Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

websearches.com as startpage, slow bootup, slow pc [Solved]


  • This topic is locked This topic is locked

#1
HaraMo

HaraMo

    Member

  • Member
  • PipPipPip
  • 329 posts

and more: skype is gone, actually , if I go to start, -> all programs, the folder skype is available but is empty. and more folders of applications are visible but empty.

 

When laptop boots up after login in (inserting the pasword) a black screen  with the white  mouse marker stays for a while, then desktop shows. Booting was normally faster.

 

What I already did and is stil like this: disabled all non windows services in msconfig, also the startup apps all disabled. reboot, the black screen with mouse icon still appears on screen before desktop shows.

 

OTL report:

 

OTL logfile created on: 14/11/2014 14:49:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gisele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
 
5,90 Gb Total Physical Memory | 3,93 Gb Available Physical Memory | 66,65% Memory free
11,80 Gb Paging File | 9,65 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441,59 Gb Total Space | 251,88 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
Drive D: | 23,87 Gb Total Space | 2,50 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
Drive F: | 99,00 Mb Total Space | 81,44 Mb Free Space | 82,27% Space Free | Partition Type: FAT32
 
Computer Name: GISELE-HP-LAP | User Name: Gisele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gisele\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe (simplitec GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a2d3a02bcdcde54273082a136c158140\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\simplitec\simpliclean\modules\common\asp_ipc32.dll ()
MOD - C:\Program Files (x86)\simplitec\simpliclean\language\ServiceProvider_NL.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\7.0.0.1__d4a591153760ff28\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.ServiceManager\7.0.0.1__afd7346f05a57c11\HP.SupportFramework.ServiceManager.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Common\7.0.0.1__41bdec5abf54f6dc\HP.SupportFramework.Common.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Ellora Assets Corp.)
SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MapsGalaxy_39Service) -- C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe (COMPANYVERS_NAME)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgdiska) -- C:\Windows\SysNative\drivers\avgdiska.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (EMVSCARD) -- C:\Windows\SysNative\drivers\EMVSCARD.sys (USB Smart Card Reader)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...09HSXX627LS09HS
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...09HSXX627LS09HS
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.websse...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6BCC5539-643F-485D-94A5-C6C89F48B37D}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nl.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://nl.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...09HSXX627LS09HS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...09HSXX627LS09HS
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://istart.websse...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\VDOWNLOADER\ADDONS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/04/28 19:25:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/09/17 18:19:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/02/06 12:47:09 | 000,000,000 | ---D | M]
 
[2014/02/06 12:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gisele\AppData\Roaming\mozilla\Extensions
[2014/02/06 12:47:09 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\Gisele\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/10/05 19:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/11/11 10:48:12 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B80CB4-E5F9-4617-976B-1D5EE603FA78}: DhcpNameServer = 195.130.130.1 195.130.131.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/11/10 19:53:16 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0bbaeb1b-5a8b-11e3-9067-08edb98f9144}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbaeb1b-5a8b-11e3-9067-08edb98f9144}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{63734fcb-ab8f-11e1-99f4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63734fcb-ab8f-11e1-99f4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ECSetupX.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/14 14:46:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gisele\Desktop\OTL.exe
[2014/11/14 14:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/11/14 14:03:48 | 006,626,856 | ---- | C] (TeamViewer GmbH) -- C:\Users\Gisele\Desktop\TeamViewer_Setup_nl.exe
[2014/11/14 12:18:23 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\VDownloader
[2014/11/14 12:18:20 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Local\VDownloader
[2014/11/14 12:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
[2014/11/14 10:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Computing
[2014/11/14 10:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Computing
[2014/11/13 13:29:55 | 000,000,000 | ---D | C] -- C:\Users\Gisele\Documents\MAGIX_MusicEditor
[2014/11/13 13:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2014/11/13 13:28:49 | 000,000,000 | R--D | C] -- C:\Users\Gisele\Documents\MAGIX
[2014/11/13 13:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2014/11/13 13:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[2014/11/13 13:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2014/11/13 13:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simplitec
[2014/11/13 12:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/11/13 10:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/11/13 10:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/11/12 19:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\2F120
[2014/11/12 10:24:22 | 000,000,000 | -HSD | C] -- C:\Users\Gisele\AppData\Local\EmieBrowserModeList
[2014/11/12 05:19:52 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\WiseUpdate
[2014/11/11 15:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HERMA Label Designer plus 1.1 NL
[2014/11/11 15:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HERMA
[2014/11/11 14:32:58 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\LibreOffice
[2014/11/11 14:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
[2014/11/11 14:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/11/11 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2014/11/11 14:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/11 13:49:05 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Hemera
[2014/11/11 13:12:59 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/11/11 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\AdvancedSystemProtector
[2014/11/11 12:54:42 | 000,000,000 | -H-D | C] -- C:\Users\Gisele\AppData\Roaming\GoldenGate
[2014/11/11 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Local\Gameo
[2014/11/11 12:54:13 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Gameo
[2014/11/11 12:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2014/11/11 11:16:20 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader
[2014/11/11 11:16:20 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\GemistDownloader
[2014/11/11 11:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/11/11 11:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2014/11/11 11:07:09 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2014/11/11 10:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2014/11/11 10:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2014/11/11 10:48:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\siscardplugins
[2014/11/11 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\log
[2014/11/11 08:42:10 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/10 19:52:57 | 000,000,000 | ---D | C] -- C:\Users\Gisele\Start Menu
[2014/11/10 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Wise Registry Cleaner
[2014/11/10 18:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2014/11/10 18:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2014/11/10 18:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/10 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2014/11/10 16:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2014/11/10 16:34:29 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2014/11/10 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\337Games
[2014/11/10 16:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\webssearches
[2014/11/10 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloaderUpdater
[2014/11/10 16:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2014/11/09 16:01:10 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Local\Garmin
[2014/11/09 11:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2014/11/09 11:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/09 11:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2014/11/09 11:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2014/11/09 11:26:42 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\Garmin
[2014/11/06 04:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1114av
