleted C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} deleted C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\extensions\ffox@bandoo.com deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\extensions\searchffv2@gmail.com deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\extensions\staged deleted C:\Program Files (x86)\57a7be13-ddc3-40f6-8557-52f3a749dffe deleted C:\Program Files (x86)\globalUpdate deleted C:\Program Files (x86)\CinemaPlus-3.2cV28.06 deleted C:\ProgramData\6256241720103486530 deleted C:\ProgramData\{c2cc7206-6a76-e8e0-c2cc-c72066a7c819} deleted C:\Users\Edwine\AppData\Roaming\AnyProtectEx deleted C:\ProgramData\kodbmdhblohnghblljleklpghafmlgng deleted C:\ProgramData\{1ccea9d5-d81c-cbcf-1cce-ea9d5d81a757} deleted C:\Users\Edwine\AppData\Roaming\MailUpdate deleted C:\ProgramData\MailUpdate deleted C:\Users\Edwine\AppData\Roaming\39464E43-1435487724-3337-4258-00269E7787DA deleted C:\ProgramData\28341ff220e0446c9fff27c4493d622e deleted C:\ProgramData\IHProtectUpDate deleted c:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf deleted C:\windows\SysNative\drivers\webTinstMKTN84.sys deleted C:\Program Files (x86)\version85IneedSpeed deleted C:\ProgramData\WindowsMangerProtect deleted C:\ProgramData\Datamngr deleted C:\windows\SysNative\Tasks\ZYICP deleted C:\windows\SysNative\Tasks\JYBSNHWQD deleted C:\Program Files (x86)\AMD\6da476b5-ef99-4cd9-b979-c3126395d53c.dll deleted C:\Program Files (x86)\AMD\57a7be13-ddc3-40f6-8557-52f3a749dffe.dll deleted C:\PROGRA~3\729 deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRICEM~1 deleted C:\Users\Edwine\AppData\LocalLow\Conduit deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\mystartsearch.xml deleted C:\PROGRA~2\Music Toolbar deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\iMesh Applications deleted C:\extensions deleted C:\found.000 deleted C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles deleted C:\Users\Edwine\AppData\Roaming\WB.CFG deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk deleted C:\Users\Edwine\AppData\Roaming\Smiley.ico deleted C:\Users\Edwine\AppData\Roaming\Yontoo deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\SweetIM deleted C:\PROGRA~3\Bandoo deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\Edwine\AppData\Local\39464E43-1435495142-3337-4258-00269E7787DA deleted C:\Users\Edwine\AppData\Local\PriceMeterLiveUpdate deleted C:\Users\Edwine\AppData\Local\globalUpdate deleted C:\Users\Edwine\AppData\Local\AVG Secure Search deleted C:\Users\Edwine\AppData\Local\RegistryDR deleted C:\Users\Edwine\AppData\Local\BearShare deleted C:\Users\Edwine\AppData\Local\iMesh deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Edwine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted C:\Windows\patsearch.bin deleted C:\windows\SysNative\Tasks\pricemeterdownloader deleted C:\windows\SysNative\Tasks\PriceMeterUpdater deleted C:\Windows\Tasks\PriceMeterUpdater.job deleted C:\Users\Public\sdelev.tmp deleted C:\Users\Public\sdelevURL.tmp deleted C:\Users\Edwine\Downloads\iMeshSetup-r393-n-bf(1).exe deleted C:\Users\Edwine\Downloads\iMeshSetup-r393-n-bf.exe deleted C:\Users\Edwine\Downloads\iMeshV12 (1).exe deleted C:\Users\Edwine\Downloads\iMeshV12 (2).exe deleted C:\Users\Edwine\Downloads\iMeshV12 (3).exe deleted C:\Users\Edwine\Downloads\iMeshV12 (4).exe deleted C:\Users\Edwine\Downloads\iMeshV12 (5).exe deleted C:\Users\Edwine\Downloads\iMeshV12-r293-w.exe deleted C:\Users\Edwine\Downloads\iMeshV12.exe deleted C:\Users\Edwine\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Edwine\AppData\LocalLow\BabylonToolbar deleted C:\Users\Edwine\AppData\LocalLow\SmartWeb deleted C:\Users\Edwine\AppData\LocalLow\AVG Secure Search deleted C:\Users\Edwine\AppData\LocalLow\searchquband deleted C:\Users\Edwine\AppData\LocalLow\MyWebSearch deleted C:\Users\Edwine\AppData\LocalLow\DataMngr deleted C:\Users\Edwine\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\Edwine\AppData\LocalLow\PriceGong deleted C:\Users\Edwine\AppData\LocalLow\FunWebProducts deleted C:\Users\systemprofile\AppData\LocalLow\bandoomusictoolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\bandoomusictoolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\windows\SysNative\tasks\LuckyTab deleted C:\windows\SysNative\tasks\Digital Sites deleted C:\windows\SysNative\tasks\SmartWeb Upgrade Trigger Task deleted C:\windows\SysNative\tasks\RegistryDr_Popup deleted C:\windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Edwine\Documents\RegistryDr deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\ask-search.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\askcom.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\askcomsearch.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\Mysearchdial.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\mywebsearch.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\SearchResults.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\Search_Results.xml deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\bProtector_extensions.rdf deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\GoogleToolbarData deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\SweetIMToolbarData deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\SweetPacksToolbarData deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\CT2504091 deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\CT2849859 deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\CT2865317 deleted C:\Users\Public\Desktop\BearShare.lnk deleted C:\Users\Public\Desktop\Open It!.lnk deleted C:\Users\Public\Desktop\Upgrade Facebook Chat Experience with fTalk.lnk deleted C:\Users\Edwine\Desktop\Continue SweetIM Installation.lnk deleted C:\Users\Edwine\Desktop\iMesh.lnk deleted C:\Users\Edwine\Desktop\Youtube.lnk deleted C:\Users\Edwine\Desktop\Facebook.lnk deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\CT1547340 deleted C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\conduitCommon deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\conduit.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\delta.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\sweetim.xml" deleted "C:\Users\Edwine\AppData\Local\{CBD4513C-459A-454A-AE28-7E9968EFA179}" deleted "C:\Users\Edwine\AppData\Roaming\iJL4Wjvd44vLLCoU" deleted "C:\Users\Edwine\AppData\Roaming\PA6QNiiviXF5vUFA" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\delta.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\delta.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\conduit.