Zoek.exe v5.0.0.1 Updated 19-November-2015 Tool run by Arthur on vr 20/11/2015 at 14:06:04,45. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Arthur\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 20/11/2015 14:09:59 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\PROGRA~3\ioloGovernor deleted successfully C:\Users\Arthur\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Arthur\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Arthur\AppData\Local\EmieSiteList deleted successfully C:\Users\Arthur\AppData\Local\EmieUserList deleted successfully C:\Users\Arthur\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\Arthur\AppData\Local\MediaShow deleted successfully C:\Users\Arthur\AppData\Local\PackageStaging deleted successfully C:\Users\Jasmina\AppData\Local\CrashDumps deleted successfully C:\Users\Jasmina\AppData\Local\EmieSiteList deleted successfully C:\Users\Jasmina\AppData\Local\EmieUserList deleted successfully C:\Users\Jasmina\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\Microsoft\Internet Explorer\SearchScopes\{17A2C4C3-B7DE-4362-A763-6D214BA1C7F8} deleted successfully HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5BB2A37F-71B0-456B-A60D-B857819D4214} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2335267c-dbba-4dd5-a9d0-c4db8e6a75a4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5BB2A37F-71B0-456B-A60D-B857819D4214} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BB2A37F-71B0-456B-A60D-B857819D4214} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6434DFF3-2FE2-4602-A9AB-7C27939C8D0C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6434DFF3-2FE2-4602-A9AB-7C27939C8D0C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{6434DFF3-2FE2-4602-A9AB-7C27939C8D0C} deleted successfully ==== Installed Programs ====================== 7-Zip 9.20 7-Zip 9.20 (x64 edition) Adobe Acrobat Reader DC - Nederlands Adobe Flash Player 20 NPAPI Adobe Refresh Manager Adobe Shockwave Player 12.0 All Family Games Bejeweled 2 Deluxe Bejeweled 3 Belfius Smart Card Reader Chrome-App Belgium e-ID middleware 4.0.7 (build 7466) Bonjour Broadcom 802.11 Wireless LAN Adapter Broadcom Bluetooth Drivers Build-a-lot Building the Great Wall of China Collector's Edition Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Crazy Chicken Soccer CyberLink Media Suite 10 Cyberlink PhotoDirector CyberLink Power Media Player 12 CyberLink Power2Go 8 CyberLink YouCam D3DX10 DisableMSDefender Energy Star EPSON-handleidingen Epson Event Manager EPSON Scan EPSON XP-510 Series Printer Uninstall EpsonNet Print eShield Browser Security Evernote v. 5.2 Farm Frenzy FarmVille 2 Free YouTube To MP3 Converter Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.2.3 Hometown Poker Hero Host App Service HP 3D DriveGuard HP CoolSense HP Customer Experience Enhancements HP Documentation HP PC Hardware Diagnostics UEFI HP Postscript Converter HP Recovery Manager HP Registration Service HP SimplePass HP Support Assistant HP Support Solutions Framework HP System Event Utility HP Utility Center HP Wireless Button Driver Inst5675 Inst5676 Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) Smart Connect Technology Intel(R) Technology Access Intel(R) Technology Access Software Asset Manager Intel(R) Update Manager Intel© Trusted Connect Service Client iolo technologies' System Mechanic Java 8 Update 66 Java Auto Updater Jewel Match 3 Junk Mail filter update Microsoft Application Error Reporting Microsoft ASP.NET MVC 4 Runtime Microsoft Office Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 MioMore Desktop 7.50 More Games from WildTangent Games Movie Maker Mozilla Firefox 42.0 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 38.3.0 (x86 nl) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Norton Family Norton Internet Security NVIDIA-configuratiescherm 353.50 NVIDIA GeForce Experience 2.4.5.57 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 353.50 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 2.4.5.57 NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.4.5.44 NVIDIA Update 2.4.5.57 NVIDIA Update Core NVIDIA Virtual Audio 1.2.28 Photo Common Photo Gallery Picasa 3 Plants vs. Zombies - Game of the Year Polar Bowler Ranch Rush 2 - Premium Edition Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition SHIELD Streaming SHIELD Wireless Controller Driver SkypeT 7.4 Software Updater SPCA1528 PC Driver Speccy Start Menu Stuurprogrammapakket voor Windows - Fedict SmartCard (04/30/2014 4.0.7.5) swMSM Synaptics Pointing Device Driver Trinklit Supreme Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition Update Installer for WildTangent Games App Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Vacation QuestT - Australia VASCO Card Reader Plug-In (64-Bit) VASCO Smart Card Reader Plug-In (User) Virtual Families Wedding Dash WildTangent Games App for HP Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Youda Jewel Shop Zynga Poker ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\NF.