[2014/11/03 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\Gisele\Documents\MAGIX Downloads
[2014/10/29 21:35:16 | 000,263,960 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/10/19 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Roaming\AVG2015
[2014/10/19 16:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/10/19 16:56:01 | 000,000,000 | ---D | C] -- C:\Users\Gisele\AppData\Local\Avg2015
[2014/09/30 08:28:16 | 001,522,600 | ---- | C] (esc) -- C:\Users\Gisele\AppData\Roaming\SH.exe
[2014/09/30 08:27:50 | 001,971,112 | ---- | C] (esc) -- C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe
[2012/12/25 19:56:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Gisele\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/14 14:52:07 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/14 14:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gisele\Desktop\OTL.exe
[2014/11/14 14:19:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 14:09:53 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGisele.job
[2014/11/14 14:07:18 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/14 14:07:18 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/14 14:05:14 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/11/14 14:03:48 | 006,626,856 | ---- | M] (TeamViewer GmbH) -- C:\Users\Gisele\Desktop\TeamViewer_Setup_nl.exe
[2014/11/14 14:00:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
[2014/11/14 14:00:04 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\simplitec Service Provider.job
[2014/11/14 13:59:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/14 13:59:27 | 455,364,607 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/14 12:18:19 | 000,001,761 | ---- | M] () -- C:\Users\Gisele\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2014/11/14 12:18:19 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2014/11/14 10:30:42 | 000,001,209 | ---- | M] () -- C:\Users\Gisele\Desktop\MAGIX Xtreme Print Studio.lnk
[2014/11/14 10:21:00 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\PC Drukkerij CD's & DVD's versie 6.lnk
[2014/11/14 05:18:56 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\simplitec Power Suite.job
[2014/11/13 13:29:50 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX MP3 deluxe MX.lnk
[2014/11/13 13:28:18 | 000,001,277 | ---- | M] () -- C:\Users\Public\Desktop\simpliclean.lnk
[2014/11/13 10:46:05 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/11/12 18:43:18 | 000,036,864 | ---- | M] () -- C:\HTGD0005.exe
[2014/11/12 18:43:17 | 000,040,960 | ---- | M] () -- C:\HTGD0003.exe
[2014/11/12 18:43:15 | 000,003,728 | ---- | M] () -- C:\HTGD0002.bmp
[2014/11/12 17:34:21 | 000,015,819 | ---- | M] () -- C:\Users\Gisele\Documents\Anja.odt
[2014/11/12 17:17:15 | 001,671,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/12 17:17:15 | 000,745,998 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2014/11/12 17:17:15 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/12 17:17:15 | 000,153,918 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2014/11/12 17:17:15 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/12 10:18:28 | 000,423,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/11 17:38:45 | 000,001,371 | ---- | M] () -- C:\Users\Gisele\Desktop\Internet Explorer.lnk
[2014/11/11 16:28:36 | 000,001,731 | ---- | M] () -- C:\Users\Gisele\Desktop\BearShare.lnk
[2014/11/11 16:22:35 | 000,000,000 | ---- | M] () -- C:\vcredist.bmp
[2014/11/11 16:03:31 | 000,000,314 | ---- | M] () -- C:\Users\Gisele\Desktop\Google Maps.url
[2014/11/11 15:22:50 | 000,397,312 | ---- | M] () -- C:\Windows\iwexec.exe
[2014/11/11 14:59:33 | 000,000,856 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2014/11/11 14:50:58 | 000,001,999 | ---- | M] () -- C:\Users\Gisele\Desktop\HP Photosmart 5520 series.lnk
[2014/11/11 14:32:35 | 000,001,564 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014/11/11 14:14:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/11 13:12:59 | 000,001,224 | ---- | M] () -- C:\Users\Gisele\Desktop\Revo Uninstaller.lnk
[2014/11/11 13:09:37 | 000,000,696 | ---- | M] () -- C:\Users\Gisele\Desktop\Downloads.lnk
[2014/11/11 12:21:30 | 000,001,399 | ---- | M] () -- C:\Users\Gisele\Desktop\MP3Gain.lnk
[2014/11/11 12:08:44 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2014/11/11 12:08:39 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/11/11 11:53:07 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/11/11 11:48:49 | 000,000,488 | ---- | M] () -- C:\Users\Gisele\Desktop\Lokale schijf ©.lnk
[2014/11/11 11:16:21 | 000,001,079 | ---- | M] () -- C:\Users\Gisele\Desktop\GemistDownloader.lnk
[2014/11/11 11:12:53 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/11/11 11:12:48 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\GarminUpdaterTask.job
[2014/11/11 11:07:09 | 000,001,322 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2014/11/11 10:48:40 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\eID Viewer.lnk
[2014/11/11 10:48:40 | 000,000,970 | ---- | M] () -- C:\Windows\beidgui.conf
[2014/11/11 08:42:11 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/11/10 19:53:16 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/11/10 19:23:16 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2014/11/10 18:52:21 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2014/11/10 16:34:33 | 000,099,384 | ---- | M] () -- C:\Users\Gisele\AppData\Roaming\inst.exe
[2014/11/10 16:34:33 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Gisele\AppData\Roaming\pcouffin.sys
[2014/11/10 16:34:33 | 000,007,859 | ---- | M] () -- C:\Users\Gisele\AppData\Roaming\pcouffin.cat
[2014/11/10 16:34:33 | 000,001,167 | ---- | M] () -- C:\Users\Gisele\AppData\Roaming\pcouffin.inf
[2014/11/10 16:31:15 | 000,000,837 | ---- | M] () -- C:\Users\Gisele\Desktop\µTorrent.lnk
[2014/11/10 16:27:29 | 000,001,113 | ---- | M] () -- C:\Users\Gisele\Desktop\Documenten.lnk
[2014/11/10 16:07:23 | 000,001,639 | ---- | M] () -- C:\Users\Gisele\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/10 16:07:10 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Update Service YourFileDownloader.job
[2014/11/10 15:53:59 | 000,017,962 | ---- | M] () -- C:\Users\Gisele\Documents\dvd fims nieuw.odt
[2014/11/10 12:43:22 | 699,062,512 | ---- | M] () -- C:\Users\Gisele\Documents\Zangeres Zonder Naam.mp4
[2014/11/10 12:41:41 | 636,845,349 | ---- | M] () -- C:\Users\Gisele\Documents\heintje.mp4
[2014/11/10 12:37:55 | 832,256,054 | ---- | M] () -- C:\Users\Gisele\Documents\hollandse ouwe 6.mp4
[2014/11/10 12:37:15 | 266,819,926 | ---- | M] () -- C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-19821.mp4
[2014/11/10 12:31:57 | 005,165,475 | ---- | M] () -- C:\Users\Gisele\Documents\Jantje Koopmans- Afscheid van de buhne.mp3
[2014/11/07 13:31:14 | 000,294,884 | R--- | M] () -- C:\Users\Gisele\Documents\The Sum Of All Fears.jpg
[2014/11/06 04:58:10 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\1114avUpdateInfo.job
[2014/11/04 12:23:52 | 000,810,018 | ---- | M] () -- C:\Users\Gisele\Documents\Glory.jpg
[2014/11/04 12:22:19 | 000,378,100 | ---- | M] () -- C:\Users\Gisele\Documents\Gettysburg.jpg
[2014/10/31 18:07:54 | 000,000,123 | -HS- | M] () -- C:\ProgramData\.zreglib
[2014/10/31 17:39:33 | 000,091,203 | ---- | M] () -- C:\Users\Gisele\Documents\[email protected]@__V1_SX640_SY720_.jpg
[2014/10/30 14:03:52 | 000,000,837 | ---- | M] () -- C:\Users\Gisele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/10/30 12:30:26 | 000,692,736 | ---- | M] () -- C:\Users\Gisele\AppData\Local\rx_audio.Cache
[2014/10/29 21:35:16 | 000,263,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/10/29 19:50:09 | 013,783,216 | ---- | M] () -- C:\Users\Gisele\AppData\Local\rx_image32.Cache
[2014/10/29 19:47:59 | 019,354,801 | ---- | M] () -- C:\Users\Gisele\Documents\André Hazes & Gerard Joling Unchained Melody.mp4
[2014/10/29 19:25:45 | 730,048,494 | ---- | M] () -- C:\Users\Gisele\Documents\SYMPHONIE DES LEBENS BEST OF SEMINO ROSSI.mp4
[2014/10/29 18:46:58 | 004,224,347 | ---- | M] () -- C:\Users\Gisele\Documents\lenie gerrits ( moederlief ).mp3
[2014/10/29 18:42:08 | 004,423,180 | ---- | M] () -- C:\Users\Gisele\Documents\Willy Alberti - Bruine ogen huilen niet.mp3
[2014/10/29 18:22:13 | 003,691,449 | ---- | M] () -- C:\Users\Gisele\Documents\De Kermisklanten - Ik heb eerbied voor jouw grijze haren ( 1970 ).mp3
[2014/10/29 18:15:49 | 022,272,754 | ---- | M] () -- C:\Users\Gisele\Documents\Kirmesmusikanten Mix 1.mp3
[2014/10/29 18:15:02 | 019,640,865 | ---- | M] () -- C:\Users\Gisele\Documents\Kirmesmusikanten Mix 2.mp3
[2014/10/23 03:49:29 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job
[2014/10/19 11:01:57 | 235,414,210 | ---- | M] () -- C:\Users\Gisele\Documents\TROS Op Volle Toeren 09-11-1984 (complete uitzending).mp4
[2014/10/19 11:01:57 | 061,349,286 | ---- | M] () -- C:\Users\Gisele\Documents\TROS Op Volle Toeren 29-09-1983.mp4
[2014/10/19 10:58:46 | 265,831,079 | ---- | M] () -- C:\Users\Gisele\Documents\Op volle toeren 1981 - Complete uitzending.mp4
[2014/10/19 10:57:36 | 266,819,926 | ---- | M] () -- C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-1982.mp4
[2014/10/19 10:56:46 | 235,187,670 | ---- | M] () -- C:\Users\Gisele\Documents\Op volle toeren 12-01-1987.mp4
 