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\delta.xml" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi" deleted "C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default\searchplugins\sweetim.xml" deleted "C:\Users\Edwine\AppData\Roaming\Yggu\lotee.dah" deleted "C:\Users\Edwine\AppData\Roaming\Zofa\ozubt.sah" deleted "C:\Program Files (x86)\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files (x86)\AVG Secure Search\vprot.exe" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\d3dcompiler_47.dll" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\ffmpegsumo.dll" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\icudtl.dat" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\libEGL.dll" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\libGLESv2.dll" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\nw.exe" deleted "C:\Users\Edwine\AppData\Local\Popcorn Time\nw.pak" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\Users\Edwine\AppData\Local\SmartWeb\SmartWebApp.exe" deleted "C:\Users\Edwine\AppData\Local\SmartWeb\SmartWebHelper.exe" deleted "C:\Users\Edwine\AppData\Local\SmartWeb\swhk.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\msvcp71.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\msvcr71.dll" deleted "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" deleted "C:\PROGRA~2\SweetIM\Messenger\mgAdaptersProxy.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgcommon.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgcommunication.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgconfig.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mghooking.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgsimcommon.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgUpdateSupport.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\mgxml_wrapper.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\msvcp71.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\msvcr71.dll" deleted "C:\PROGRA~2\SweetIM\Messenger\SweetIM.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.7.0\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.7.0\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.7.0\log4cplusU.dll" deleted "C:\Users\Edwine\AppData\Roaming\Yggu" deleted "C:\Users\Edwine\AppData\Roaming\Zofa" deleted "C:\Program Files (x86)\AVG Secure Search" not deleted "C:\Program Files (x86)\SweetIM" not deleted "C:\Users\Edwine\AppData\Local\Popcorn Time" deleted "C:\PROGRA~2\SweetIM" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Users\Edwine\Qtrax" deleted "C:\Users\Edwine\AppData\Local\SmartWeb" deleted "C:\Program Files (x86)\SweetIM\Messenger" not deleted "C:\PROGRA~2\SweetIM\Messenger" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.7.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.7.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.7.0" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4093 MB CPU Info: AMD Athlon(tm) II Dual-Core M300 CPU Speed: 1993,0 MHz Sound Card: Luidsprekers en Dual koptelefoo | SPDIF (Digitaal Uit via HP Dock | Onafhankelijke Dual koptelefoon | Display Adapters: ATI Mobility Radeon HD 4530 Series | ATI Mobility Radeon HD 4530 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | Atheros AR9285 802.11b/g/n WiFi Adapter CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-L633M Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 284,4GB | D: 13,4GB Hard Disks - Free: C: 72,8GB | D: 2,2GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 10/15/09 | HPQOEM - 3 Time Zone: West-Europa (standaardtijd) Motherboard *: Quanta 3639 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton Security On-access scanning disabled (Outdated) Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated) Anti-Spyware: Norton Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2015 disabled (Outdated) Firewall: AVG Internet Security 2015 disabled Firewall: Norton Security disabled Default Browser: Google Chrome 44.0.2403.107 Internet Explorer Version: 11.0.9600.17914 Mozilla Firefox version: 32.0.3 (x86 nl) Google Chrome version: 44.0.2403.107 Adobe Reader version: 9.5.5.316 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 18.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-06-28 10:52:29 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\prleth.sys 2015-06-28 10:52:29 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\hgfs.sys ====== C:\Users\Edwine\AppData\Local\Temp ==== 2015-07-14 21:21:03 F327703F5351BB4A512E8CE9F66ABB9F 563808 ----a-w- C:\Users\Edwine\AppData\Local\Temp\jre-8u51-windows-au.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-07-22 18:27:01 BBA0C61CB01BA4351C41DC36BBEB55B4 299008 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2015-07-22 18:27:00 D80ECB18D64AE3C2A9D8220ABEBCE40A 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2015-07-22 18:27:00 900DB967084C22C6D83D637529B77E8F 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2015-07-22 18:27:00 2DD3D6B44442EF17675554D0482E7BC2 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2015-07-22 18:27:00 0A6495A400140B89242268A13C807841 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2015-07-20 13:50:39 96741CBB4CC3638A2BCB11F93B92B738 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-07-20 13:50:39 393FDE87F56A8E98AC1B37ADB2181332 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-07-20 13:50:38 CA017983095846BFCFBE9C02B40958B3 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-07-20 13:50:36 E6F375BAA4F839592627DA3E95BF3977 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-07-20 13:50:36 A719B9156A6DCDBACC201D9163AFF8D1 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-07-20 13:50:36 A41BF25E4F145E1BC00445B6421B9E11 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-07-20 13:50:36 2B4A31319D74B3D3407AB64942B7FF32 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-07-20 13:50:35 E97B4515FC3846CB5C6853C40E71EF28 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-07-20 13:50:35 98226182583DF1715F1BE6CCEA6E8D95 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-07-20 13:50:34 E344031017D52F5F1A4C759A815625CC 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-07-20 13:50:34 81E207D09B2A7723A549EFB34B47C7EA 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-07-20 13:50:34 6AE6E08938D5BA9D8BA305506620B48D 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-07-20 13:50:34 4466D67AC240FE1CCCB32BE743BCB488 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-07-20 13:50:34 2E8C9C3223E05F4B42FB89C03DD09C1D 