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\TampMon.exe C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\NF.exe C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Windows\System32\TiltWheelMouse.exe C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Users\Arthur\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe C:\Users\Arthur\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coNatHst.exe C:\Users\Arthur\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default ---- Lines conduit removed from prefs.js ---- user_pref("plugin.state.npconduitfirefoxplugin", 0); ---- Lines conduit removed from user.js ---- user_pref("plugin.state.npconduitfirefoxplugin", 0); ---- FireFox user.js and prefs.js backups ---- user_20152011_1424_.backup prefs_20152011_1424_.backup ProfilePath: C:\Users\Arthur\AppData\Roaming\Thunderbird\Profiles\df8n3brb.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20152011_1424_.backup ==== Deleting Files \ Folders ====================== C:\Users\Arthur\AppData\Local\Pokki not found C:\Users\Arthur\AppData\Roaming\iolo deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\Public\Pokki deleted C:\Users\Arthur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted C:\Users\Jasmina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted C:\Windows\SysNative\config\systemprofile\AppData\Roaming\pkcs11.log deleted C:\PROGRA~3\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE} deleted C:\PROGRA~3\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Arthur\AppData\Local\Unity deleted C:\Users\Default\AppData\Local\Pokki deleted C:\Users\Jasmina\AppData\Local\Pokki deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted C:\Users\Arthur\Downloads\FreeYouTubeToMP3Converter (1).exe deleted C:\Users\Arthur\Downloads\FreeYouTubeToMP3Converter.exe deleted C:\Users\Arthur\AppData\LocalLow\Unity deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default\searchplugins\default.xml deleted C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default\jetpack deleted C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default\extensions\staged deleted "C:\Windows\Installer\1fb5a9de.msi" deleted "C:\windows\Installer\126c7c.msi" deleted "C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default\searchplugins\yahoo.xml" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 12219 MB CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz CPU Speed: 2398,3 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Hosted Network Virtual Adapter | Microsoft Wi-Fi Direct Virtual Adapter | Broadcom BCM43142 802.11 bgn Wi-Fi Adapter | Bluetooth-apparaat (Personal Area Network) | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVDRW SU208FB Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 909,8GB | D: 20,7GB Hard Disks - Free: C: 805,8GB | D: 2,1GB Manufacturer *: Insyde BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 2282 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Norton Internet Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0} Default Browser: Firefox 42.0 Internet Explorer Version: 11.0.9600.18098 Mozilla Firefox version: 42.0 (x86 nl) Google Chrome version: 46.0.2490.86 Adobe Reader version: 15.9.20077.160923 Sun Java version: 1.8.0_66 (32-bit) Sun Java version: 1.8.0_66 (64-bit) Flash Player version: 20.0.0.214 Shockwave Player version: 12.0.4r144 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Arthur\AppData\Local\Temp ==== ====== Java Cache ===== 2015-11-20 12:53:56 4F85459CEC4F78A3987FFFD5B6A816C5 605 ----a-w- C:\Users\Arthur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-5e30db99 2015-11-20 12:53:56 DB47438B8C1F764BC6EC9523BF54F924 428 ----a-w- C:\Users\Arthur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52c00ce5-78e96a5ccf5c5b6a29dcdffe1d16c989d010904d54059e7b28aad8dacf6a56c9-6.0.lap 2015-11-20 12:53:56 C9588417B10E1D770E3E5DA1F3510AE5 8425 ----a-w- C:\Users\Arthur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\298d42d-59646d7e 2015-11-20 12:54:07 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Arthur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\c8dc66e-195cc9e2 ====== C:\Windows\SysWOW64 ===== 2015-11-20 12:52:05 CD89ED65EE21D7C3A979C6F2198357A2 110688 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2015-11-20 12:52:05 895ABED2A7C126EFA4D61AF24B0D5AE4 97888 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-19 18:05:42 D8DDC4DDC0332BF5CD1C891F7E4282AF 19715784 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-11-11 10:17:15 AD89E4F50EA593ED82784E647D6478CF 803328 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-11-11 10:17:14 DDFA49437E3A0EA81AECE3C384646768 359424 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-11-11 10:17:14 816CD860AD69204C5A7F447234BBA0A4 120376 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-11-11 10:17:14 4164DA5300F98AD06DB6C7CEE7ED3EE0 340872 ----a-w- C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-11 10:17:14 2FC5CBABD96D822BA2C880D2B287AEC5 324096 ----a-w- C:\Windows\SysWOW64\certcli.dll 2015-11-11 10:17:14 1251205D2999D9B20EB19E08681065A0 91416 ----a-w- C:\Windows\SysWOW64\ncryptsslp.dll 2015-11-11 10:17:08 BD79285BF1821B8EB313F5BE4C1A30C7 367104 ----a-w- C:\Windows\SysWOW64\puiobj.dll 2015-11-11 10:17:08 668AF48D5010DE968952BB4A8EEB6744 1096704 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-11-11 10:17:07 D0FFF94F52DA69495C53F1DB254B2A0A 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-11-11 10:17:07 86EA09D166870771FF1989671E02B8C3 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-11-11 10:17:07 8206C83F1FB7D8DB8BF5040BD9E674DB 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-11-11 10:17:07 0A69C92E5D0320923D44576D0B4FBBE2 721920 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-11-11 10:17:04 D49701891D475F61B23BA4DBEF6E71EC 20331520 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-11-11 10:17:02 7B2F5324F28C71D69BC087E27B0BE7AE 12854272 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-11-11 10:17:01 ECB3E36B098F8C9BE9DFD6CF38BDBE69 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-11-11 10:17:01 9A555780545211BD2DD89575088C39F4 2279936 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-11-11 10:17:00 91220E779EDE9C3511C42ECDAA58192B 504832 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-11-11 10:17:00 832CA97817B20B74E2D74A8154630311 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-11-11 10:17:00 7FA7A377F32A3D8F2EE4128CF127EB93 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-11-11 10:17:00 5AAEB88DF7F09677E9C8C849D4915132 4527616 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-11-11 10:17:00 51745A1639D4181E6EBA1F173B4E6584 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll 2015-11-11 10:17:00 2F898AFA929824861737488746FD5B47 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-11-11 10:17:00 25E81C8C9AE6251F472AD3677DE829E0 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-11-11 10:16:28 AEC3471F4ABB8E13B5246E93A8FA98AB 561664 ----a-w- C:\Windows\SysWOW64\nshwfp.dll 2015-11-11 10:16:28 66BA7437F48833EA0D8F10EE1E7A43AA 272384 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-11-20 12:52:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\RENA499.tmp 2015-11-11 10:17:15 926C753C058B5E589CF38AAC72166702 414559 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2015-11-11 10:17:15 72350EBADEF82F8B3587D57C3711408B 990208 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-11-11 10:17:14 F870427E908CCDE2C2DD22E23AAA383D 1441280 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-11-11 10:17:14 B8E00D5F2EE6AB7FA96C3A1C18535AC9 106952 ----a-w- C:\Windows\Sysnative\ncryptsslp.dll 2015-11-11 10:17:14 AD58532512F0257BF1E85E7D678F162E 397224 ----a-w- C:\Windows\Sysnative\bcryptprimitives.dll 2015-11-11 10:17:14 8C08E7FA48A04A163EAEBCBDE683C36C 137960 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-11-11 10:17:14 5ED15CB77AEFBF89634BA6E165484467 445440 ----a-w- C:\Windows\Sysnative\certcli.dll 2015-11-11 10:17:14 03A24C438626230DD55BA36654871626 432640 