========== Files Created - No Company Name ==========
 
[2014/11/14 14:05:14 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/11/14 14:05:14 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/11/14 12:18:19 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2014/11/14 12:18:19 | 000,001,761 | ---- | C] () -- C:\Users\Gisele\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2014/11/14 12:18:19 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2014/11/14 10:30:42 | 000,001,209 | ---- | C] () -- C:\Users\Gisele\Desktop\MAGIX Xtreme Print Studio.lnk
[2014/11/14 10:21:00 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\PC Drukkerij CD's & DVD's versie 6.lnk
[2014/11/14 10:00:51 | 699,062,512 | ---- | C] () -- C:\Users\Gisele\Documents\Zangeres Zonder Naam.mp4
[2014/11/14 10:00:51 | 004,423,180 | ---- | C] () -- C:\Users\Gisele\Documents\Willy Alberti - Bruine ogen huilen niet.mp3
[2014/11/14 10:00:49 | 061,349,286 | ---- | C] () -- C:\Users\Gisele\Documents\TROS Op Volle Toeren 29-09-1983.mp4
[2014/11/14 10:00:35 | 235,414,210 | ---- | C] () -- C:\Users\Gisele\Documents\TROS Op Volle Toeren 09-11-1984 (complete uitzending).mp4
[2014/11/14 10:00:05 | 730,048,494 | ---- | C] () -- C:\Users\Gisele\Documents\SYMPHONIE DES LEBENS BEST OF SEMINO ROSSI.mp4
[2014/11/14 09:59:53 | 265,831,079 | ---- | C] () -- C:\Users\Gisele\Documents\Op volle toeren 1981 - Complete uitzending.mp4
[2014/11/14 09:59:47 | 235,187,670 | ---- | C] () -- C:\Users\Gisele\Documents\Op volle toeren 12-01-1987.mp4
[2014/11/14 09:59:37 | 266,819,926 | ---- | C] () -- C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-19821.mp4
[2014/11/14 09:59:29 | 266,819,926 | ---- | C] () -- C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-1982.mp4
[2014/11/14 09:59:27 | 019,640,865 | ---- | C] () -- C:\Users\Gisele\Documents\Kirmesmusikanten Mix 2.mp3
[2014/11/14 09:59:27 | 004,224,347 | ---- | C] () -- C:\Users\Gisele\Documents\lenie gerrits ( moederlief ).mp3
[2014/11/14 09:59:23 | 022,272,754 | ---- | C] () -- C:\Users\Gisele\Documents\Kirmesmusikanten Mix 1.mp3
[2014/11/14 09:59:22 | 005,165,475 | ---- | C] () -- C:\Users\Gisele\Documents\Jantje Koopmans- Afscheid van de buhne.mp3
[2014/11/14 09:58:51 | 832,256,054 | ---- | C] () -- C:\Users\Gisele\Documents\hollandse ouwe 6.mp4
[2014/11/14 09:58:30 | 636,845,349 | ---- | C] () -- C:\Users\Gisele\Documents\heintje.mp4
[2014/11/14 09:58:27 | 019,354,801 | ---- | C] () -- C:\Users\Gisele\Documents\André Hazes & Gerard Joling Unchained Melody.mp4
[2014/11/14 09:58:27 | 003,691,449 | ---- | C] () -- C:\Users\Gisele\Documents\De Kermisklanten - Ik heb eerbied voor jouw grijze haren ( 1970 ).mp3
[2014/11/13 13:29:50 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX MP3 deluxe MX.lnk
[2014/11/13 13:28:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\simplitec Service Provider.job
[2014/11/13 13:28:20 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\simplitec Power Suite.job
[2014/11/13 13:28:18 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\simpliclean.lnk
[2014/11/13 10:46:05 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/11/13 10:45:59 | 000,002,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/11/12 18:43:17 | 000,036,864 | ---- | C] () -- C:\HTGD0005.exe
[2014/11/12 18:43:15 | 000,040,960 | ---- | C] () -- C:\HTGD0003.exe
[2014/11/12 18:43:15 | 000,003,728 | ---- | C] () -- C:\HTGD0002.bmp
[2014/11/12 11:47:22 | 000,015,819 | ---- | C] () -- C:\Users\Gisele\Documents\Anja.odt
[2014/11/12 09:53:57 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForGisele.job
[2014/11/11 16:28:36 | 000,001,731 | ---- | C] () -- C:\Users\Gisele\Desktop\BearShare.lnk
[2014/11/11 16:22:35 | 000,000,000 | ---- | C] () -- C:\vcredist.bmp
[2014/11/11 16:03:31 | 000,000,314 | ---- | C] () -- C:\Users\Gisele\Desktop\Google Maps.url
[2014/11/11 15:23:39 | 000,397,312 | ---- | C] () -- C:\Windows\iwexec.exe
[2014/11/11 14:50:58 | 000,001,999 | ---- | C] () -- C:\Users\Gisele\Desktop\HP Photosmart 5520 series.lnk
[2014/11/11 14:32:35 | 000,001,564 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.2.lnk
[2014/11/11 14:14:00 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/11 13:12:59 | 000,001,224 | ---- | C] () -- C:\Users\Gisele\Desktop\Revo Uninstaller.lnk
[2014/11/11 13:09:37 | 000,000,696 | ---- | C] () -- C:\Users\Gisele\Desktop\Downloads.lnk
[2014/11/11 12:54:30 | 000,000,172 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[2014/11/11 12:21:30 | 000,001,399 | ---- | C] () -- C:\Users\Gisele\Desktop\MP3Gain.lnk
[2014/11/11 12:08:39 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/11/11 11:53:07 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/11/11 11:48:49 | 000,000,488 | ---- | C] () -- C:\Users\Gisele\Desktop\Lokale schijf ©.lnk
[2014/11/11 11:16:21 | 000,001,079 | ---- | C] () -- C:\Users\Gisele\Desktop\GemistDownloader.lnk
[2014/11/11 11:12:53 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/11/11 11:12:48 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\GarminUpdaterTask.job
[2014/11/11 11:07:09 | 000,001,322 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2014/11/11 10:48:40 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\eID Viewer.lnk
[2014/11/11 09:59:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014/11/11 08:42:11 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/11/11 08:42:10 | 000,001,401 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/10 19:53:16 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/11/10 18:53:24 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2014/11/10 18:52:21 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2014/11/10 18:08:40 | 000,001,371 | ---- | C] () -- C:\Users\Gisele\Desktop\Internet Explorer.lnk
[2014/11/10 16:31:15 | 000,000,837 | ---- | C] () -- C:\Users\Gisele\Desktop\µTorrent.lnk
[2014/11/10 16:27:29 | 000,001,113 | ---- | C] () -- C:\Users\Gisele\Desktop\Documenten.lnk
[2014/11/10 16:07:10 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\Update Service YourFileDownloader.job
[2014/11/07 14:11:53 | 000,294,884 | R--- | C] () -- C:\Users\Gisele\Documents\The Sum Of All Fears.jpg
[2014/11/06 11:47:45 | 000,091,203 | ---- | C] () -- C:\Users\Gisele\Documents\[email protected]@__V1_SX640_SY720_.jpg
[2014/11/06 04:58:10 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\1114avUpdateInfo.job
[2014/11/04 12:25:10 | 000,378,100 | ---- | C] () -- C:\Users\Gisele\Documents\Gettysburg.jpg
[2014/11/04 12:24:46 | 000,810,018 | ---- | C] () -- C:\Users\Gisele\Documents\Glory.jpg
[2014/10/30 14:03:52 | 000,000,837 | ---- | C] () -- C:\Users\Gisele\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/10/23 03:49:29 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
[2014/09/01 09:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\SH
[2014/09/01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\ZOJPJJ
[2014/07/25 18:52:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dictionaries
[2014/07/25 14:31:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2014/07/25 14:31:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2014/07/25 14:31:25 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2014/07/25 14:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\Electric Clav
[2014/07/01 18:42:43 | 000,000,295 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\burnaware.ini
[2014/04/20 05:58:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2014/03/21 14:45:03 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2014/03/19 18:57:42 | 000,692,736 | ---- | C] () -- C:\Users\Gisele\AppData\Local\rx_audio.Cache
[2014/02/21 14:12:30 | 013,783,216 | ---- | C] () -- C:\Users\Gisele\AppData\Local\rx_image32.Cache
[2014/02/20 11:34:23 | 000,000,856 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2014/01/06 09:51:27 | 000,005,120 | ---- | C] () -- C:\Users\Gisele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/03 10:57:59 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/16 12:19:14 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/01/05 21:02:43 | 000,007,596 | ---- | C] () -- C:\Users\Gisele\AppData\Local\resmon.resmoncfg
[2012/12/25 19:56:31 | 000,099,384 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\inst.exe
[2012/12/25 19:56:31 | 000,007,859 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\pcouffin.cat
[2012/12/25 19:56:31 | 000,001,167 | ---- | C] () -- C:\Users\Gisele\AppData\Roaming\pcouffin.inf
[2012/10/05 20:06:58 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/27 14:31:26 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\24258
[2013/12/14 08:00:25 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\2BrightSparks
[2014/11/10 16:08:05 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\337Games
[2013/12/02 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Acoustica
[2014/11/11 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\AdvancedSystemProtector
[2013/04/28 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\AnvSoft
[2014/03/22 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Ashampoo
[2013/10/06 10:45:52 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\AVG2014
[2014/10/19 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\AVG2015
[2013/02/14 18:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Babylon
[2014/08/14 06:55:05 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\BitComet
[2014/07/05 07:58:19 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Canneverbe Limited
[2014/11/11 13:00:52 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Gameo
[2014/11/09 11:33:54 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Garmin
[2014/11/14 12:31:25 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\GemistDownloader
[2014/02/17 10:18:38 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\GoforFiles
[2014/11/11 12:54:45 | 000,000,000 | -H-D | M] -- C:\Users\Gisele\AppData\Roaming\GoldenGate
[2014/11/11 13:49:48 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Hemera
[2012/10/07 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\IDT
[2014/11/11 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\LibreOffice
[2014/11/14 05:11:26 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\MAGIX
[2014/11/13 13:11:11 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\MediaMonkey
[2013/10/24 12:00:03 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\MusicNet
[2014/03/07 06:20:56 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\newnext.me
[2013/02/14 19:04:18 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Nico Mak Computing
[2014/07/25 14:35:00 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Nikon
[2013/04/28 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\OpenCandy
[2013/12/29 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\OpenOffice
[2014/02/06 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\PerformerSoft
[2014/10/08 16:49:45 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\PFStaticIP
[2014/10/03 11:05:42 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\PortForward.com
[2014/04/27 16:56:06 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Samsung
[2014/01/01 09:11:50 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\SoftGrid Client
[2013/12/14 17:20:45 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Softland
[2014/06/04 08:23:46 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Solvusoft
[2012/10/03 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Synaptics
[2014/11/11 13:02:00 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Systweak
[2012/10/04 13:01:23 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Thunderbird
[2012/10/03 18:03:36 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\TP
[2013/03/11 14:22:43 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\TuneUp Software
[2014/11/10 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\uTorrent
[2014/11/14 12:18:29 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\VDownloader
[2014/06/29 12:18:02 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\VOPackage
[2014/11/10 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Vso
[2014/11/10 16:08:06 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\webssearches
[2013/11/25 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\WildTangent
[2014/01/16 19:17:53 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Windows Live Writer
[2014/11/10 19:11:59 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\Wise Registry Cleaner
[2014/11/12 05:21:07 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\WiseUpdate
[2014/06/14 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\wurst
[2014/04/12 08:50:38 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\YourFileDownloader
[2012/10/03 17:56:18 | 000,000,000 | ---D | M] -- C:\Users\Gisele\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Gisele\Documents\De Kermisklanten - Ik heb eerbied voor jouw grijze haren ( 1970 ).mp3:Roxio EMC Stream
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
OTL Extras logfile created on: 14/11/2014 14:49:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gisele\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
 
5,90 Gb Total Physical Memory | 3,93 Gb Available Physical Memory | 66,65% Memory free
11,80 Gb Paging File | 9,65 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441,59 Gb Total Space | 251,88 Gb Free Space | 57,04% Space Free | Partition Type: NTFS
Drive D: | 23,87 Gb Total Space | 2,50 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
Drive F: | 99,00 Mb Total Space | 81,44 Mb Free Space | 82,27% Space Free | Partition Type: FAT32
 