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-07-20 13:50:34 02CD86D59807467D065F521BE81BB858 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-07-16 04:29:15 143046AC227C193B5B2E0E20BC0CF1DD 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-07-16 04:28:59 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-07-16 04:28:59 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-07-16 04:28:58 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-07-16 04:28:58 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2015-07-16 04:17:42 6E91F67335D57DDFFE798C815444B0E3 210432 ----a-w- C:\Windows\SysWOW64\cewmdm.dll 2015-07-14 20:04:01 116F506573B59B85CD0DC18527E9951A 19877376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-07-14 20:03:59 AFAEB9E4269846C64DC9721B1BFA5CEC 12855296 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-07-14 20:03:59 37BC6BC6CFC38A6202B28459F7CCE4CD 479232 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-07-14 20:03:59 05CA106A1B68770BDABB9AA7AEAE516A 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-07-14 20:03:58 4E4B3CAC5C62415AF5C6B0167A376EB8 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-07-14 20:03:54 8EDF7B6D3A563DAA06DD87053C734168 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-07-14 20:03:38 E42BB0E02C8F6C8D1CCBFE6AB8EB199F 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-07-14 20:03:38 E3883C13DB4D19E29095C9F4BC27B755 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-14 20:03:38 D503616B296B869486AA84D6DB8FB6A5 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-14 20:03:38 1A04239A054D810CF32C46F2B70C47B7 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-07-14 20:03:37 E8F3572F002B556D19AC3AE4A11CAC2E 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-07-14 20:03:37 87E5B70C9F0DE7E3D620E1E3A60AA274 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-07-14 20:03:36 95C40DFE3B3CFCEBA2DF9E493945A7B5 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-07-14 20:03:36 18465944F711AD3FDE58675C3C42FA99 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-07-14 20:03:36 019019007E6980EACAC80DE04B5D330A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-14 20:03:34 442DB5B16073DE2E79E1912D0B77F343 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-07-14 20:03:34 2CC6836C44C84583386702468125654F 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-07-14 20:03:33 CC044CFF6018AD0368AF3A8149721407 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-07-14 20:03:33 81ED1F775E5DDBE990D9C3AFF507DAC2 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-07-14 20:03:32 E475D4B65088F4F7FABF7D427CD3D30E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-07-14 20:03:32 43CF584D989A4A0EA6B5D3EBFAD260B7 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-07-14 20:03:32 0CB44ADB09C5BE7CE9D1D1F04E909067 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-07-14 20:03:28 0DE5FE06603CF80238EFD9D67AB45A56 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-14 20:03:27 72D524ED31A2FBA7432801361CE41FC3 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-07-14 20:03:27 63B01F72FD727D5736DBEF54174D8F93 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-07-14 20:03:27 17DFCBA042195666632C889E04913E19 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-07-14 20:02:25 EA6F7E1F14B89F6EE1F486DCE82D1CB1 18524336 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-07-14 19:56:33 E2A2B221A47271DD4176FB9B93F670E6 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-07-14 19:56:33 CBC91E2E6158358E82D153D811B73C38 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-07-14 19:56:33 7F13188A9656355F664313334971DA22 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-07-14 19:56:33 1728A7831E95BCEEEA3F0D07AE6F74EE 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-07-14 19:56:33 13810657EE732C2F5453C0C877FD5DB2 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-07-14 19:56:19 31165F9D71D3C249AB97FBAE55DE4B49 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-07-14 19:56:18 3D73FC0D0997DA1EF6F705EF9936AB20 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-07-14 19:53:37 4548507ED3C17DB4739DBBEAF6378004 1414656 ----a-w- C:\Windows\SysWOW64\ole32.dll 2015-07-14 19:52:39 D7C4ABB0F1FFA371928EED0C7A6E24DC 2364416 ----a-w- C:\Windows\SysWOW64\msi.dll 2015-07-14 19:52:39 7B4277F9E9F48D5D8E6AEA341F8048E8 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2015-07-14 19:52:38 F61A069A5517F85662ED9A6C5AD5445A 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe 2015-07-14 19:52:38 C08582E7F8EA706A2D4A3C7BD5AC35C1 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2015-07-14 19:52:38 A344B1EFA7DB86AE1407039CD596FB1E 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-07-22 18:27:01 08D58C21888BC2DC754F591C23709C33 372224 ----a-w- C:\Windows\Sysnative\atmfd.dll 2015-07-22 18:27:00 D57C03D365BC71C7A30504644515F3F8 41984 ----a-w- C:\Windows\Sysnative\lpk.dll 2015-07-22 18:27:00 37C6F4906A4B3F837780AF078A1718BA 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2015-07-22 18:27:00 2D0E2C197BA9CD67105DE5BBFBEF72A7 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2015-07-22 18:27:00 1C4FF36152EBDF5C10A612FC9B2E1F8A 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2015-07-20 13:50:20 F66102F990EE913261ED7907403718ED 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-07-20 13:50:20 B1D191D0EDEB86197A5FD5030B65420F 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-07-20 13:50:20 A66FF313F2F8A6CBF9BB2B0CC92D5ACD 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-07-20 13:50:20 9EA6DA45B95599C27B1661C1D99307D7 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-07-20 13:50:20 750C44D6F7A708F0C6618F075A0A68A7 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-07-20 13:50:20 3B96392CBE54FF44BEAEB0B4BCC65487 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-07-20 13:50:20 09730D830B2B69B626817F4A95945308 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-07-20 13:50:19 F01A58E45BB8E28CCE6BCF272FF0F9A8 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-07-20 13:50:19 EEB192537935BB12A998CAB8F5A07E78 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-07-20 13:50:19 9F2CCDE3F30C224C082984B6F95D3D95 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-07-20 13:50:19 7C26CACB82ECA09874B984B155B06AD4 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-07-20 13:50:19 55750A7588D91B102EB17E69BFF2AAF1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-07-20 13:50:17 E8560BC8E1B85A5A081AEF43626187B1 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-07-20 13:50:17 