Zoek.exe v5.0.0.0 Updated 01-September-2014 Tool run by katleen on di 02/09/2014 at 22:22:09,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\katleen\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 2/09/2014 22:23:37 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\ALDI Foto Service deleted successfully C:\Program Files\FreeTime deleted successfully C:\Program Files\Mp3tag deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\PC Optimizer Pro deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\katleen\AppData\Roaming\QuickScan deleted successfully C:\Users\katleen\AppData\Local\Bundled software uninstaller deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_CLASSES_ROOT\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_CLASSES_ROOT\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\katleen\AppData\Roaming\Mozilla\Firefox\Profiles\hvrk0bgd.default ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.order.1", "Ask.com"); ---- FireFox user.js and prefs.js backups ---- user_20140209_2233_.backup prefs_20140209_2233_.backup ProfilePath: C:\Users\katleen\AppData\Roaming\Thunderbird\Profiles\bokkgq5w.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140209_2233_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Program Files\FromDocToPDF_65 deleted C:\Users\katleen\AppData\Local\FromDocToPDF_65 deleted C:\Users\katleen\appdata\locallow\FromDocToPDF_65 deleted C:\Program Files\Mozilla Firefox\defaults\preferences\autoconfig.js deleted C:\Program Files\SpeedItup Free deleted C:\Program Files\SweetIM deleted C:\PROGRA~2\spds90.txt deleted C:\PROGRA~2\Package Cache deleted C:\Users\katleen\AppData\Local\IAC deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Users\katleen\AppData\Roaming\Mozilla\Firefox\Profiles\hvrk0bgd.default\searchplugins\safesearch.xml deleted C:\Users\katleen\AppData\Roaming\Mozilla\Firefox\Profiles\hvrk0bgd.default\searchplugins\SweetIM Search.xml deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\katleen\AppData\Local\Temp ==== ====== Java Cache ===== 2014-08-21 19:03:03 88E293544AF3BAC13CE693CCED5007E8 150580 ----a-w- C:\Users\katleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\11f0dc1-55723366 2014-08-15 19:56:45 DB5F4E7F618DCF081080196189098574 38 ----a-w- C:\Users\katleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\343fc0d3-b36de11553528485c59b8d3edd5d5f9a3c4375d106ddb682f47538eab928a0c7-6.0.lap 2014-08-21 19:02:58 F86305BC275AD5C0F755B1C4340FDE46 38 ----a-w- C:\Users\katleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2acce842-1fcaacad2d20de9b57e6b2384eb1c859ff93925f88e5dbb90dcffe53707d7c90-6.0.lap 2014-08-15 19:56:59 1D36926B5B095DFB969425F5EA26E033 31686 ----a-w- C:\Users\katleen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7e3189a9-7edb8ce2 ====== C:\Windows\system32 ===== 2014-09-02 06:01:00 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-09-02 06:00:59 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-09-02 06:00:55 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-09-02 06:00:53 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-09-01 18:03:14 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-09-01 18:03:13 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-09-01 18:03:08 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-09-01 18:03:08 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-09-01 18:03:08 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\System32\urlmon.dll 2014-09-01 18:03:08 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-09-01 18:03:08 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\System32\msfeeds.dll 2014-09-01 18:03:07 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-09-01 18:03:07 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-09-01 18:03:07 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\System32\ieframe.dll 2014-09-01 18:03:07 7EFBB7A3C664A8DF93C9937DF76760A4 663040 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-01 18:03:07 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-09-01 18:03:06 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-09-01 18:03:05 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\System32\jscript9.dll 2014-09-01 18:03:04 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\System32\iertutil.dll 2014-09-01 18:03:04 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\System32\wininet.dll 2014-09-01 18:03:04 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-09-01 18:03:03 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-09-01 18:03:03 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-01 18:03:03 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-09-01 18:03:02 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-09-01 18:03:02 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-09-01 18:03:02 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-09-01 18:03:01 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\System32\ieui.dll 2014-09-01 18:03:01 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-09-01 18:03:01 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-09-01 18:03:01 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\System32\dxtrans.dll 2014-09-01 18:02:59 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-09-01 18:02:59 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-09-01 18:02:58 D7D412D3436CFB85B383CDD3C9B455F0 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-09-01 18:02:31 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-09-01 18:02:25 