Computer Name: GISELE-HP-LAP | User Name: Gisele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\SysWow64\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026D8B63-AE70-4AB9-88CD-E133ED0337C6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0850677B-EE45-4F3E-9FBF-8BFD4C87AA44}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1427754D-25A1-4785-9F3D-90DF427329F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{18800855-FCA7-43BD-BD55-E4B663C7031E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2BC49E76-159D-47EB-971D-8DE6CBC99D44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{2F70C29C-4EE3-4654-A9B0-ACA8131FAB55}" = rport=445 | protocol=6 | dir=out | app=system | 
"{31679932-B41B-4DF6-8D06-28FBDC62EC72}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3DDCF739-4944-43FB-A38B-A388118C5401}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{48745EAE-9CC7-4FC2-9D11-3707FEB5CED3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4E9725BF-8FD7-4874-9A2C-584B705C2F80}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5183281F-20A0-4BCF-B120-1CEBEC2C6A55}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58C34A21-FDD4-4499-B96C-B5ABFA8350BA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{675FC358-002D-48E0-BBBD-71CC3894B543}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75EFB59C-FD9F-456F-88E2-5AAC258E2ED5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E34A156-F381-4A6C-B4FA-5BF6803576CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{822C2323-F648-46DF-839F-8A956FE3646C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88C2C113-4D6D-4EA5-A877-4972F7A5DABB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6B8A584-B7DB-4DA8-BB95-49679AFACC47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C78EBABE-2E32-4AE8-86EE-0DC7AB37CA54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C84267AC-42C8-4B6C-9FAE-9A40BE642299}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CE3DDD5D-29E8-4B64-9014-8254E2A80185}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D731BFDC-F08C-43B4-92AD-123458ADC4AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D84DF8E1-92F1-4C68-BE63-DFE59E7B2D4C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD6034EA-770D-4568-8982-019AE2F90F7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6364914-D936-40DA-AFA7-55B694959DB5}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056B4E0C-B8B8-4EAB-84D9-CEEC52D0A4E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{05C34CB2-474E-46B0-8507-2257288F360B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | 
"{064DC10C-04FB-49EC-A272-EFC74027FA2F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0BA4B0C8-F4D6-47D0-8BBD-C12FF9D458B0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0C1EDD2E-944D-4279-B8C6-2129601BC6BB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | 
"{108B29EE-5518-4AFC-A341-259D2821A507}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{16B04FA8-7594-4CFD-9F6A-2766E6332FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{18424106-A6FD-4120-B929-83C9EC028AD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{20862F9B-DBD7-428E-AD66-4485D7B29CAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2211FC49-06E6-4C70-89EA-4FB928B99206}" = protocol=6 | dir=out | app=system | 
"{22EB3FD6-B0FA-459B-B536-E925994861C8}" = dir=out | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe | 
"{24B5E6D0-B139-47ED-910C-77708CFCDF80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2522ADBE-450A-46D9-9844-4F280383D912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{25372923-22F3-4522-9195-B0280683D0D1}" = dir=in | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe | 
"{26D630BE-892F-4723-B657-6B68BDC170D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | 
"{280A8D4F-077E-41E3-8621-146F8D4D4E57}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C0BD4F6-70E0-4693-9720-D3E5EA464D2D}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe | 
"{2CEF5174-33A7-43D8-BAC0-2B58DC0BD41C}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{2D9BE962-DC60-49CD-8E7A-4F17CB8811BC}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe | 
"{35DFBD61-B898-4CB8-A698-317062A4865E}" = protocol=58 | dir=in | app=system | 
"{3614A0C4-C07A-4AD9-A7D2-EE6EDBFB7505}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39ADECB9-BE09-4337-985E-805A814FA9F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A749795-20E7-4286-9A45-1759139F0050}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{3E986A4B-E5D3-4EF1-B321-301D1A20D88B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{424101DB-7398-4440-8D60-93103321F2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | 
"{4A592C82-D5B6-4611-B7E9-8F2532E1D7B6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe | 
"{51D795F3-9CB4-46AD-AF9B-504B57C95251}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{5BBF86CD-EC35-46C9-9BE3-FAAD944C2D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5FD144E0-D5F2-41DF-A5F2-02210211501B}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{5FD7D73B-D058-4463-865F-A92B80B8F92A}" = protocol=17 | dir=in | app=c:\users\gisele\appdata\roaming\utorrent\utorrent.exe | 
"{6194585A-0FD8-4CD9-9144-FD02C8A93FC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{689E492A-A669-4D58-AAF7-AF43C726A145}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{72109864-4433-4DD6-ACBD-574A88665F0E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{757C0F57-36CB-45C1-978D-DF95C789A5DD}" = protocol=58 | dir=out | [email protected],-503 | 
"{75D81AC7-142C-4FB4-AA9A-85314E6AFB35}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{778EA1D5-CA80-4D3A-AA67-D9A5EBDEB404}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{89342C4E-D3E0-4E2D-B8E6-FAD4AFA4A24B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B55B24A-3736-4CD8-AB4E-E9120349A8CB}" = protocol=1 | dir=in | [email protected],-28543 | 
"{9218A46B-826B-44F7-B506-B00A3B3E8897}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{980F0BFA-1B4C-4BF7-8E69-F17A4C418921}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe | 
"{99DE2158-8CD7-4117-9B64-0434F0E59622}" = protocol=6 | dir=in | app=c:\users\gisele\appdata\roaming\utorrent\utorrent.exe | 
"{9A74AABA-15C7-4361-A51E-3F7F83FEC751}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A556D370-15E8-4D72-AB36-BBC09CCCAAEA}" = protocol=6 | dir=in | app=c:\users\gisele\appdata\roaming\utorrent\utorrent.exe | 
"{A6D9637E-1199-45E6-B9A6-AC67396BC6CD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AAB02B43-2A24-4382-9D2A-5E8E463E5B82}" = protocol=58 | dir=out | [email protected],-28546 | 
"{AB368039-21AE-4F5F-88B4-44C205771EA4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF3BB071-775C-496D-887D-F16F2053509E}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{BA48E02F-8DBB-4D51-B4A3-1F187748BC57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BBB1D9BD-ADDA-40C4-956B-8BD145715E31}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{CB4E9823-4B2F-4680-B7E0-FB136E715653}" = protocol=17 | dir=in | app=c:\users\gisele\appdata\roaming\utorrent\utorrent.exe | 
"{CB82E198-9F77-4CEC-B986-6398F98C30FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe | 
"{CE720FC9-097A-4E08-AD46-2CBC31127813}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"{D35FD69E-FC45-4FBA-9B1E-E2F2730E6C1E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | 
"{D6BFAD41-092B-4359-B58E-9765D8693DF3}" = protocol=1 | dir=out | [email protected],-28544 | 
"{DFA848FD-A321-4F2C-8D1D-BE868356013E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E09BDAD1-8C88-4F58-9B16-5AA3F23F53D8}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{E6D488F9-1884-4C5C-8E30-2C7FBA6C3B46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E9396CE5-51A4-4666-91FB-2CE71ECDD3A5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe | 
"{F537D6F0-2EC4-47B3-B1AE-8F4A0FAAF78A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FA24C269-8960-4EC2-A6C7-411975C64986}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FB99E41B-2CC9-41DB-9191-00541C602A94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC7BD072-315E-4D00-AA95-B124676FFCDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"TCP Query User{C71B195F-24EF-4DF9-8AE6-DF7F90196AD6}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{37714110-B779-4BC4-B115-BE16B23120D4}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2B77B867-D7B9-4789-94E1-94D3BBBA642C}" = AVG 2015
"{41357956-5B67-489C-9F7D-FABACC2CD3CB}" = AVG 2015
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{70A381F1-C161-4D61-A20C-BE12FC6777DF}" = Garmin Communicator Plugin x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824563DE-75AD-4166-9DC0-B6482F207453}" = Belgium e-ID middleware 4.0.7 (build 7453)
"{84230203-26A9-4D3D-84FD-53B8EDF61087}" = MAGIX MP3 deluxe MX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B16F0-A84E-4EC5-BDA7-0ACCE79FB043}" = HP 3D DriveGuard
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043" = Microsoft .NET Framework 4.5.1 (Nederlands)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CDF4A6-C975-43A9-B9D0-ED4F57A6E0D8}" = MAGIX Speed burnR (MSI)
"{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}" = Microsoft .NET Framework 4.5.1 (NLD)
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 4.0.959
"{ABB006B0-2E10-4B85-8E6B-A6C9109B0893}" = ANT Drivers Installer x64
"{ABDD5DC4-E37C-40E1-AB1C-601AA7F7D383}" = HP Photosmart 5520 series Productverbeteringsonderzoek
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D2FFE8A1-980E-4CF9-A48F-453D767BA661}" = HP Photosmart 5520 series Basissoftware van het apparaat
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}" = HP Security Assistant
"AVG" = AVG 2015
"B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE" = Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{045320b6-c340-4960-aefd-57bf08a9b425}" = Garmin Express
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{091C65CB-AEE5-4405-9165-800D7F880C10}" = Windows Live Family Safety
"{0AFB35F6-7D55-45DE-AFD7-7819CD332EC2}" = Windows Live Family Safety
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{0FF2E7C6-D80F-4E9A-AA97-599E1CA26BED}" = Garmin Express
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1B905A9B-EB74-4C70-B81B-5F446C178566}" = Windows Live Essentials
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}" = Windows Live UX Platform Language Pack
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{41BF4A3B-D60A-4E92-883F-C88C8C157261}" = Fotogalerie
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4209F371-8668-980C-19C9-F8698AB75135}_is1" = Ashampoo WinOptimizer Free v.1.0.0
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5B71ABE2-65A3-4507-A227-3FF413FDA9C4}" = Windows Live Messenger
"{5D48C037-D412-4F68-B197-05E03CD46F40}" = Windows Live Mail
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66233218-CA57-4AB2-BA43-A97AA4635960}" = Windows Live Essentials
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{70C91B91-61E8-4D06-86D6-A9DCC291983A}" = Movie Maker
"{71244632-4B7C-4AC2-B0D4-F95AC88EDAD3}" = Windows Live Writer
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{71DBFBF2-F7EB-4268-8485-9471D83C4E66}" = Garmin Communicator Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}" = Photo Common
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{912D30CF-F39E-4B31-AD9A-123C6B794EE2}" = HP Update
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-00AF-0413-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{955E4722-1480-4198-A144-65FA5F4446DA}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A951D5DA-4759-4C3B-9C36-C6BF30082A2F}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI
"{AE7D09D2-FA96-4CCE-8C74-F0A0DBD557EB}" = Garmin Express Tray
"{B23EE11C-66FA-4395-AB02-5F7103DC485C}" = Windows Live Messenger
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}" = HPDiagnosticAlert
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B9953A9A-27B6-43C6-A65E-BCE875E9F1BF}" = LibreOffice 4.2 Help Pack (Dutch)
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{C036912B-E841-46F0-9F21-391005D39C9F}" = Windows Live Writer Resources
"{C0ED5561-F673-47B4-B31A-7DC07651B7FD}" = Elevated Installer
"{C3538BF4-735B-45F3-B09E-C541A007E4E8}" = Photo Common
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}" = Movie Maker
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E15CA073-CE07-4A33-8381-D4906C6173A7}" = Easy Computing - PC Drukkerij CD's & DVD's versie 6
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4DEB840-B638-4BCE-AC6B-057EF31E0012}" = Photo Gallery
"{F7232FE1-BC35-4229-8D76-D49941FE9929}" = Windows Live Mail
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC071B45-4A5F-408F-92F8-4D9D693E866F}" = Windows Live UX Platform Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"AnyDVD" = AnyDVD
"CloneDVD2" = CloneDVD2
"DivX Setup" = DivX Setup
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GemistDownloader" = GemistDownloader
"Mozilla Thunderbird 24.6.0 (x86 nl)" = Mozilla Thunderbird 24.6.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MX.{84230203-26A9-4D3D-84FD-53B8EDF61087}" = MAGIX MP3 deluxe MX
"Revo Uninstaller" = Revo Uninstaller 1.95
"simplitec POWER SUITE_is1" = simpliclean
"TeamViewer 9" = TeamViewer 9
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 8.25
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Update Service YourFileDownloader" = Update Service YourFileDownloader
"uTorrent" = µTorrent
"YourFileDownloader" = YourFileDownloader
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14/11/2014 6:57:43 | Computer Name = Gisele-HP-LAP | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: VDownloader.exe, versie: 4.0.928.0, 
tijdstempel: 0x5422ce8c  Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409,
 tijdstempel: 0x5315a05a  Uitzonderingscode: 0xe0434352  Foutoffset: 0x000000000000940d
Id
 van proces met fout: 0x1a50  Starttijd van toepassing met fout: 0x01cffff9d0a24efb
Pad
 naar toepassing met fout: C:\Users\Gisele\Desktop\VDownloader.exe  Pad naar module
 met fout: C:\Windows\system32\KERNELBASE.dll  Rapport-id: 0e728e7f-6bed-11e4-8a3d-08edb98f9144
 