D5844B744F7BAF826965DD634FF8DB00 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-07-20 13:50:17 C3F6A9A41CC8591EF0370708E54DE474 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-07-20 13:50:17 C3F0594AF92FE71B13A44177FDB80784 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-07-20 13:50:17 97D879A884E7CDFED51AD63348A35254 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-07-20 13:50:17 48A88348F1539CC7C8CB4E032DD79DAA 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-07-16 04:29:15 EFFFE1C77ACCE66C82CCFD18A9687F48 404992 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-07-16 04:28:59 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2015-07-16 04:28:59 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-07-16 04:28:59 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-07-16 04:28:58 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-07-16 04:17:33 60696836CAD56F1B47059E1BA739787D 254976 ----a-w- C:\Windows\Sysnative\cewmdm.dll 2015-07-14 20:04:00 FC165889E97E37BCB55C5B79BEB3D331 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-07-14 20:03:57 78E4D3781E5632BA88E5153510BEB625 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-07-14 20:03:57 120E3CE08505A9637CAB72D35A2D2E8C 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-07-14 20:03:56 6A70888EEC05B45C8990E8977C480019 14453248 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-07-14 20:03:55 D74E2BE157B8A2A9CF29BEBB052B8A42 25193984 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-07-14 20:03:53 41D59904967A4033FB4497DCED7320AD 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-07-14 20:03:38 A51BF63E9EA6DDED50A69797EAD23576 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-07-14 20:03:38 50AAC6B4AFD93060456134A29C35FB1E 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-07-14 20:03:37 44D98BF1ED7B520602A55446E28D8840 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-07-14 20:03:37 3A46FC42EDE2021399FCD9E4A7A406F8 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-07-14 20:03:36 4887D79B5CE61A00FCC5C53AA2216007 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-07-14 20:03:33 DAECFA33350D863D49157506587D5EF8 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-07-14 20:03:33 7EEC52D1B800230A4E8EC81B92D61118 389832 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-07-14 20:03:32 BCE51D1B0F7BC8977CDAECD24A0D4C88 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-07-14 20:03:32 80E899C111219316B94BBA72FAFF7D11 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-07-14 20:03:32 434CBA59035C4F3A02E5AB92FD6C816B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-07-14 20:03:30 BB33A140CA61A22B5882486881E2191A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-07-14 20:03:30 AF3D4DA49A9C9C9778953CE9D7470C11 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-07-14 20:03:29 58243D92748201D38AACDAEA22527412 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-07-14 20:03:28 B5164F4515C4BC4F45FBF5B3A99685C0 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-07-14 20:03:27 9B9D2B99A865CB3B9BAA9BE77A300680 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-07-14 20:03:27 142D20CA55870589B009D53C37C0B75C 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-07-14 20:03:26 4024752E6B341B07F3823B7DA72C45D2 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-07-14 20:03:24 F30702F2607AEE462A6AB8715E72FC03 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-07-14 20:03:24 796A89701B2560FF453FF08FF941A169 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-07-14 20:03:24 74F367C596EEF3106EBC65625F04C807 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-07-14 20:03:23 E066FDC3A2074D926903B8C31EF3B347 2427392 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-07-14 20:03:21 C95EE658B7816B3588418E948EF55F83 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-07-14 20:03:21 8DA3623D372E5147914973383D998980 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-07-14 20:03:21 88E26FC9F8BDE0635F379BB8FE6BFFF1 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-07-14 19:56:33 84CEF9B2D8ED8006B3975DC1D8109B3D 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-07-14 19:56:33 3F9239D5F65F1318A53EBAEC01C092F1 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-07-14 19:56:33 3EDB01024BA86C5B4D2CB307DC5D3AC0 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-07-14 19:56:32 F56E83C1EFEDEF919033CBFF071602B6 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-07-14 19:56:32 D79E3C2D45315ADCAA267A05355DFBF5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-07-14 19:56:32 BC80574FF264848F8613A3F6F7AF7642 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-07-14 19:56:32 AA3E844A2595B1AA5825C70CA50D963E 2603008 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-07-14 19:56:32 80381DD7C4797A601E59F8E001B46793 3154944 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-07-14 19:56:32 2896A06239E19379CE44FAFCDB1675B1 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-07-14 19:56:32 00DCC688DF459A9FEE42C7397668C62B 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-07-14 19:56:32 00383E521D3D039968B92A0998BA76FD 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-07-14 19:56:23 C4EA3D63E8BF077ECD1E93BF6556AE99 3207168 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-07-14 19:56:19 837BD6BB879405B416A4326C8B723D83 5923840 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-07-14 19:56:19 2A795629E0746D82A229A01EEE75FCE5 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-07-14 19:53:37 E3EB94B45A2735D4559558B5899732E8 2087424 ----a-w- C:\Windows\Sysnative\ole32.dll 2015-07-14 19:52:40 D9A91A779B5059E72D7FAD2B38275EA4 3242496 ----a-w- C:\Windows\Sysnative\msi.dll 2015-07-14 19:52:39 81CB8D34112178CE1826C86BA5F268C3 128000 ----a-w- C:\Windows\Sysnative\msiexec.exe 2015-07-14 19:52:39 5489E74E56C0255159C8AE2C70744458 1941504 ----a-w- C:\Windows\Sysnative\authui.dll 2015-07-14 19:52:38 CDAD406033C31DB34185DDAECDD35FE2 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2015-07-14 19:52:38 978DC0A1FBE9CC91B21B40AF66CB396A 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll 2015-07-14 19:52:38 91593D4FB7D89249014564A5F3EC389B 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll 2015-07-14 19:52:38 0D9514850CC3A99A6600643F2888858B 112064 ----a-w- C:\Windows\Sysnative\consent.exe 2015-07-14 19:51:52 D236055773550118989C0C81CBE79A29 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-07-14 19:51:52 BBA5CB528CB7482E118D0FEAF808987A 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-07-14 19:51:52 