Zoek.exe v5.0.0.0 Updated 09-August-2014 Tool run by Petra on zo 10/08/2014 at 17:41:27,33. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Petra\Desktop\Computer Healthy Check\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10/08/2014 17:49:52 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\EGB3 deleted successfully C:\PROGRA~2\Intel deleted successfully C:\Users\Petra\AppData\Roaming\Download Manager deleted successfully C:\Users\Petra\AppData\Roaming\Opera deleted successfully C:\Users\Hans\AppData\Local\PackageAware deleted successfully C:\Users\Hans\AppData\Local\{0C88A2A5-9185-442C-8935-6D5C5777F66F} deleted successfully C:\Users\Hans\AppData\Local\{4B9BC6C7-6A69-4217-A79D-F2C818998596} deleted successfully C:\Users\Hans\AppData\Local\{74296309-B1DB-4FD0-B1B1-C14D87567D26} deleted successfully C:\Users\Hans\AppData\Local\{85238C97-B8A1-469A-85D0-113D26CD3712} deleted successfully C:\Users\Hans\AppData\Local\{C8A410B4-09B5-4892-AB40-AAE5473C250C} deleted successfully C:\Users\Hans\AppData\Local\{CA7B6E09-51A9-4CB6-BA7C-85593AF1A30F} deleted successfully C:\Users\Hans\AppData\Local\{D4C3B109-511B-4B36-BEF2-6A39A713C5FC} deleted successfully C:\Users\Hans\AppData\Local\{D57018C2-A2C8-4983-B031-B2A37A707E69} deleted successfully C:\Users\Petra\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Internet Explorer\SearchScopes\{804267C6-05F1-41AB-BA76-0BE17774EDAB} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\application updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\application updater deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec2bae47-25af-4ce9-9e78-10627a49c9ea}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ApnTBMon"=- ""=- "SearchSettings"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater not found C:\Program Files (x86)\pdfforge Toolbar deleted C:\Program Files (x86)\Common Files\Spigot\Search Settings deleted C:\Program Files (x86)\Application Updater deleted C:\PROGRA~2\COMMON~1\Spigot deleted C:\Users\Petra\AppData\Local\iLivid deleted C:\Users\Petra\AppData\Local\ilividmoviestoolbardla deleted C:\Users\Petra\AppData\Local\AskPartnerNetwork deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Petra\Searches deleted C:\Users\Hans\AppData\LocalLow\pdfforge deleted C:\Users\Hans\AppData\LocalLow\Search Settings deleted C:\Users\Petra\AppData\LocalLow\pdfforge deleted C:\Users\Petra\AppData\LocalLow\ilividmoviestoolbardla deleted C:\Users\Petra\AppData\LocalLow\DataMngr deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Windows\Installer\2b756de.msi" deleted "C:\Windows\Installer\16e2fbb.msi" deleted "C:\ProgramData\Datamngr\coordinator.cfg" not deleted "C:\ProgramData\Datamngr\general.cfg" not deleted "C:\ProgramData\Datamngr\S-1-5-21-1618377428-1196873396-1979927488-1001.cfg" not deleted "C:\ProgramData\Datamngr\stats.cfg" not deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsp5F13.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\setmgrc2.cfg" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\Uninstall.exe" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_BHO_nsp5F13.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_DLL_nsp5F13.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsp5F13.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr_u.dll" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\apcrtldr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\Datamngr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\DatamngrCoordinator.exe" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\DatamngrUI.exe" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\del_DM_LL_nsp5F13.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\favicon.ico" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\Helper.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\IEBHO.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\Internet Explorer Settings.exe" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\mgrldr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\setmgrc2.cfg" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\Uninstall.exe" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\apcrtldr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\Datamngr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_BHO_nsp5F13.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_DM_DLL_nsp5F13.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_DM_LL_nsp5F13.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\IEBHO.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\mgrldr.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\mgrldr_u.dll" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\setmgrc2.cfg" not deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\Program Files (x86)\AskPartnerNetwork" deleted "C:\Program Files (x86)\Movies Toolbar" not deleted "C:\ProgramData\Datamngr" not deleted "C:\PROGRA~2\Movies Toolbar" not deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr" not deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr" not deleted "C:\PROGRA~2\Movies Toolbar\Datamngr\x64" not deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Petra\AppData\Local\Temp ==== 2014-08-10 15:39:37 D8BE96BC224FB9A6034A01156A527271 43008 ----a-w- C:\Users\Petra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpelkj8n.dll 2014-07-29 17:04:29 A5A79FFCDCFC2E750088756212683794 419144 ----a-w- C:\Users\Petra\AppData\Local\Temp\exthelper.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-07-23 06:54:55 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-10 10:00:53 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Petra\AppData\Roaming ====== ====== C:\Users\Petra ====== 2014-07-23 16:36:25 -------- d-----w- C:\ProgramData\Datamngr ====== C: exe-files == 2014-08-10 10:00:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Petra.exe 2014-08-10 10:00:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Petra\Desktop\Computer Healthy Check\RSITx64.exe 2014-08-06 14:13:28 DFFD9B1E402800692A6126EAD41C8B9B 564496 ----a-w- C:\Windows\Temp\ce67437a\patch_ff.exe === C: other files == 2014-08-06 00:32:30 F92A839B364FB6CB0063718727C60C62 447021 ----a-w- C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1618377428-1196873396-1979927488-1001\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Facebook Update"="C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Akamai NetSession Interface"="C:\Users\Petra\AppData\Local\Akamai\netsession_win.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91120000-0031-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91120000-0031-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "AdobeCS4ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin" "CamserviceOG"="C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup" "ExtraFilmManager"="C:\Program Files (x86)\ExtraFilm Designer BE NL\ExtraFilmManager.