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-09-01 18:02:25 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-09-01 18:02:25 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-09-01 18:02:25 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-09-01 18:02:22 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-09-01 18:02:22 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-09-01 18:02:20 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll 2014-09-01 18:01:22 DBF9369D554A229DB0D554BB95A4B0AA 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-09-01 18:01:22 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-09-01 17:52:57 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll 2014-09-01 17:52:57 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll 2014-09-01 17:52:57 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll 2014-09-01 17:52:57 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-09-01 17:52:47 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\System32\wuapi.dll 2014-09-01 17:52:47 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\System32\wudriver.dll 2014-09-01 17:52:47 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\System32\wups.dll 2014-09-01 17:52:35 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-09-01 17:52:35 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll ====== C:\Windows\system32\drivers ===== 2014-09-01 18:03:13 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-09-01 18:03:13 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-01 17:52:49 -------- d-----w- C:\Program Files\trend micro 2014-08-10 21:58:57 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== 2014-08-31 20:17:42 51CF0EF3196A27C2E45D428C0F84C3A9 308 ---ha-w- C:\bdr-cf01 2014-08-31 20:16:13 D1A861DE33CAB5B477E3BB7AA7FDD5B7 2294848 ---ha-w- C:\bdr-bz01 2014-08-31 20:16:13 8E83A0EAB3AD8599EA4CC21F18564B2D 253404 ---ha-w- C:\bdr-ld01 2014-08-31 20:16:13 5B453B553234C63D3F80A018AC2881BD 39361413 ---ha-w- C:\bdr-im01.gz 2014-08-31 20:16:13 0F6AA65A6E1037C915DD38A8109ACAFE 9216 ---ha-w- C:\bdr-ld01.mbr ====== C:\Users\katleen\AppData\Roaming ====== 2014-08-31 20:16:20 -------- d-----w- C:\Users\katleen\AppData\Roaming\Bitdefender 2014-08-31 20:04:19 -------- d-----w- C:\Users\katleen\AppData\Roaming\Process Hacker 2 ====== C:\Users\katleen ====== 2014-08-31 20:19:26 64877693517858A9CDAB74A9F01D9FA9 539321 ----a-w- C:\ProgramData\1409515993.bdinstall.bin 2014-08-31 20:13:00 979BA07DC23617651125193F6805026C 244976 ----a-w- C:\ProgramData\1409515834.bdinstall.bin 2014-08-14 17:32:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin ====== C: exe-files == 2014-09-02 20:29:28 A7C84B4B658895243DC1EF4DCBF89D56 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$I5Y7CO7.exe 2014-09-02 20:29:28 9D4855DEE5A46B689BBCDFD91D372305 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IXXWBK7.exe 2014-09-02 20:29:28 3D99DD341BF29A4F9F903A6B2F9436AA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IK7IRYE.exe 2014-09-02 20:20:38 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RK7IRYE.exe 2014-09-02 06:00:55 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-09-02 06:00:53 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-09-01 18:03:07 CDF01A5C7927786A708EAEE91F14797B 812224 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-09-01 18:03:07 7EFBB7A3C664A8DF93C9937DF76760A4 663040 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-01 18:03:03 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-09-01 18:03:03 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-09-01 18:03:02 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-09-01 18:02:58 7BAF83ECFCB4AC9E90A4B459BDD59BCA 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-09-01 18:02:31 B289EAC1F6635298B15D3939324C2720 40448 ----a-w- C:\Windows\servicing\GC32\tzupd.exe 2014-09-01 18:02:25 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-09-01 18:02:22 8E115B7CA5166036FB9B27BCEC7A62C8 42656 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-09-01 18:02:22 2D02882987E9EF01C38C1618FB772A9A 145568 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-09-01 17:52:57 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-09-01 17:52:49 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\katleen.exe 2014-09-01 17:52:35 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-09-01 17:52:25 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RXXWBK7.exe 2014-09-01 17:52:07 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$R5Y7CO7.exe === C: other files == 2014-09-02 20:29:59 5A7C1222116990315B173F3EDC5C5263 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IA6SGZQ.zip 2014-09-02 20:29:47 59D332ACCE8192BF4690B32D44DD3A73 2720895 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RA6SGZQ.zip 2014-09-02 20:29:28 EEAB2A9017275F3CFE7893AFA7408317 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IWQH4OG.zip 2014-09-01 18:03:13 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-09-01 18:03:13 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-09-01 18:01:22 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-09-01 15:49:43 064D7BBB663854FEAC3F1EDA9E3EEA03 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$I6AU76S.zip 2014-09-01 15:49:30 7015FCBE0328E72E7CEA4FCA6920A2E1 31038 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$R6AU76S.zip 2014-09-01 15:19:46 A3090E58877B47F3AA198840768687F2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IEQ0V1G.zip 2014-09-01 15:19:46 