782C216AFEE0561680706698F70B2A93 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-07-14 19:51:52 658B5EC540CD94D76889D0E8390B1C04 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-07-14 19:51:52 5D507961F680D0A0392CC5EB6515E70A 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-07-14 19:51:52 474EA5201E3883F747D540D3EF57C1F2 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-07-14 19:51:52 0919F433ED64E6CD1912C016F1E80BE7 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-07-14 19:51:51 5663847B3DCC8382B1D1F1EEB4A92994 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-20 13:50:21 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-20 13:50:21 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-20 13:50:21 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-20 13:50:17 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-07-20 13:50:17 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-28 21:30:46 37DA6EC1E8C88C7D859989E668863712 102616 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS 2015-06-28 21:30:46 2957AD97E3AF5319B0E1D7EEF77DC60E 8214 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT 2015-06-28 21:30:46 1D7D3370FFEDFE42BA2FB02FD81628FD 855 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF ====== C:\Windows\Tasks ====== 2015-06-29 14:10:09 E71BA615E8A36EADC42F653FDC76D5CE 3156 ----a-w- C:\Windows\Sysnative\Tasks\{1DAA136F-3A32-4FE3-AA58-47BF3E4BDE88} 2015-06-29 13:55:13 6CE82DE7BFF6CED142BBF39F9F667492 3150 ----a-w- C:\Windows\Sysnative\Tasks\{C62E4A17-8EBD-44E7-9EAD-3C5CA24466B1} 2015-06-28 11:54:19 0839FF8174FD31FB61C3E22ADD5AF1B9 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-28 11:54:19 07BA9897040D2828D2B88184FC5E8DF0 4052 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2015-06-28 11:54:17 6E5E24A43B53E09061DBF2F0B8E18E0D 3800 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2015-06-28 11:54:17 2EC40C5793D5F728AD8FD803C853EFE6 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-25 20:19:44 -------- d-----w- C:\Program Files\trend micro 2015-07-20 14:54:23 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2015-07-20 14:54:27 -------- d-----w- C:\PROGRA~2\iTunes ======= C: ===== 2015-07-06 07:59:04 E7832D67AD190A920970CB5ADFC6D5D1 383 -c--a-w- C:\ftconfig.ini ====== C:\Users\Edwine\AppData\Roaming ====== 2015-07-09 21:40:03 -------- d-----w- C:\Users\Edwine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-07-01 15:58:02 -------- d-----w- C:\Users\Edwine\AppData\Local\CrashDumps 2015-06-29 10:52:48 -------- d-----w- C:\Users\Edwine\AppData\Local\NPE ====== C:\Users\Edwine ====== 2015-07-25 20:18:46 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Edwine\Downloads\RSITx64.exe 2015-07-20 14:55:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-12 20:37:40 -------- d-----w- C:\ProgramData\MGTEK 2015-07-12 20:37:17 1D068CA2234226BD0269B5149C52875E 2659912 ----a-w- C:\Users\Edwine\Downloads\delad.exe 2015-06-28 10:34:18 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol ====== C: exe-files == 2015-07-25 20:19:51 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Edwine.exe 2015-07-25 20:18:46 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Edwine\Downloads\RSITx64.exe 2015-07-25 16:04:21 2F353E48314786E5D99CB799FC1625F5 1122816 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Update\42.0.0.9895\TorchUpdate.exe 2015-07-25 16:04:05 F91FACCD639848EC93A266BC64EB3CE0 1037320 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\Installer\setup.exe 2015-07-25 16:04:04 554C9DDCF147EB032153D6F716EA081F 2102792 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\nacl64.exe 2015-07-25 16:04:04 256ED670362A97E4DC88DF87A9085599 641032 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\delegate_execute.exe 2015-07-25 07:22:15 7E808838855F10CFB8E3AD68B805EE9B 7357520 ----a-w- C:\Program Files (x86)\Google\Update\Install\{3EFC59FD-E34C-4787-99EA-15D91DC8516A}\44.0.2403.107_43.0.2357.134_chrome_updater.exe 2015-07-25 07:22:15 7E808838855F10CFB8E3AD68B805EE9B 7357520 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.107\44.0.2403.107_43.0.2357.134_chrome_updater.exe 2015-07-20 14:44:44 FA4DAEE66CF44EC78EFD2E10AFC2D962 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.2.1.16\SetupAdmin.exe 2015-07-20 14:44:43 FA4DAEE66CF44EC78EFD2E10AFC2D962 77104 ----a-w- C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XH6O0A24\SetupAdmin[1].exe === C: other files == 2015-07-25 16:03:54 F30710D0B9135F24E0A523438C5ED6AF 5755 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_apps\torch_games_app.crx 2015-07-25 16:03:54 EE90B091D623CC7D1F4C4EE382C66DC9 1972 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_themes\black_theme.crx 2015-07-25 16:03:54 D05012AA5CAED1CCBE2D83ACE18F4EEC 5774 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_apps\torch_torrent_app.crx 2015-07-25 16:03:54 CE5CDAA118F87B287BCC5B0E8630906F 344512 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\torch_music_ext.crx 2015-07-25 16:03:54 A301E6174CE5E325CA7A621879D5D0AF 6620 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\torch_games_ext.crx 2015-07-25 16:03:54 9CAFA4B0B285B4C5E6ADA209965F06E4 5624 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_apps\torch_music_app.crx 2015-07-25 16:03:54 96F789556701266D08161B12E4DEDC32 43702 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\Extensions\TorchDeals.crx 2015-07-25 16:03:54 91EEDBAA29227F82631CB15BEB7CC8DE 400406 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\Extensions\ask_toolbar_6_0_0.crx 2015-07-25 16:03:54 750BA6D505801D660952165408EF0001 902 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_themes\transparent_theme.crx 2015-07-25 16:03:54 7339EF4EFAC0CE38BEA639BAE199BF38 1528638 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\facelift.crx 2015-07-25 16:03:54 6A49EE66E2F045BCAE5163A938A05D73 2450 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_default_themes\themeTransparentXP.crx 2015-07-25 16:03:54 559C5A96507289A1A26CA67FB4392F5E 1722916 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\drop_to_s.crx 2015-07-25 16:03:54 482C4ECFF8E162AA040773AAFA198684 116329 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\torchhelper.crx 2015-07-25 16:03:54 22ECA39935E1FB0CB80D479C2F455B5B 935315 ----a-w- C:\Users\Edwine\AppData\Local\Torch\Application\42.0.0.9895\torch_extensions\new_tab.