Error - 14/11/2014 6:58:16 | Computer Name = Gisele-HP-LAP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 14/11/2014 6:58:16 | Computer Name = Gisele-HP-LAP | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: VDownloader.exe, versie: 4.0.928.0, 
tijdstempel: 0x5422ce8c  Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409,
 tijdstempel: 0x5315a05a  Uitzonderingscode: 0xe0434352  Foutoffset: 0x000000000000940d
Id
 van proces met fout: 0x1a90  Starttijd van toepassing met fout: 0x01cffff9e44904a2
Pad
 naar toepassing met fout: C:\Users\Gisele\Desktop\VDownloader.exe  Pad naar module
 met fout: C:\Windows\system32\KERNELBASE.dll  Rapport-id: 22194426-6bed-11e4-8a3d-08edb98f9144
 
Error - 14/11/2014 7:00:41 | Computer Name = Gisele-HP-LAP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 14/11/2014 7:00:41 | Computer Name = Gisele-HP-LAP | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: VDownloader.exe, versie: 4.0.928.0, 
tijdstempel: 0x5422ce8c  Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409,
 tijdstempel: 0x5315a05a  Uitzonderingscode: 0xe0434352  Foutoffset: 0x000000000000940d
Id
 van proces met fout: 0x183c  Starttijd van toepassing met fout: 0x01cffffa3aa5267c
Pad
 naar toepassing met fout: C:\Users\Gisele\Desktop\VDownloader.exe  Pad naar module
 met fout: C:\Windows\system32\KERNELBASE.dll  Rapport-id: 78756600-6bed-11e4-8a3d-08edb98f9144
 
Error - 14/11/2014 7:03:49 | Computer Name = Gisele-HP-LAP | Source = WinMgmt | ID = 10
Description = 
 
Error - 14/11/2014 7:06:25 | Computer Name = Gisele-HP-LAP | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 14/11/2014 7:06:25 | Computer Name = Gisele-HP-LAP | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: VDownloader.exe, versie: 4.0.928.0, 
tijdstempel: 0x5422ce8c  Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.18409,
 tijdstempel: 0x5315a05a  Uitzonderingscode: 0xe0434352  Foutoffset: 0x000000000000940d
Id
 van proces met fout: 0x430  Starttijd van toepassing met fout: 0x01cffffb079b7125
Pad
 naar toepassing met fout: C:\Users\Gisele\Desktop\VDownloader.exe  Pad naar module
 met fout: C:\Windows\system32\KERNELBASE.dll  Rapport-id: 45d6ce96-6bee-11e4-bf2c-08edb98f9144
 
Error - 14/11/2014 8:53:06 | Computer Name = Gisele-HP-LAP | Source = WinMgmt | ID = 10
Description = 
 
Error - 14/11/2014 9:01:00 | Computer Name = Gisele-HP-LAP | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 30/11/2012 15:55:26 | Computer Name = Gisele-HP-LAP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/01/2013 14:54:06 | Computer Name = Gisele-HP-LAP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   bij HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 De objectverwijzing is niet op een exemplaar van een object ingesteld.  StackTrace:
   bij HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: nl-NL  RAM: 6044
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
[ System Events ]
Error - 14/11/2014 8:52:58 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen:   ccnfd_1_10_0_2
 
Error - 14/11/2014 8:53:00 | Computer Name = Gisele-HP-LAP | Source = DCOM | ID = 10016
Description = 
 
Error - 14/11/2014 8:53:54 | Computer Name = Gisele-HP-LAP | Source = DCOM | ID = 10016
Description = 
 
Error - 14/11/2014 8:54:28 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
 transactie van deze service: HPWMISVC.
 
Error - 14/11/2014 8:55:38 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
 transactie van deze service: HPWMISVC.
 
Error - 14/11/2014 8:57:10 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor Start is niet geslaagd vanwege deze fout:
   %%5.
 
Error - 14/11/2014 8:57:10 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7006
Description = ScRegSetValueExW-oproep voor Start is niet geslaagd vanwege deze fout:
   %%5.
 
Error - 14/11/2014 9:00:11 | Computer Name = Gisele-HP-LAP | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen:   ccnfd_1_10_0_2
 
Error - 14/11/2014 9:00:37 | Computer Name = Gisele-HP-LAP | Source = DCOM | ID = 10016
Description = 
 
Error - 14/11/2014 9:00:41 | Computer Name = Gisele-HP-LAP | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Edited by HaraMo, 14 November 2014 - 08:10 AM.

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll review your logs now.

 


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - Warnings
 
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
 
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
 
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent
To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
 

 

Step#2 - Combofix
1. Download ComboFix from one of the following locations and save it to your Desktop Link 1 or Link 2
 **Note: It is important that it is saved directly to your desktop**
 
2. Close any open browsers.
* IMPORTANT - Disable your AntiVirus and any AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
If you have difficulty properly disabling your protective programs, refer to this link here.

3. Double click combofix.exe and follow the prompts.
 
4. Accept the disclaimer and allow to update if it asks
 
432x300xcombofixdisclaimer.jpg.pagespeed
 
430x301xcombofixgettingready.jpg.pagespe
 
5. When finished, it shall produce a log for you.
 
6. Please include the C:\Combofix.txt in your next reply.
 
Notes:
 
*Do not mouseclick combofix's window while its running. That may cause it to stall.
*Do not "re-run" Combofix If you have a problem, reply back for further instructions.
* If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.
 
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running Combofix n your own.

This tool is not a toy and not for everyday use. Combofix Should Not be used unless requested by a forum helper

 

 

 