6DFB2D49DDCB461ECC81CED5A48F5E9B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IBPQZOX.zip 2014-09-01 15:18:55 B395790637F7214432CC7BBCA790A9C8 594775 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$REQ0V1G.zip 2014-09-01 15:18:51 A78BA3AB93757C9E0917EB1F579B6AF7 84835 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RBPQZOX.zip 2014-08-31 20:16:40 7CA1D2EE6761E06F5DA5DFFD8DC8272E 32401 ----a-w- C:\Program Files\Bitdefender\Bitdefender 2015\bdwtecr.crx 2014-08-31 20:02:36 E996B3B2FEC591ADB6D75155221613D8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IL397TR.zip 2014-08-31 20:02:27 FE9F5874BC39D3BFD8C4E5D720163C30 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$IWBQ8E6.zip 2014-08-31 20:02:10 59D332ACCE8192BF4690B32D44DD3A73 2720895 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RL397TR.zip 2014-08-31 20:00:15 89BFC0ED8DA88B2C93EF690F74C110AD 1187960 ----a-w- C:\$Recycle.Bin\S-1-5-21-2446841494-3410461588-665714286-1000\$RWBQ8E6.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AC1G46S05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Run] "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AC1G46S05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe" "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AC1G46S05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SMART Floating Tools"="C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe" "SMARTNotification"="C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe" "SMART Tray Tools"="C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Deskjet 3520 series (NET)"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe -deviceID CN3AC1G46S05SY:NW -scfn HP Deskjet 3520 series (NET) -AutoStart 1" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\"" "hkey"="HKCU" "item"="GarminExpressTrayApp" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "command"="C:\\Windows\\system32\\hkcmd.exe" "hkey"="HKLM" "item"="HotKeysCmds" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Deskjet 3520 series (NET)] "command"="\"C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN3AC1G46S05SY:NW\" -scfn \"HP Deskjet 3520 series (NET)\" -AutoStart 1" "hkey"="HKCU" "item"="HP Deskjet 3520 series (NET)" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "hkey"="HKLM" "item"="HP Software Update" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "command"="C:\\Windows\\system32\\igfxtray.exe" "hkey"="HKLM" "item"="IgfxTray" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "command"="C:\\Windows\\system32\\igfxpers.exe" "hkey"="HKLM" "item"="Persistence" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sbsdk-server] "command"="\"C:\\Program Files\\SMART Technologies\\Education Software\\sbsdk-server\\NodeLauncher.exe\"" "hkey"="HKLM" "item"="sbsdk-server" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Board Service] "command"="\"C:\\Program Files\\SMART Technologies\\Education Software\\SMARTBoardService.exe\" -d" "hkey"="HKLM" "item"="SMART Board Service" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Board Tools] "command"="\"C:\\Program Files\\SMART Technologies\\Education Software\\SMARTBoardTools.exe\"" "hkey"="HKLM" "item"="SMART Board Tools" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Ink] "command"="\"C:\\Program Files\\SMART Technologies\\Education Software\\SMARTInk.exe\" -a" "hkey"="HKLM" "item"="SMART Ink" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FromDocToPDF_65Service] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3520 series" ["C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\katleen\AppData\Roaming\Thunderbird\Profiles\bokkgq5w.default - Undetermined - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\katleen\AppData\Roaming\Mozilla\Firefox\Profiles\hvrk0bgd.default 99407FF47487D59D749545B93CDCE4D3 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U11 F42962C2257294BE4AB0CB6038D9E477 - C:\Program Files\Java\jre8\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.110.12 6C6A2C5957AD53255B2F2EDCCD42FC76 - C:\Users\katleen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 2A325AB066E06382681A4899C0FAACA4 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_101.dll - Shockwave Flash 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin DA4E83FE6F229C7108EF5E9671B29260 - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== YouTube - katleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - katleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - katleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\katleen\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", "startup_urls": [ "http://www.google.com" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{C9CBBD80-D97C-4155-AE16-F065F5ABC253}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {C9CBBD80-D97C-4155-AE16-F065F5ABC253} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {EEE6C360-6118-11DC-9C72-001320C79847} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} deleted successfully HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2446841494-3410461588-665714286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\katleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\katleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\katleen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=195 folders=58 64760333 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\katleen\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\katleen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 02/09/2014 at 22:41:11,72 ======================