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "IndexSearch"="C:\Program Files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" "PDFHook"="C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe" "PDF5 Registry Controller"="C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Facebook Update"="C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Akamai NetSession Interface"="C:\Users\Petra\AppData\Local\Akamai\netsession_win.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install" "CamserviceOG"="C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe /startup" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" "DLUPDR"="C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" "DLQLU"="C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE /S" ==== Startup Folders ====================== 2010-05-12 18:54:06 1387 ----a-w- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 2012-05-27 07:11:37 1053 ----a-w- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-03-08 16:57:55 1847 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23/07/2014 09:09] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1618377428-1196873396-1979927488-1001Core.job --a------ C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/02/2013 13:17] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1618377428-1196873396-1979927488-1001UA.job --a------ C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/02/2013 13:17] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/09/2011 13:59] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/09/2011 13:59] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1618377428-1196873396-1979927488-1001Core" [C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1618377428-1196873396-1979927488-1001UA" [C:\Users\Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\JavaUpdateSched" [%WINDIR%\System32\jusched.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [08/08/2014 08:11] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaabcbmongicmdegkmmfgdickgnnob - C:\Users\Petra\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx[] bopakagnckmlgajfccecajhnimjiiedh - No path found[] fheoggkfdfchfphceeifdbepaooicaho - No path found[] pljcgbedjplidkdjahbaalanadmjfgop - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx[06/08/2014 02:32] YouTube - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Movies Toolbar - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob Google Docs - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo MSS+ Extension - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Google Search - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Ask Toolbar - Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop ==== Chromium Startpages ====================== C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "homepage": "http://www.google.com/", "urls_to_restore_on_startup": [ "http://www.google.com/" ] "urls_to_restore_on_startup": [ "http://www.google.com/" ] C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-287&v=a13350-116&t=4", "startup_urls": [ "http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-287&v=a13350-116&t=4" ], ==== Chrome Fix ====================== C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-287&v=a13350-116&t=4" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {963EC420-62B0-415E-8F15-C0CAC7AEAECE} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3B0CE92E6B6831E46B8349AA8C2BD1B9 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7ABA74AA19F466B40AD374BC51255F6E deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E29EC0B3-86B6-4E13-B638-94AAC8B21D9B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA47ABA7-4F91-4B66-A03D-47CB1552F5E6} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbardlaGC deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbardlaIE deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3B0CE92E6B6831E46B8349AA8C2BD1B9 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7ABA74AA19F466B40AD374BC51255F6E deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXJF2E9F will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4214 folders=603 289776908 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Hans\AppData\Local\Temp emptied successfully C:\Users\Petra\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Petra\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\Datamngr\coordinator.cfg" deleted "C:\ProgramData\Datamngr\general.cfg" deleted "C:\ProgramData\Datamngr\S-1-5-21-1618377428-1196873396-1979927488-1001.cfg" deleted "C:\ProgramData\Datamngr\stats.cfg" deleted "C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\Datamngr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsp5F13.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\favicon.ico" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\Helper.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\IEBHO.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\setmgrc2.cfg" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\Uninstall.exe" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Datamngr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_BHO_nsp5F13.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_DLL_nsp5F13.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsp5F13.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\IEBHO.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\mgrldr_u.dll" not found "C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\apcrtldr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\Datamngr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\DatamngrCoordinator.exe" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\DatamngrUI.exe" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\del_DM_LL_nsp5F13.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\favicon.ico" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\Helper.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\IEBHO.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\Internet Explorer Settings.exe" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\mgrldr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\setmgrc2.cfg" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\Uninstall.exe" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\apcrtldr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\Datamngr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_BHO_nsp5F13.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_DM_DLL_nsp5F13.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\del_DM_LL_nsp5F13.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\IEBHO.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\Internet Explorer Settings.exe" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\mgrldr.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\mgrldr_u.dll" not found "C:\PROGRA~2\Movies Toolbar\Datamngr\x64\setmgrc2.cfg" not found "C:\Program Files (x86)\Movies Toolbar" not found "C:\ProgramData\Datamngr" deleted "C:\PROGRA~2\Movies Toolbar" not found "C:\Users\Petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXJF2E9F" not found ==== EOF on zo 10/08/2014 at 18:35:07,16 ======================