Items for your next post

1. Combofix log


  • 0

#4
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
ComboFix 14-11-15.01 - Gisele 14/11/2014  20:50:25.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.6040.3534 [GMT 1:00]
Gestart vanuit: c:\users\Gisele\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\YoutubeAdblocker
c:\program files (x86)\YoutubeAdblocker\lQk.dat
c:\program files (x86)\YoutubeAdblocker\lQk.tlb
c:\programdata\SearchNewTab
c:\users\Gisele\AppData\Local\lollipop
c:\users\Gisele\AppData\Roaming\Microsoft\Windows\Recent\Toshiba Satellite NB10t-A-10G Azerty - Laptopshop.be.url
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-10-14 to 2014-11-14  ))))))))))))))))))))))))))))))
.
.
2014-11-14 19:40 . 2014-11-14 19:40 -------- d-----w- c:\programdata\16174
2014-11-14 13:05 . 2014-11-14 13:05 -------- d-----w- c:\program files (x86)\TeamViewer
2014-11-14 11:18 . 2014-11-14 11:18 -------- d-----w- c:\users\Gisele\AppData\Roaming\VDownloader
2014-11-14 11:18 . 2014-11-14 11:18 -------- d-----w- c:\users\Gisele\AppData\Local\VDownloader
2014-11-14 11:18 . 2010-01-26 10:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2014-11-14 10:25 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{636DA8EA-78E8-4F8C-A040-F49EBD39D8C2}\mpengine.dll
2014-11-14 09:20 . 2014-11-14 09:20 -------- d-----w- c:\program files (x86)\Easy Computing
2014-11-13 12:28 . 2014-11-13 12:28 -------- d-----w- c:\program files (x86)\MAGIX
2014-11-13 12:28 . 2014-11-14 04:11 -------- d-----w- c:\programdata\simplitec
2014-11-13 12:28 . 2014-11-13 12:28 -------- d-----w- c:\program files (x86)\simplitec
2014-11-13 09:48 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-11-13 09:48 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0748D6DB-CC6B-4616-8A2C-9515FBA86F2D}\gapaengine.dll
2014-11-13 09:47 . 2014-10-20 01:37 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-13 09:45 . 2014-11-13 09:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-11-13 09:45 . 2014-11-13 09:45 -------- d-----w- c:\program files\Microsoft Security Client
2014-11-12 17:43 . 2014-11-12 17:43 509984 ----a-w- C:\HTGD0006.exe
2014-11-12 17:43 . 2014-11-12 17:43 36864 ----a-w- C:\HTGD0005.exe
2014-11-12 17:43 . 2014-11-12 17:43 40960 ----a-w- C:\HTGD0003.exe
2014-11-12 09:26 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 09:26 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 09:24 . 2014-11-12 09:24 -------- d-sh--w- c:\users\Gisele\AppData\Local\EmieBrowserModeList
2014-11-12 08:59 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 08:59 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-12 08:57 . 2014-11-06 03:13 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-12 08:53 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 08:53 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 08:45 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 08:45 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-12 04:19 . 2014-11-12 04:21 -------- d-----w- c:\users\Gisele\AppData\Roaming\WiseUpdate
2014-11-11 14:23 . 2014-11-11 14:22 397312 ----a-w- c:\windows\iwexec.exe
2014-11-11 14:23 . 2014-11-12 17:27 -------- d-----w- c:\program files (x86)\HERMA
2014-11-11 13:32 . 2014-11-11 13:32 -------- d-----w- c:\users\Gisele\AppData\Roaming\LibreOffice
2014-11-11 13:31 . 2014-11-11 13:32 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-11-11 12:56 . 2014-11-11 12:56 45056 ----a-r- c:\users\Gisele\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2014-11-11 12:49 . 2014-11-11 12:49 -------- d-----w- c:\users\Gisele\AppData\Roaming\Hemera
2014-11-11 11:54 . 2014-11-11 11:54 -------- d-----w- c:\users\Gisele\AppData\Roaming\AdvancedSystemProtector
2014-11-11 11:54 . 2014-11-11 11:54 -------- d--h--w- c:\users\Gisele\AppData\Roaming\GoldenGate
2014-11-11 11:54 . 2014-11-11 11:55 -------- d-----w- c:\users\Gisele\AppData\Local\Gameo
2014-11-11 11:54 . 2014-11-11 12:00 -------- d-----w- c:\users\Gisele\AppData\Roaming\Gameo
2014-11-11 10:16 . 2014-11-14 11:31 -------- d-----w- c:\users\Gisele\AppData\Roaming\GemistDownloader
2014-11-11 10:12 . 2014-11-11 10:13 -------- d-----w- c:\program files (x86)\Garmin
2014-11-11 09:58 . 2014-11-11 09:58 -------- d-----w- c:\program files\DivX
2014-11-11 09:48 . 2014-11-11 09:48 -------- d-----w- c:\windows\SysWow64\siscardplugins
2014-11-11 09:48 . 2014-11-11 09:48 -------- d-----w- c:\program files\log
2014-11-10 17:52 . 2014-11-10 18:11 -------- d-----w- c:\users\Gisele\AppData\Roaming\Wise Registry Cleaner
2014-11-10 17:52 . 2014-11-10 17:52 -------- d-----w- c:\program files (x86)\Wise
2014-11-10 17:13 . 2014-11-10 17:13 -------- d-----w- c:\programdata\Malwarebytes
2014-11-10 15:34 . 2012-11-21 19:16 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2014-11-10 15:34 . 2012-11-21 19:16 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2014-11-10 15:07 . 2014-11-10 15:08 -------- d-----w- c:\users\Gisele\AppData\Roaming\337Games
2014-11-10 15:07 . 2014-11-10 15:08 -------- d-----w- c:\users\Gisele\AppData\Roaming\webssearches
2014-11-10 15:07 . 2014-11-10 16:07 -------- d-----w- c:\program files (x86)\YourFileDownloader
2014-11-09 15:01 . 2014-11-11 10:11 -------- d-----w- c:\users\Gisele\AppData\Local\Garmin
2014-11-09 10:32 . 2014-11-11 10:12 -------- d-----w- c:\programdata\Garmin
2014-11-09 10:31 . 2014-11-11 10:13 -------- d-----w- c:\programdata\Package Cache
2014-11-09 10:27 . 2014-11-09 10:27 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin
2014-11-09 10:27 . 2014-11-09 10:27 -------- d-----w- c:\program files\Garmin GPS Plugin
2014-11-09 10:26 . 2014-11-09 10:33 -------- d-----w- c:\users\Gisele\AppData\Roaming\Garmin
2014-11-06 03:58 . 2014-11-06 03:58 -------- d-----w- c:\programdata\Avg_Update_1114av
2014-10-29 20:35 . 2014-10-29 20:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-10-19 16:01 . 2014-10-19 16:01 -------- d-----w- c:\users\Gisele\AppData\Roaming\AVG2015
2014-10-19 15:57 . 2014-10-19 16:00 -------- d-----w- c:\programdata\AVG2015
2014-10-19 15:56 . 2014-11-10 17:12 -------- d-----w- c:\users\Gisele\AppData\Local\Avg2015
2014-10-16 01:09 . 2014-10-16 01:09 3528440 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 09:04 . 2012-10-10 08:56 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-12 03:52 . 2012-02-10 14:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 03:52 . 2012-02-10 14:33 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-10 15:34 . 2012-12-25 18:56 99384 ----a-w- c:\users\Gisele\AppData\Roaming\inst.exe
2014-11-10 15:34 . 2012-12-25 18:56 82816 ----a-w- c:\users\Gisele\AppData\Roaming\pcouffin.sys
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 14:14 . 2014-10-10 14:14 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-10-06 15:36 . 2013-02-14 17:02 20296 ----a-w- c:\windows\system32\roboot64.exe
2014-10-05 20:41 . 2014-10-05 20:41 124184 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-09-30 07:28 . 2014-09-30 07:28 1522600 ----a-w- c:\users\Gisele\AppData\Roaming\SH.exe
2014-09-30 07:27 . 2014-09-30 07:27 1971112 ----a-w- c:\users\Gisele\AppData\Roaming\ZOJPJJ.exe
2014-09-25 02:08 . 2014-10-01 02:40 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 02:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 02:53 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 02:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-15 03:00 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-15 03:00 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-15 03:03 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 03:03 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 03:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-28 20:47 . 2014-08-28 20:47 243480 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-08-23 02:07 . 2014-08-28 06:13 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:13 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-19 14:39 . 2011-03-28 17:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 03:11 . 2014-10-15 03:05 693176 ----a-w- c:\windows\system32\winload.efi
2014-08-19 03:10 . 2014-10-15 03:05 616352 ----a-w- c:\windows\system32\winresume.efi
2014-08-19 03:08 . 2014-10-15 03:05 503808 ----a-w- c:\windows\system32\srcore.dll
2014-08-19 03:08 . 2014-10-15 03:05 50176 ----a-w- c:\windows\system32\srclient.dll
2014-08-19 03:08 . 2014-10-15 03:05 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 03:07 . 2014-10-15 03:05 32256 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 03:07 . 2014-10-15 03:05 58880 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 03:07 . 2014-10-15 03:05 296960 ----a-w- c:\windows\system32\rstrui.exe
2014-08-19 03:07 . 2014-10-15 03:05 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 03:07 . 2014-10-15 03:05 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 02:41 . 2014-10-15 03:05 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-08-19 02:41 . 2014-10-15 03:05 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2014-08-19 02:06 . 2014-10-15 03:05 61440 ----a-w- c:\windows\system32\drivers\appid.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}]
2013-11-17 12:41 716360 ----a-w- c:\progra~2\MAPSGA~2\bar\1.bin\39bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-08-01 18:13 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [2013-11-17 716360]
.
[HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-28 39408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ccnfd_1_10_0_2;ccnfd_1_10_0_2;c:\windows\system32\drivers\ccnfd_1_10_0_2.sys;c:\windows\SYSNATIVE\drivers\ccnfd_1_10_0_2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys;c:\windows\SYSNATIVE\Drivers\EMVSCARD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~2\MAPSGA~2\bar\1.bin\39barsvc.exe;c:\progra~2\MAPSGA~2\bar\1.bin\39barsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2014-04-18 c:\windows\Tasks\0414bUpdateInfo.job
- c:\programdata\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-18 07:48]
.
2014-08-29 c:\windows\Tasks\0814avUpdateInfo.job
- c:\programdata\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-29 16:10]
.
2014-11-06 c:\windows\Tasks\1114avUpdateInfo.job
- c:\programdata\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe [2014-11-06 11:54]
.
2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-10 03:52]
.
2014-11-11 c:\windows\Tasks\elbyExecuteWithUAC.job
- c:\program files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2013-03-21 22:26]
.
2014-11-11 c:\windows\Tasks\GarminUpdaterTask.job
- c:\program files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21 13:45]
.
2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-14 c:\windows\Tasks\HPCeeScheduleForGisele.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2013-01-26 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
2014-09-30 c:\windows\Tasks\SH.job
- c:\users\Gisele\AppData\Roaming\SH.exe [2014-09-30 07:28]
.
2014-11-14 c:\windows\Tasks\simplitec Power Suite.job
- c:\program files (x86)\simplitec\simpliclean\PowerSuite.exe [2014-11-13 13:16]
.
2014-11-14 c:\windows\Tasks\simplitec Service Provider.job
- c:\program files (x86)\simplitec\simpliclean\ServiceProvider.exe [2014-11-13 13:16]
.
2014-11-10 c:\windows\Tasks\Update Service YourFileDownloader.job
- c:\program files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe [2014-11-10 15:07]
.
2014-11-10 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-11-10 15:54]
.
2014-09-30 c:\windows\Tasks\ZOJPJJ.job
- c:\users\Gisele\AppData\Roaming\ZOJPJJ.exe [2014-09-30 07:27]
.
2014-07-26 c:\windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job
- c:\program files\internet explorer\iexplore.exe [2014-11-12 19:49]
.
.
--------- X64 Entries -----------
.
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hln.be/
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaPuJho93q_rwYmLYBecCau0A8gUQbjoqmOnNhGQzUjgQQMdyYShKRHbA6ODsmkd6g_g_h7BWb_7J51pk1ebKwaTIdXa2rwlMnBTsS1Z40kYXgQxLMMWH85nwdvVISUr63invXhXs7VQkftp4oHDM74JHQPlxlJdBKPF1z1s7rUS-tEm9I,&q={searchTerms}
TCP: DhcpNameServer = 195.130.130.1 195.130.131.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB
.
.
------- Bestandsassociaties -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=c:\windows\SysWow64\WScript.exe "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
Toolbar-10 - (no file)
WebBrowser-{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
.
**************************************************************************
.
Voltooingstijd: 2014-11-14  21:07:16 - machine werd herstart
ComboFix-quarantined-files.txt  2014-11-14 20:07
.
Pre-Run: 266.627.076.096 bytes beschikbaar
Post-Run: 266.588.127.232 bytes beschikbaar
.
- - End Of File - - 11FFDD196AC7DAE225F18709930C7CAE