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-11-11 10:17:13 83768EB0A0B48F4F5F28045830E16D6C 7455064 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-11-11 10:17:13 1708E23F8FC2DDE8560A6EC60D942935 183368 ----a-w- C:\Windows\Sysnative\AuthHost.exe 2015-11-11 10:17:10 4CA91F030529AB0F3924BD412695B71C 1659560 ----a-w- C:\Windows\Sysnative\winload.efi 2015-11-11 10:17:10 378E3D622D254A881FF069E6621C876E 1519592 ----a-w- C:\Windows\Sysnative\winload.exe 2015-11-11 10:17:09 9794010486A884C30555AD6B33C50382 1487008 ----a-w- C:\Windows\Sysnative\winresume.efi 2015-11-11 10:17:09 3DA758220C9058C5CCE8173B0F1C702A 1355848 ----a-w- C:\Windows\Sysnative\winresume.exe 2015-11-11 10:17:08 C3838F0B943E21CB254568AD76C4E970 1091584 ----a-w- C:\Windows\Sysnative\localspl.dll 2015-11-11 10:17:08 704A9947D4A8323FA8B1508340B3A27E 477184 ----a-w- C:\Windows\Sysnative\puiobj.dll 2015-11-11 10:17:08 23E9833ADB8D04EBCCCC5BD28E072ACE 1380048 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-11-11 10:17:07 D25E41F7C25C719884757B6719341B0E 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-11-11 10:17:07 9B0C03B87042841F0CADB56543041A6D 409088 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll 2015-11-11 10:17:07 865BDE0984C7794800A582D70F186AFE 136904 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-11-11 10:17:07 77C6AE7161C294C6DA99A672D97554B8 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-11-11 10:17:07 72C73AB9D76D70D5B006D35BF3B45EF6 2243072 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-11-11 10:17:07 4BD3138EF061E24F9FDC722B49274B40 3705856 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-11-11 10:17:07 108458AAA3B4E6DA4609743263F6B4CE 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-11-11 10:17:07 0D05B5D7D0E6D97EC97D2241B221A254 891904 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-11-11 10:17:05 67D3A8E2F5DECD6B6F7194BBF58696E6 25818624 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-11-11 10:17:02 1DF0E083D4D067B5798504CC3009F21C 14457856 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-11-11 10:17:01 FBF2564A3F45F69A5D56D30129635691 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-11-11 10:17:01 B9DFC06F70545E14A0704698FBD9F926 2886656 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-11-11 10:17:01 7EFA2CD22DB05CBC41FF77E16431EF3B 5990912 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-11-11 10:17:01 08D283FD8FEC1B45932783E8640C700F 1547264 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-11-11 10:17:00 DC1AE8930979FCDC137F44B848556439 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-11-11 10:17:00 95F3687EF1486833AC713A23C671B397 720896 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-11-11 10:17:00 82DCCAEDD8E994AC48A61102AC9FFF36 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll 2015-11-11 10:17:00 5EE8E2E6BFFC9DA9D816A62B904116CD 585728 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-11-11 10:17:00 1275AFB2B4E55172F0AE939311F95468 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-11-11 10:17:00 033E70DEEE5FED5E9A3E197A2DB1A618 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-11-11 10:16:29 1351BB1EBB3D5CD7BA6BA0469EC690E8 4176384 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-11-11 10:16:28 AF8A43C376F83A4A1E7DA16461EDE114 1083904 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2015-11-11 10:16:28 8F2AD111B47A190F325EE7495D3C1803 845312 ----a-w- C:\Windows\Sysnative\BFE.DLL 2015-11-11 10:16:28 4D3905777E83DA8C466344797F02EBA5 422400 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2015-11-11 10:16:28 2DA8D165A37833EF0C60FEC24D4DF66A 713216 ----a-w- C:\Windows\Sysnative\nshwfp.dll ====== C:\Windows\Sysnative\drivers ===== 2015-11-11 10:17:15 E0BD2D83875464FEEEB242CBA8B7E073 108032 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys 2015-11-11 10:17:15 A460C3AF3755A2A79A3C8EFE72E147B5 559616 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2015-11-11 10:17:14 EE16457030175F449BAB0ABD279F4B6A 202240 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-11-11 10:17:14 89DE71940A0E7F5BA617AE08321EF5C3 401408 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-11-11 10:17:14 35C19AF2116F67914712D7C4CBE47B8C 177496 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-11-11 10:17:14 0DE32A0BB1FE2A773666572F79584520 561952 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-11-11 