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN" "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "VoipDiscount"="C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe -nosplash -minimized" "iMesh"="C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe --lightmode" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe /minimized" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN" "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "VoipDiscount"="C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe -nosplash -minimized" "iMesh"="C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe --lightmode" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe /minimized" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\programdata\\flashbeat\\flashbeat32.dll c:\\progra~2\\musict~1\\datamngr\\mgrldr.dll c:\\progra~2\\bandoo\\bndhook.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "SunJavaUpdateSched"="C:\Program Files\Java\jre1.8.0_31\bin\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "msnmsgr"="~\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HPCam_Menu"="\"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\MUITransfer\\MUIStartMenu.exe\" \"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\" UpdateWithCreateOnce \"Software\\Hewlett-Packard\\Media\\Webcam\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "HP Software Update"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "ROC_roc_dec12"="\"C:\\Program Files (x86)\\AVG Secure Search\\ROC_roc_dec12.exe\" /PROMPT /CMPID=roc_dec12" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "HF_G_Jul"="\"C:\\Program Files (x86)\\AVG Secure Search\\HF_G_Jul.exe\" /DoAction" "ROC_roc_ssl_v12"="\"C:\\Program Files (x86)\\AVG Secure Search\\ROC_roc_ssl_v12.exe\" / /PROMPT /CMPID=roc_ssl_v12" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForSERENITY$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07-10-2009 05:22] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CapSchedInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe] "C:\Windows\SysNative\tasks\CapSvcInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe] "C:\Windows\SysNative\tasks\CapUninst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForSERENITY$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\MUI StartMenu Application" [c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\WSCStub.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Sun Microsystems-online actualiseringsprogramma" [C:\Program Files\Java\jre6\bin\jusched.exe] "C:\Windows\SysNative\tasks\TVAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{6E0F6C0E-AFC2-451C-BE9C-0A8C8A728D70}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{705DF082-A382-49EF-881E-7EEF090E02DC}" [C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\uiStub.exe] "C:\Windows\SysNative\tasks\{C299F124-0A96-4F8B-82BC-BD828380B084}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.120.161/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Security\Norton Error Processor" [C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn" [26-07-2015 14:57] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{C6476A68-B06E-82C0-8E2F-D79F1A73C235}"="C:\Program Files (x86)\version85IneedSpeed\192.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default - Undetermined - C:\Program Files (x86)\MyWebSearch\bar\2.bin - iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Edwine\AppData\Roaming\Mozilla\Firefox\Profiles\p6x8p7e2.default 7E0EC98C322042F27D8D158BF0244A67 - C:\Users\Edwine\AppData\Roaming\Zoom\bin_00\npzoomplugin.dll - Zoom launcher - 3.0.1 ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.107 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaajhhckaajldjhmbpgleomemmpopjp - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx[07-06-2013 14:05] cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\Exts\Chrome.crx[13-09-2014 08:21] cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Edwine\AppData\Local\Temp\ccex.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Edwine\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[] dloejdefkancmfajekobpfoacecnhpgp - C:\Program Files (x86)\Bandoo\ChromePackage.crx[] iikflkcanblccfahdhdonehdalibjnif - No path found[] kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Edwine\AppData\Local\Torch\Plugins\TorchPlugin.crx[28-08-2013 15:47] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01-05-2015 11:17] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Edwine\AppData\Local\Temp\ccex.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx[] Ask Toolbar - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko Comodo Drag&Drop Service - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn PrivDog - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja Comodo Media Downloader - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo F1 News - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk Comodo Share Page Service - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda CinemaPlus-3.2cV28.06 - Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp Norton Security Toolbar - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe AdBlock - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Safe - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif F1 News - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk RevEye Reverse Image Search - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\keaaclcjhehbbapnphnmpiklalfhelgf Skype Click to Call - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl {page b.html}content_scripts:[{all_frames:falsejs:[c.js]matches:[http://*/*https://*/*]run_at:\u0064ocumen\u0074_end}]description:\u0069co\u006es:{1\u0036:icon16.png48:icon48.png128:ico\u006E12\u0038.png}manifest_version:2name:I\u006eeedSpe\u0065\u0064permissions:[cookiesstorageunlimitedStoragehttp://*/*h\u0074t\u0070\u0073://*\u002f*tabswebRequestwebRe\u0071ues\u0074Bloc\u006bing]version:1.192.0.0} - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk Chrome Web Store Payments - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda CinemaPlus-3.2cV28.06 - Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp Ask Toolbar - Edwine\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne Google Drive - Edwine\AppData\Local\Torch\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Edwine\AppData\Local\Torch\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DropToS - Edwine\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Google Search - Edwine\AppData\Local\Torch\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Torch New Tab - Edwine\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi Torch Shopping - Edwine\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic Torch Games - Edwine\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp Torch Music - Edwine\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad FaceLift - Edwine\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk F1 News - Edwine\AppData\Local\Torch\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk Torch Games - Edwine\AppData\Local\Torch\User Data\Default\Extensions\khkmhmmjbfailffpaicjgedkpboookjk Torch Helper - Edwine\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Skype Click to Call - Edwine\AppData\Local\Torch\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Torch Torrent - Edwine\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc Google Wallet - Edwine\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Torch Music - Edwine\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed CinemaPlus-3.2cV28.06 - Edwine\AppData\Local\Torch\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp Hola for Torch - Edwine\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh Gmail - Edwine\AppData\Local\Torch\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Preferences 7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L-formaat 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L-formaat 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10inch\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Fotokaart 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"A4 zonder rand, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Cabinet 120x165mm zonder rand\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"A6 zonder rand\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"B5 zonder rand, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Kaartenvelop 4,4x6inch\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelop #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"166\",\"width_microns\":104600},{\"custom_display_name\":\"A2-envelop\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"167\",\"width_microns\":110900},{\"custom_display_name\":\"DL-envelop\",\"height_microns\":219900,\"name\":\"ISO_DL\",\"vendor_id\":\"168\",\"width_microns\":109900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"169\",\"width_microns\":100000},{\"custom_display_name\":\"Hagaki 100x148mm zonder rand\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"170\",\"width_microns\":100100},{\"custom_display_name\":\"Indexkaart 3x5inch\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"171\",\"width_microns\":76200},{\"custom_display_name\":\"Monarch-envelop\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"173\",\"width_microns\":98300},{\"custom_display_name\":\"Envelop nr. 6 3/4\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"174\",\"width_microns\":92200},{\"custom_display_name\":\"Indexkaart 5x8inch\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"175\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"176\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP Deskjet F4200 series\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000}}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.facebook.com:443,https://www.facebook.com:443":{"setting":1},"https://www.youtube.com:443,http://www.sun-gazing.com:80":{"setting":1},"https://www.youtube.com:443,https://www.facebook.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.facebook.com:443,https://www.facebook.com:443":{"fullscreen":1},"https://www.youtube.com:443,http://www.sun-gazing.com:80":{"fullscreen":1},"https://www.youtube.com:443,https://www.facebook.com:443":{"fullscreen":1}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","per_host_zoom_levels":{}},"protection":{"macs":{"extensions":null}},"savefile":{"default_directory":"C:\\Users\\Edwine\\Documents\\Edwine persoonlijk\\High Five\\Loonstroken"},"selectfile":{"last_directory":"C:\\Users\\Edwine"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13040680857553246"},"translate_accepted_count":{"de":0,"en":0,"und":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"de":1,"en":4,"und":1},"translate_denied_count_for_language":{"en":1},"translate_last_denied_time":1413619119962.354,"translate_last_denied_time_for_language":{"en":1437925238842.037},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} :"83B09DBAFED5263786C0F847B94E54F69BC7DFAFBA83E526D03BA642747F7EE9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"85CC3886533698520ACB75296B2E9D296543200465BB3BD35E13E502CD2F71EB","papbadoldddalgcjcicnikcfenodpghp":"01407F2DEE0960BFE7FD1AB0E689728DC762320FDBC5F4E819AE0BB7E610209D"}},"google":{"services":{"account_id":"18C5578FD05BB961163C007E07794C3AF6BC01318884DC4A52A9D196FD87EB0A","last_username":"B511794983811B3DFBD0543D4FCBF091BF6E4BFB14DAB5D07F62E351AF059895","username":"342FEC6DD6B81325F18F7ADC4B74E8088C9A8BDF63FAF3E5B681183651C05565"}},"homepage":"AFF30B890AFD47CFE4BA9ECCACBA45C3C8357EF040D8A250E3239ADA3D1C64ED","homepage_is_newtabpage":"60D2017DD4B6C8065A8483A1E31EA00B17A557FC4B682DAB67D1DF0931D47B7F","pinned_tabs":"11CE4F5286BF1560A7861B3219971BF02B03A4AEE430A17BBE44F2E70F45A939","prefs":{"preference_reset_time":"E47CF9B1DD37D345FC70470D2392C49FA29154681C217E63CD8FA37624D7FF51"},"profile":{"reset_prompt_memento":"F8ABF0E3D6C2AC6F958CA884302161057D9476F219A64C4D76863A81A157128B"},"safebrowsing":{"incidents_sent":"F40337CFB4AE2523B1CE05C3435FC2AEE7530D884AFF3D031FA07074514C045D"},"search_provider_overrides":"D0FA1C0927DB647A5AB95BFD045050CE2ACAD05A93BEF62D5442D5DC4E23A318","session":{"restore_on_startup":"6A436A4F0A3AC28B03A758992997F54D1ECAC1E423D4A97482CBCA013F2F6E39","startup_urls":"62C4AD25BE267FCEC5714CA68B5B0EDF5B81E038CC9864BA270E91AFE4F7CEA5"},"software_reporter":{"prompt_reason":"3F6EE28C90B528ED9B87E0888ADF61869B6BBC0D0C3DFBA9BC171E03F30319D6","prompt_seed":"17DA74B22061F41E2EB5F546BAA67E2620E5D635F7C5F3E563303011AF84D5B5","prompt_version":"4CB41088B24A65F47A9CE12E2B5FFDDFF9802D6CED089F44A60A2A3DDC84B670"},"sync":{"remaining_rollback_tries":"A39546C60C95876603520F4A168A8EA2AF3909A00CE215BB2DE3BAA8BE359B6B"}},"super_mac":"1AB118FDA1A150B7F29816A5762900E7ECA05890C7E0A0D178137E38406653F9"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"3":{"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\YCWebCameraSource.ax":"3517761902"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.nl/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}} C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Preferences "startup_urls": [ "http://home.torchbrowser.com/?systemid=448&appid=160&ua=Torch&clid={D533F846-9659-4F2C-B4FA-C47B70D02B7C}" ] ==== Chromium Fix ====================== C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.smartshopping.com_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.smartshopping.com_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_del-ad.nl.softonic.com_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_del-ad.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_itunes-64.nl.softonic.com_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_itunes-64.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi deleted successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\databases\chrome-extension_dipchieogpecpggdacaaffcjemkggfbi_0 deleted successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\dmgjnkhnkblpmfjpdakehnaikgdjllic deleted successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk deleted successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\jchepaljijgokkoflakjioknkfolenbk deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jchepaljijgokkoflakjioknkfolenbk_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jchepaljijgokkoflakjioknkfolenbk_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk deleted successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0 deleted successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp deleted successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.0.0.110" "Default_Page_URL"="http://www.oursurfing.com/?type=hppp&ts=1435487637&z=7b8cf6e2bfbb82343f5ef36g5z9cbwcz5b8maq6c6m&from=exp&uid=HitachiXHTS723232L9A360_091031FCC400NEHX21BGX" "Search Page"="http://www.oursurfing.com/web/?type=ds&ts=1435487585&z=1d07b1c32b6df932b66920dg6z7c5wfzfbdmdwfb7w&from=exp&uid=HitachiXHTS723232L9A360_091031FCC400NEHX21BGX&q={searchTerms}" "Default_Search_URL"="http://www.oursurfing.com/web/?type=ds&ts=1435487585&z=1d07b1c32b6df932b66920dg6z7c5wfzfbdmdwfb7w&from=exp&uid=HitachiXHTS723232L9A360_091031FCC400NEHX21BGX&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.oursurfing.com/?type=hppp&ts=1435487637&z=7b8cf6e2bfbb82343f5ef36g5z9cbwcz5b8maq6c6m&from=exp&uid=HitachiXHTS723232L9A360_091031FCC400NEHX21BGX" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.0.0.110" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.oursurfing.com/?type=hppp&ts=1435487637&z=7b8cf6e2bfbb82343f5ef36g5z9cbwcz5b8maq6c6m&from=exp&uid=HitachiXHTS723232L9A360_091031FCC400NEHX21BGX" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.0.0.110" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NS&pvid=22.0.0.110" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7SUNC_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Reset Google Chrome ====================== C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Preferences was reset successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Secure Preferences was reset successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Web Data-journal was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Web Data was reset successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Mozilla\Firefox\Extensions\ffox@bandoo.com deleted successfully HKEY_USERS\S-1-5-21-3035429546-2157832359-1196552001-1000\Software\Mozilla\Firefox\Extensions\{C6476A68-B06E-82C0-8E2F-D79F1A73C235} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ffox@bandoo.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\searchffv2@gmail.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dloejdefkancmfajekobpfoacecnhpgp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajhhckaajldjhmbpgleomemmpopjp deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 101 MediaBar deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bandoomusictoolbarGC deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bandoomusictoolbarFF deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bandoomusictoolbarIE deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97B4DF0B-7499-455F-AFBA-F70F64D6D86A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B0FD4B799947F554FAAB7FF0466D8DA6 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b4704e3b} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 0.0.0.1 mssplus.mcafee.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\coIEPlg.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\coIEPlg.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe" -nosplash -minimized O4 - HKCU\..\Run: [iMesh] "C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe" --lightmode O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYNL O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/mindspark/ei/1.2.5.17/SmileyCentral.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.7.0\ViProtocol.dll (file missing) O18 - Protocol: WSISVCUchrome - {78A543EB-3A61-4ED3 - (no file) O20 - AppInit_DLLs: c:\programdata\flashbeat\flashbeat32.dll c:\progra~2\musict~1\datamngr\mgrldr.dll c:\progra~2\bandoo\bndhook.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: Norton Security (NS) - Symantec Corporation - C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\NS.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Edwine\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edwine\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edwine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GDT7IVZ will be deleted at reboot C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3N2AQLG will be deleted at reboot C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWLYY7N9 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Edwine\AppData\Local\Mozilla\Firefox\Profiles\p6x8p7e2.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully C:\Users\Edwine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=8588 folders=2177 18028805041 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Edwine\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Edwine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\AVG Secure Search" not found "C:\Program Files (x86)\SweetIM" not found "C:\PROGRA~2\SweetIM" not found "C:\PROGRA~2\AVG Secure Search" not found "C:\PROGRA~2\AVG Secure Search" not found "C:\Users\Edwine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko" not found "C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne" deleted "C:\Users\Edwine\AppData\Local\Torch\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp" not found "C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GDT7IVZ" not found "C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3N2AQLG" not found "C:\Users\Edwine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWLYY7N9" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 26-07-2015 at 18:03:01,62 ======================