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. We were able to clean some stuff up but still have work to do. Please follow the instructions below.
 
Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of the programs are either outdated and will be updated later or have a bad reputation and/or are not recommended and should be installed. If you must have one of the programs I suggest removing it now and then re-installing it after we declare you clean.
 
Microsoft Security Client (You have AVG 2015 so this is not needed and in fact can cause issues. It's never a good idea to have more than one AV running at the same time)
Java 7 Update 7 (64-bit)
simpliclean (Registry cleaners can cause more harm than good and don't provide enough benefit to be worthwhile)
Wise Registry Cleaner 8.25 (Registry cleaners can cause more harm than good and don't provide enough benefit to be worthwhile)
VDownloader 4.0.959

 
 
Step#2 - Scan a file
There is one file (C:\HTGD0006.exe) that I would like to get more information on. VirusTotal, a subsidiary of Google, provides a service that allows us to scan this file using many antiviurs engines to see if any are currently detecting this as a threat. Please follow the instructions below.
1. To use VirusTotal, please go here.
VirusTotal.JPG
2. Copy the following line to your clipboard. To do so, select the text with your mouse and then right-click your mouse and select Copy.
C:\HTGD0006.exe
3. Click the Choose File button and paste in the contents of the clipboard into the "File name:" field.
4. Click the Scan It! button. VirusTotal will check this file against 50 different antivirus softwares to see if any detect this as a threat.
Note: If you receive a message stating that the File was already analysed, please click Reanalyse.
5. Once the scan finishes, please copy and paste the VirusTotal URL in your next reply. To do this, click your mouse at the very top of your browser window in the URL that starts with https:// and the entire line will turn blue. Right click your mouse and select copy. Paste this in your next reply.
 
 
Step#3 - Run Combofix Script

  • Please start by opening Notepad and copy/paste the entire text from in the box below into the notepad window: (don't include the word Quote at the top).

http://www.geekstogo...bootup-slow-pc/
 
KILLALL::
 
Suspect::
C:\HTGD0006.exe
C:\HTGD0005.exe
C:\HTGD0003.exe
 
Collect::
c:\users\Gisele\AppData\Roaming\SH.exe
c:\users\Gisele\AppData\Roaming\ZOJPJJ.exe
 
Folder::
c:\programdata\16174
c:\users\Gisele\AppData\Roaming\VDownloader
c:\users\Gisele\AppData\Local\VDownloader
c:\users\Gisele\AppData\Roaming\AdvancedSystemProtector
c:\users\Gisele\AppData\Roaming\GoldenGate
c:\users\Gisele\AppData\Local\Gameo
c:\users\Gisele\AppData\Roaming\Gameo
c:\users\Gisele\AppData\Roaming\337Games
c:\users\Gisele\AppData\Roaming\webssearches
c:\program files (x86)\YourFileDownloader
c:\progra~2\MAPSGA~2
 
File::
c:\windows\system32\drivers\ccnfd_1_10_0_2.sys
c:\windows\Tasks\SH.job
c:\windows\Tasks\Update Service YourFileDownloader.job
c:\windows\Tasks\ZOJPJJ.job
c:\windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job
 
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{364ea597-e728-4ce4-bb4a-ed846ef47970}"=-
[-HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}]
 
Driver::
ccnfd_1_10_0_2
MapsGalaxy_39Service

  • Save it to your desktop as CFScript.txt
  • Referring to the picture below, drag CFScript.txt onto ComboFix.exe
    CFScriptB-4.gif.pagespeed.ce.9SFFpFAors.
    This will let ComboFix run again.
  • Restart if you are prompted to.
  • When finished, it shall produce a log for you. Post the contents of that log in your next reply. If you are required to reboot you can obtain the log from C:\Combofix.txt

**Note#1**
Do not mouseclick combofix's window while it's running. That may cause it to stall
 
**Note#2**
When Combofix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
 
Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
 
Step#5 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.
 
  
 
Items for your next post
1. VirusTotal results
2. Combofix log
3. AdwCleaner log
4. FRST and Addition log
5. How's your machine doing?


  • 0

#6
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

I uninstalled the apps you mentioned

result virus total: https://www.virustot...sis/1416036232/

 

combofix is stuck at : see picture. I left it for a long time, but stil the same last line (webchearches). nobody worked with the laptop, while combofix was buzzy. I stil left it on, can I just close it, and begin again?

 

19wp06.jpg


Edited by HaraMo, 15 November 2014 - 03:53 AM.

  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

If it's still like this then yes, reboot your computer and then run the combofix script again and let me know if you have issues. Thank you..


  • 0

#8
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

it blocked again, at  "finished (translated from dutch word 'voltooid')part 50" line ....  I wil try again (reboot and load script)


Edited by HaraMo, 15 November 2014 - 09:37 AM.

  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

How long did you let it run after it said finished? I've seen it take up to five minutes to display the log once it has reached this point.


  • 0

#10
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

longer then one hour, according to the first textlines, it should take 10min or double (20min) max. But It's not the finish I mean, but this (see image).

 

I tried it again, but it get stuck at line "finished part_50" after half an hour.

 

289hm2s.jpg


Edited by HaraMo, 15 November 2014 - 10:23 AM.

  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Ok. Don't run the tool anymore and proceed with the subsequent steps.
  • 0

#12
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

I already tried again, Left it on,now it' on line 43.  .. 48 ....  now 50 then it stays there for a while then the underline cursor jumpes a line further but empyt. and nothing happens ,, I can still waith  untill I come back from the shop? 

 

It' OK now, other screen is been showed (combofix will restart ) , now laptop is rebooting , strange hé.

 

I did do one thing: teamviewer was active, I went to options and disabled that teamviewer would start with windows after reboot.

 

Maybe this helped? I'm not sure.


Edited by HaraMo, 15 November 2014 - 10:43 AM.

  • 0

#13
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
The opload failed, a htm file is saved on C drive to upload manually, how can I do this?
 