10:17:08 E85916632CD3B9E9B546968DB950BF42 154112 ----a-w- C:\Windows\Sysnative\drivers\tunnel.sys 2015-11-11 10:17:08 80A2FC1A089A71F2DBE5D8394FFB009F 155480 ----a-w- C:\Windows\Sysnative\drivers\tpm.sys ====== C:\Windows\Tasks ====== 2015-10-31 10:55:29 01EB7CC4AF90BB6882CA8E85345BD347 3296 ----a-w- C:\Windows\Sysnative\Tasks\SweetLabs App Platform ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-11-19 14:31:36 -------- d-----w- C:\Program Files\trend micro 2015-11-19 10:28:45 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2015-11-20 12:52:17 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-11-20 12:51:47 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\Arthur\AppData\Roaming ====== 2015-11-20 12:52:08 -------- d-----w- C:\Users\Arthur\AppData\Roaming\Sun 2015-11-17 12:33:12 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DVDVideoSoft 2015-10-31 17:29:50 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\InstallShield ====== C:\Users\Arthur ====== 2015-11-20 12:52:08 -------- d-----w- C:\Users\Arthur\.oracle_jre_usage 2015-11-20 12:50:16 617FA6D604C5C5B5A9C141D9BC819F47 584288 ----a-w- C:\Users\Arthur\Desktop\jxpiinstall.exe 2015-11-19 14:43:46 90AAD7EE6E7CE954965CB333AA301F0F 55560920 ----a-w- C:\Users\Arthur\Downloads\Windows-KB890830-x64-V5.30.exe 2015-11-19 10:25:54 678AB0E8665345E72D11149A36F965BE 5127432 ----a-w- C:\Users\Arthur\Downloads\spsetup128.exe 2015-11-17 12:29:09 D90AA3165B5D2D414D124738157C605D 37980032 ----a-w- C:\Users\Arthur\Downloads\sp66414(1).exe ====== C: exe-files == 2015-11-20 12:56:41 0DE2474F316C515482ABAD3B697F8714 147624 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2015-11-20 12:52:00 D8EEED21B06866E85DA30485F5059FF6 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\servertool.exe 2015-11-20 12:52:00 ADAF1151B29D2D1691FA027B6C55B3D7 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssvagent.exe 2015-11-20 12:52:00 7BE9BE6E15653824A28F5CED6B273588 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\klist.exe 2015-11-20 12:52:00 73368169BFD965EC6257E77C23CED879 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\rmiregistry.exe 2015-11-20 12:52:00 525027DF51378DDA25F0F52C20BCB132 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\kinit.exe 2015-11-20 12:52:00 46AB480B01CD30801B3AE89B5AAE75A8 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\orbd.exe 2015-11-20 12:52:00 3B306D41F07396975ECE34A860BD9036 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\pack200.exe 2015-11-20 12:52:00 36A44033C6B970F95E2A1448F4481CEA 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\keytool.exe 2015-11-20 12:52:00 28FB06FC63D5817153B5502A49DF3F00 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\ktab.exe 2015-11-20 12:52:00 17A8DD2484DC26E38DFE3209C8B36980 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\policytool.exe 2015-11-20 12:52:00 0B82777B13B81417E5520DF7B1E8C319 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\rmid.exe 2015-11-20 12:52:00 0A3936FE18FC04350159A1E647201501 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\tnameserv.exe 2015-11-20 12:52:00 092F4D3C25F3086D4C7FDEC79DD71302 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\unpack200.exe 2015-11-20 12:51:59 CA51FB3FE5012E21D9A14AC071527866 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2launcher.exe 2015-11-20 12:51:59 8977B87AB10AB1DA8769CA0053B401B0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jjs.exe 2015-11-20 12:51:58 FDF059C05249FAEA0221ED65CD59A9C8 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe 2015-11-20 12:51:58 F003BBCB09CACF8A9F4CE0C67A2D6E63 278624 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaws.exe 2015-11-20 12:51:58 EFC80BC662BCC20B0B09700636FDC732 30816 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\jabswitch.exe 2015-11-20 12:51:58 A9E84AD3536425BC68263B723C2442E4 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\java.exe 2015-11-20 12:51:58 7BDD7F1BC2A20971DEE17B6920D61BBC 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\javaw.exe 2015-11-20 12:51:58 04D67FF5044A605F1E7D923A1D6F1751 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\bin\java-rmi.exe 2015-11-20 12:50:16 617FA6D604C5C5B5A9C141D9BC819F47 584288 ----a-w- C:\Users\Arthur\Desktop\jxpiinstall.exe 2015-11-20 12:47:32 BD54CFC858CEB63AE4912EC0A462296C 6874568 ----a-w- C:\Users\Arthur\AppData\Local\NVIDIA\NvBackend\Packages\000082f8\DAO.20185103.exe 2015-11-19 18:05:42 D8DDC4DDC0332BF5CD1C891F7E4282AF 19715784 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-11-19 14:43:46 90AAD7EE6E7CE954965CB333AA301F0F 55560920 ----a-w- C:\Users\Arthur\Downloads\Windows-KB890830-x64-V5.30.exe 2015-11-19 14:31:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Arthur.exe 2015-11-19 13:39:38 9481BC5038CF2B8BC9622D74E25FD7A8 630200 ----a-w- C:\Users\Arthur\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-11-19 13:39:34 A71115CB47AE13083515819AD674A013 172984 ----a-w- C:\Users\Arthur\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-11-19 12:46:29 9169835679E4F0964AA711BA00CD3D6D 594832 ----a-w- C:\Users\Arthur\AppData\Local\NVIDIA\NvBackend\Packages\000082f0\CoProc update.20184769.exe 2015-11-19 10:25:54 678AB0E8665345E72D11149A36F965BE 5127432 ----a-w- C:\Users\Arthur\Downloads\spsetup128.exe 2015-11-17 12:29:09 D90AA3165B5D2D414D124738157C605D 37980032 ----a-w- C:\Users\Arthur\Downloads\sp66414(1).exe 2015-11-16 15:40:22 91242A1F10B57A2546211478672DF0DC 5456384 ----a-w- C:\Users\Arthur\AppData\Local\Packages\AD2F1837.HPConnectedMusic_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0_32\NativeImages\HP Connected Music\30580a541014bd4ebe2f4f27bf162b93\HP Connected Music.ni.exe 2015-11-15 17:10:25 A961954A575AF41837844FD326386816 648040 ----a-w- C:\Program Files (x86)\Common Files\DVDVideoSoft\PremiumMembershipOffer.exe 2015-11-15 17:10:25 0AB72F4CDA92E925B5617479BFFC44EB 4185448 ----a-w- C:\Program Files (x86)\DVDVideoSoft\Free YouTube To MP3 Converter\FreeYouTubeToMP3Converter.exe 2015-11-15 17:10:24 659FBCEC88D777D2FD3A30CFFDF44C87 316776 ----a-w- C:\Program Files (x86)\DVDVideoSoft\Free YouTube To MP3 Converter\ffmpeg.exe 2015-11-15 17:10:22 BB93050A49ACC6F308001B6C4E5344BC 604520 ----a-w- C:\Program Files (x86)\DVDVideoSoft\Free YouTube To MP3 Converter\nxp.exe 2015-11-15 17:10:19 C31960C454FDF94B970DC727D1238039 428392 ----a-w- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater_notification.exe 2015-11-15 17:10:19 346FD6BD6C2385DCAB13D2B7413B9CFE 382312 ----a-w- C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe 2015-11-15 17:10:18 59EFBC0FA9D6EA2B705C61731C20D1E6 1178504 ----a-w- C:\Program Files (x86)\DVDVideoSoft\unins001.exe === C: other files == 2015-11-20 12:52:00 4DB4B1F67E583B41F841F48254BE38E3 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_66\lib\deploy\ffjcext.zip 2015-11-17 14:50:06 79B6BF28DD35C673D1B02D7D7D8C4827 7517872 ----a-w- C:\Windows\LastGood\system32\DRIVERS\BCMWL63a.SYS 2015-11-17 12:31:41 B8AC710FDB3D0DA8A8C14CC5E3407AF2 7552760 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\BCMWL63a.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-21-2448292291-2068086604-14530614-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #3"="C:\Users\Arthur\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Arthur\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "iolo Startup"="C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe /lbstartup" "HPMessageService"="C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe" "AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #3"="C:\Users\Arthur\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Arthur\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "MouseDriver"="TiltWheelMouse.exe" ==== Startup Folders ====================== 2014-06-17 02:40:25 2077 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [19/11/2015 19:05] C:\Windows\tasks\EPSON XP-510 Series Invitation {C84E871C-A503-45F0-BB36-F7E287342C90}.job --a-------- C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLRE.exe [28/02/2013 00:20] C:\Windows\tasks\EPSON XP-510 Series Update {C84E871C-A503-45F0-BB36-F7E287342C90}.job --a-------- C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLRE.exe [28/02/2013 00:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2015 13:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2015 13:01] C:\Windows\tasks\HPCeeScheduleForArthur.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16/06/2015 08:51] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\EPSON XP-510 Series Invitation {C84E871C-A503-45F0-BB36-F7E287342C90}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE] "C:\Windows\SysNative\tasks\EPSON XP-510 Series Update {C84E871C-A503-45F0-BB36-F7E287342C90}" [C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLRE.EXE] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForArthur" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d" ["C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"] "C:\Windows\SysNative\tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon" ["C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"] "C:\Windows\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe"] "C:\Windows\SysNative\tasks\Start OPBHOBroker" ["C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"] "C:\Windows\SysNative\tasks\Start OPBHOBrokerDesktop" ["C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"] "C:\Windows\SysNative\tasks\Start SimplePass" ["C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe"] "C:\Windows\SysNative\tasks\SweetLabs App Platform" [%LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{51904639-78C6-45F1-9D47-DD6342576D30}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Norton Family\Norton Autofix" [C:\Program Files (x86)\Norton Family\Engine\3.4.0.43\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Family\Norton Error Analyzer" [C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Family\Norton Error Processor" [C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Autofix" [C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default user_pref("browser.startup.homepage", "http://www.hln.be/"); user_pref("browser.newtab.url", "http://services.eshield.com/general/newhometab.php?hometab=tab&partner=11433&guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&i="); user_pref("browser.search.defaultenginename", "Default"); user_pref("browser.search.selectedEngine", "eShield Safe Web"); user_pref("keyword.URL", "http://search.eshield.com/serp?guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&k="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [06/11/2015 01:00] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon" [06/11/2015 01:00] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi - eShield - %ProfilePath%\extensions\toolbar11433@eshield.com.xpi - Record Page - %ProfilePath%\extensions\{70375c53-af19-4a92-8a01-f73789fdfcb4}.xpi - FXChrome - %ProfilePath%\extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Arthur\AppData\Roaming\Thunderbird\Profiles\df8n3brb.default - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} - ThunderBrowse - %ProfilePath%\extensions\ThunderBrowse@thunderbrowse.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\mbq65iqp.default 0C0C5C207121C7A78414A8250E8E099A - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director 37C2C3887A4953A3F1AD188954F2BE1A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_214.dll - Shockwave Flash D2B5242013356AF422A42B9FAA4056C2 - C:\Users\Arthur\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin FD63DE29FE0A7E738BD81CA0EDDD8020 - C:\Users\Arthur\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.2\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx[23/09/2015 07:44] dkmjljdbbgogihjcapfhgkonfmccbffp - No path found[] fidikogfgleiaefnjbmnjaplmgknppkg - No path found[] iikflkcanblccfahdhdonehdalibjnif - No path found[] napjheenlliimoedooldaalpjfidlidp - C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\Extensions\Chrome.crx[20/10/2015 07:05] Google Slides - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Belfius Smart Card Reader Chrome Extension - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi Google Docs - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap HP SimplePass - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg Google Docs Offline - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi AdBlock - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom {scripts [background.js]}content_scripts:[{js:[content.js]matches:[]run_at:document_end}]content_security_policy:script-src 'self' 'unsafe-eval' https://recordpage-a.akamaihd.net https://recordpage-a.akamaihd.net https://cdn.getrecordpage.com; object-src 'self'description:homepage_url:http://www.getrecordpage.comicons:{48:icon.png}key:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+HiwG0oYV3l5Jo97ILp8j3+OGVaOu4wEDiSA79lUBj0MDqjBmZ+1SF4O4xvAQyUx2S+vUPIK2ooJL/nULr8D5ILiJB/v65sGLbJ76Wk2SEKJFGWUdvYKNJkJg4rOCABlFWKErkukhPi7PYLdu+JeZj7sL39CoYR8Ppubpo+Gu7JfmKWEYHJhHSScwx+ONRXZVhloGi8V7Co78BFNeCXRZYCPnC7ivlnjNcem1XPn+Kb19yJPPxYQmezRPQsELrYz8ww/b+ytDNOILbw4qtfxv+LBQhi50JiGMG7SGMcHRYmplMhSIZgCzCBHd6fOhQiJR50CthwfZM272s+8OQFrQIDAQABmanifest_version:2name:Record Pagepermissions:[managementstoragetabswebRequestwebRequestBlocking]update_url:http://cdn.getrecordpage.com/updateversion:1.0.5630.28239} - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpmpnigiilahfcmnciadkdkphgegpaj Norton Identity Safe - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Norton Family - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp Norton Safe Search as default for Chrome - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl Chrome Web Store Payments - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf eShield - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp Google Sheets - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Norton Identity Safe - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Norton Security Toolbar - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Norton Family - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp Google Wallet - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jasmina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpmpnigiilahfcmnciadkdkphgegpaj deleted successfully C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hmpmpnigiilahfcmnciadkdkphgegpaj_0.localstorage deleted successfully C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmpmpnigiilahfcmnciadkdkphgegpaj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&i=" "Default_Page_URL"="http://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&i=" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://services.eshield.com/general/newhometab.php?hometab=home&partner=11433&guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&i=" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS HKCU\SearchScopes "DefaultScope"="{283B7215-2442-4085-A212-F0017058936A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS HKCU\SearchScopes\{283B7215-2442-4085-A212-F0017058936A} - http://search.eshield.com/serp?guid={D6803F1D-BDB5-4943-B1F0-9C61CD6662A9}&k={searchTerms} ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll O2 - BHO: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\coIEPlg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" /lbstartup O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Arthur\AppData\Local\Pokki\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Arthur\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @oem26.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Product - 2014/10/19 16:23:18 (CLKMSVC10_99E320F5) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: EPSON V3 Service4(06) (EPSON_PM_RPCV4_06) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Unknown owner - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe O23 - Service: Intel(R) Technology Access Legacy CS Loader - Intel(R) Corporation - C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe O23 - Service: Intel(R) Technology Access Service (Intel(R) TechnologyAccessService) - Intel(R) Corporation - C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe O23 - Service: Norton Family (NSM) - Symantec Corporation - C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\NF.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: Norton Family Tamper Monitoring (TampMon) - Symantec Corporation - C:\Program Files (x86)\Norton Family\Engine\3.4.0.45\TampMon.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Arthur\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Arthur\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Jasmina\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Arthur\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Arthur\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\Jasmina\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Arthur\AppData\Local\Mozilla\Firefox\Profiles\mbq65iqp.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Arthur\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Jasmina\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3387 folders=326 484183127 bytes) ==== Empty Temp Folders ====================== C:\Users\Arthur\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jasmina\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Arthur\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 20/11/2015 at 14:39:40,71 ======================