ComboFix 14-11-15.01 - Gisele 15/11/2014  17:33:11.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.6040.3758 [GMT 1:00]
Gestart vanuit: c:\users\Gisele\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Gisele\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ccnfd_1_10_0_2.sys"
"c:\windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job"
"c:\windows\Tasks\SH.job"
"c:\windows\Tasks\Update Service YourFileDownloader.job"
"c:\windows\Tasks\ZOJPJJ.job"
.
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CCNFD_1_10_0_2
-------\Service_ccnfd_1_10_0_2
-------\Service_MapsGalaxy_39Service
-------\Legacy_CCNFD_1_10_0_2
-------\Legacy_CCNFD_1_10_0_2
-------\Legacy_CCNFD_1_10_0_2
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-10-15 to 2014-11-15  ))))))))))))))))))))))))))))))
.
.
2014-11-15 16:41 . 2014-11-15 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-14 20:09 . 2014-11-14 20:09 -------- d-----w- c:\users\Gisele\AppData\Roaming\TeamViewer
2014-11-14 13:05 . 2014-11-14 13:05 -------- d-----w- c:\program files (x86)\TeamViewer
2014-11-14 10:25 . 2014-10-20 01:37 11627712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{636DA8EA-78E8-4F8C-A040-F49EBD39D8C2}\mpengine.dll
2014-11-14 09:20 . 2014-11-14 09:20 -------- d-----w- c:\program files (x86)\Easy Computing
2014-11-13 12:28 . 2014-11-13 12:28 -------- d-----w- c:\program files (x86)\MAGIX
2014-11-13 12:28 . 2014-11-14 04:11 -------- d-----w- c:\programdata\simplitec
2014-11-13 12:28 . 2014-11-13 12:28 -------- d-----w- c:\program files (x86)\simplitec
2014-11-13 09:45 . 2014-11-15 07:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-11-13 09:45 . 2014-11-15 07:15 -------- d-----w- c:\program files\Microsoft Security Client
2014-11-12 17:43 . 2014-11-12 17:43 509984 ------w- C:\HTGD0006.exe
2014-11-12 17:43 . 2014-11-12 17:43 36864 ------w- C:\HTGD0005.exe
2014-11-12 17:43 . 2014-11-12 17:43 40960 ------w- C:\HTGD0003.exe
2014-11-12 09:26 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 09:26 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 09:24 . 2014-11-12 09:24 -------- d-sh--w- c:\users\Gisele\AppData\Local\EmieBrowserModeList
2014-11-12 08:59 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 08:59 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-12 08:57 . 2014-11-06 03:13 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-12 08:53 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 08:53 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 08:45 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 08:45 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-12 04:19 . 2014-11-12 04:21 -------- d-----w- c:\users\Gisele\AppData\Roaming\WiseUpdate
2014-11-11 14:23 . 2014-11-11 14:22 397312 ----a-w- c:\windows\iwexec.exe
2014-11-11 14:23 . 2014-11-12 17:27 -------- d-----w- c:\program files (x86)\HERMA
2014-11-11 13:32 . 2014-11-11 13:32 -------- d-----w- c:\users\Gisele\AppData\Roaming\LibreOffice
2014-11-11 13:31 . 2014-11-11 13:32 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-11-11 12:56 . 2014-11-11 12:56 45056 ----a-r- c:\users\Gisele\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2014-11-11 12:49 . 2014-11-11 12:49 -------- d-----w- c:\users\Gisele\AppData\Roaming\Hemera
2014-11-11 10:16 . 2014-11-14 11:31 -------- d-----w- c:\users\Gisele\AppData\Roaming\GemistDownloader
2014-11-11 10:12 . 2014-11-11 10:13 -------- d-----w- c:\program files (x86)\Garmin
2014-11-11 09:58 . 2014-11-11 09:58 -------- d-----w- c:\program files\DivX
2014-11-11 09:48 . 2014-11-11 09:48 -------- d-----w- c:\windows\SysWow64\siscardplugins
2014-11-11 09:48 . 2014-11-11 09:48 -------- d-----w- c:\program files\log
2014-11-10 17:13 . 2014-11-10 17:13 -------- d-----w- c:\programdata\Malwarebytes
2014-11-10 15:34 . 2012-11-21 19:16 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2014-11-10 15:34 . 2012-11-21 19:16 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2014-11-10 15:07 . 2014-11-10 16:07 -------- d-----w- c:\program files (x86)\YourFileDownloaderUpdater
2014-11-09 15:01 . 2014-11-11 10:11 -------- d-----w- c:\users\Gisele\AppData\Local\Garmin
2014-11-09 10:32 . 2014-11-11 10:12 -------- d-----w- c:\programdata\Garmin
2014-11-09 10:31 . 2014-11-11 10:13 -------- d-----w- c:\programdata\Package Cache
2014-11-09 10:27 . 2014-11-09 10:27 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin
2014-11-09 10:27 . 2014-11-09 10:27 -------- d-----w- c:\program files\Garmin GPS Plugin
2014-11-09 10:26 . 2014-11-09 10:33 -------- d-----w- c:\users\Gisele\AppData\Roaming\Garmin
2014-11-06 03:58 . 2014-11-06 03:58 -------- d-----w- c:\programdata\Avg_Update_1114av
2014-10-29 20:35 . 2014-10-29 20:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-10-19 16:01 . 2014-10-19 16:01 -------- d-----w- c:\users\Gisele\AppData\Roaming\AVG2015
2014-10-19 15:57 . 2014-10-19 16:00 -------- d-----w- c:\programdata\AVG2015
2014-10-19 15:56 . 2014-11-10 17:12 -------- d-----w- c:\users\Gisele\AppData\Local\Avg2015
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 09:04 . 2012-10-10 08:56 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-12 03:52 . 2012-02-10 14:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 03:52 . 2012-02-10 14:33 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-10 15:34 . 2012-12-25 18:56 99384 ----a-w- c:\users\Gisele\AppData\Roaming\inst.exe
2014-11-10 15:34 . 2012-12-25 18:56 82816 ----a-w- c:\users\Gisele\AppData\Roaming\pcouffin.sys
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 14:14 . 2014-10-10 14:14 274200 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-10-06 15:36 . 2013-02-14 17:02 20296 ----a-w- c:\windows\system32\roboot64.exe
2014-10-05 20:41 . 2014-10-05 20:41 124184 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-09-30 07:28 . 2014-09-30 07:28 1522600 ------w- c:\users\Gisele\AppData\Roaming\SH.exe
2014-09-30 07:27 . 2014-09-30 07:27 1971112 ------w- c:\users\Gisele\AppData\Roaming\ZOJPJJ.exe
2014-09-25 02:08 . 2014-10-01 02:40 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 02:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 02:53 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 02:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-15 03:00 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-15 03:00 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-15 03:03 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 03:03 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 03:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-28 20:47 . 2014-08-28 20:47 243480 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-08-23 02:07 . 2014-08-28 06:13 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 06:13 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-19 14:39 . 2011-03-28 17:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 03:11 . 2014-10-15 03:05 693176 ----a-w- c:\windows\system32\winload.efi
2014-08-19 03:10 . 2014-10-15 03:05 616352 ----a-w- c:\windows\system32\winresume.efi
2014-08-19 03:08 . 2014-10-15 03:05 503808 ----a-w- c:\windows\system32\srcore.dll
2014-08-19 03:08 . 2014-10-15 03:05 50176 ----a-w- c:\windows\system32\srclient.dll
2014-08-19 03:08 . 2014-10-15 03:05 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 03:07 . 2014-10-15 03:05 32256 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 03:07 . 2014-10-15 03:05 58880 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 03:07 . 2014-10-15 03:05 296960 ----a-w- c:\windows\system32\rstrui.exe
2014-08-19 03:07 . 2014-10-15 03:05 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 03:07 . 2014-10-15 03:05 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 02:41 . 2014-10-15 03:05 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-08-19 02:41 . 2014-10-15 03:05 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2014-08-19 02:06 . 2014-10-15 03:05 61440 ----a-w- c:\windows\system32\drivers\appid.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-08-01 18:13 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-28 39408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys;c:\windows\SYSNATIVE\Drivers\EMVSCARD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R4 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
R4 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 hostcontrollerswitch-stuurprogramma;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 hub-stuurprogramma;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 uitbreidbare hostcontroller-stuurprogramma;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2014-04-18 c:\windows\Tasks\0414bUpdateInfo.job
- c:\programdata\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-18 07:48]
.
2014-08-29 c:\windows\Tasks\0814avUpdateInfo.job
- c:\programdata\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-29 16:10]
.
2014-11-06 c:\windows\Tasks\1114avUpdateInfo.job
- c:\programdata\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe [2014-11-06 11:54]
.
2014-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-10 03:52]
.
2014-11-11 c:\windows\Tasks\elbyExecuteWithUAC.job
- c:\program files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2013-03-21 22:26]
.
2014-11-11 c:\windows\Tasks\GarminUpdaterTask.job
- c:\program files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-10-21 13:45]
.
2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 19:23]
.
2014-11-14 c:\windows\Tasks\HPCeeScheduleForGisele.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2013-01-26 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
2014-09-30 c:\windows\Tasks\SH.job
- c:\users\Gisele\AppData\Roaming\SH.exe [2014-09-30 07:28]
.
2014-11-10 c:\windows\Tasks\Update Service YourFileDownloader.job
- c:\program files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe [2014-11-10 15:07]
.
2014-09-30 c:\windows\Tasks\ZOJPJJ.job
- c:\users\Gisele\AppData\Roaming\ZOJPJJ.exe [2014-09-30 07:27]
.
2014-07-26 c:\windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job
- c:\program files\internet explorer\iexplore.exe [2014-11-12 19:49]
.
.
--------- X64 Entries -----------
.
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hln.be/
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1415632043&from=exp&uid=TOSHIBAXMQ01ABD050_627LS09HSXX627LS09HS&q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbaPuJho93q_rwYmLYBecCau0A8gUQbjoqmOnNhGQzUjgQQMdyYShKRHbA6ODsmkd6g_g_h7BWb_7J51pk1ebKwaTIdXa2rwlMnBTsS1Z40kYXgQxLMMWH85nwdvVISUr63invXhXs7VQkftp4oHDM74JHQPlxlJdBKPF1z1s7rUS-tEm9I,&q={searchTerms}
TCP: DhcpNameServer = 195.130.130.1 195.130.131.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{1e91a655-bb4b-4693-a05e-2edebc4c9d89} - c:\progra~2\MAPSGA~2\bar\1.bin\39bar.dll
Toolbar-10 - (no file)
WebBrowser-{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-YourFileDownloader - c:\program files (x86)\YourFileDownloader\Uninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
.
**************************************************************************
.
Voltooingstijd: 2014-11-15  17:49:02 - machine werd herstart
ComboFix-quarantined-files.txt  2014-11-15 16:49
.
Pre-Run: 271.557.136.384 bytes beschikbaar
Post-Run: 271.475.830.784 bytes beschikbaar
.
- - End Of File - - 997459E7C5C927E8F953884BEA0D37A4

  • 0

#14
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

another problem I have now:

 

If I try to open IE, I receive a message window:  the title is the app (c:\program files\internet explorer\iexplore.exe

 

the message (translated)  we tried to exectue an unvalid step on a registerkey that is marked for deleting.

 

I also have this if I want to open paint, I wanted to make a print screen of this to send.  I tried now other apps, all give the same message.

 

I hope it's clear for you this way?


Edited by HaraMo, 15 November 2014 - 11:00 AM.

  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Don't worry about uploading at the moment.

 

Reboot your computer one more time and let me know if opening IE gives the same error message. That should resolve that error. Then go ahead and perform the subsequent steps which was AdwCleaner and FRST/Addition logs.

 

Lastly, in C:\Combofix there may be multiple files (i.e. Combofix1.log, Combofix2.let, etc.). Can you post the contents of all the logs that are here?

 

Thank you.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP