Zoek.exe v5.0.0.0 Updated 16-10-2014 Tool run by Ren‚e on vr 17/10/2014 at 9:01:38,02. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\RENE~1\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 17/10/2014 9:09:21 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Apoint2K deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\SearchProtect deleted successfully C:\Program Files\SlySoft deleted successfully C:\PROGRA~2\systemk deleted successfully C:\PROGRA~2\Tarma Installer deleted successfully C:\Users\RENE~1\AppData\\New folder deleted successfully C:\Users\RENE~1\AppData\Local\CrashDumps deleted successfully C:\Users\RENE~1\AppData\Local\DriverToolkit deleted successfully C:\Users\RENE~1\AppData\Local\dumps deleted successfully C:\Users\RENE~1\AppData\Local\Lollipop deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6171391A-EB1F-46ED-8D7D-4F8CEA4C3589} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebCakeUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WebCakeUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WebCakeUpdater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\RENE~1\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "be6e9b790000000000000022faa2d605"); user_pref("extensions.delta.instlDay", "15926"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.22.0"); user_pref("extensions.delta.vrsnTs", "1.8.22.017:33:24"); user_pref("extensions.delta.vrsni", "1.8.22.0"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119557&tt=070813_wc1&tsp=4969"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "be6e9b790000000000000022faa2d605"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15926"); user_pref("extensions.delta.vrsn", "1.8.22.0"); user_pref("extensions.delta.vrsni", "1.8.22.0"); user_pref("extensions.delta.vrsnTs", "1.8.22.017:33:24"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=119557&tt=070813_wc1&tsp=4969"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines isearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines search.net removed from prefs.js ---- user_pref("browser.search.defaultenginename", "default-search.net"); user_pref("browser.search.order.1", "default-search.net"); user_pref("browser.search.selectedEngine", "default-search.net"); user_pref("browser.startup.homepage", "http://www.default-search.net?sid=476&aid=135&itype=n&ver=13001&tm=386&src=hmp"); user_pref("keyword.URL", "http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=13001&tm=386&src=ds&p="); ---- FireFox user.js and prefs.js backups ---- user_20141710_0930_.backup prefs_20141710_0930_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Program Files\SaveSense deleted C:\Program Files\Mozilla Firefox\searchplugins\default-search.xml deleted C:\Program Files\FLVM Player deleted C:\Program Files\Convesoft deleted C:\Program Files\AVG Security Toolbar deleted C:\Program Files\YouTube Downloader Toolbar deleted C:\Program Files\Web Cake deleted C:\Program Files\Settings Manager deleted C:\PROGRA~2\Avg_Update_0814tb deleted C:\PROGRA~2\ParetoLogic deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\Package Cache deleted C:\Users\mos\AppData\Local\AVG Secure Search deleted C:\Users\RENE~1\AppData\Local\AVG Secure Search deleted C:\Users\RENE~1\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted C:\Users\RENE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\SaveSense deleted C:\Users\RENE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\FLVM Player deleted C:\Users\mos\AppData\LocalLow\AVG Secure Search deleted C:\Users\RENE~1\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\RENE~1\AppData\LocalLow\AVG Secure Search deleted C:\Users\RENE~1\AppData\LocalLow\Conduit deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\wininit.ini deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Windows\system32\Tasks\BrowserDefendert deleted C:\Windows\system32\Tasks\EPUpdater deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\AI_RecycleBin deleted C:\Users\RENE~1\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default\searchplugins\avg-secure-search.xml deleted C:\Users\RENE~1\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default\searchplugins\default-search.xml deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" deleted "C:\Program Files\Movdap\WBDesktop.Updater.1.0.0.16.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted "C:\Program Files\Microsoft\BingBar" not deleted "C:\Program Files\Movdap" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\RENE~1\AppData\Local\Temp ==== 2014-10-17 06:11:54 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\RENE~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvdokvv.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-10-16 14:54:50 1333DD61BA97EE3F9DF23A0D65A70AA0 230912 ----a-w- C:\Windows\System32\generaltel.dll 2014-10-16 14:54:48 975CB5016F5C5520607F6CA6768F161B 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-10-16 14:54:48 0F655F9B3EBB3E05698B8F905F48953C 396288 ----a-w- C:\Windows\System32\aepdu.dll 2014-10-16 14:54:44 348289FDF17FB4A1F23091F9463642D6 2379264 ----a-w- C:\Windows\System32\win32k.sys 2014-10-16 14:54:28 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\System32\rastls.dll 2014-10-16 14:54:26 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\System32\locale.nls 2014-10-16 14:54:24 F1886C30C3E4A7C5513525CBA665AA31 6144 ----a-w- C:\Windows\System32\KBDTAT.DLL 2014-10-16 14:54:24 EB3D06A9EDFDFD12228AD7A9F24D15D6 5632 ----a-w- C:\Windows\System32\KBDRU.DLL 2014-10-16 14:54:24 40FFC65117C4AC69D33DEC6D567392FD 6144 ----a-w- C:\Windows\System32\KBDYAK.DLL 2014-10-16 14:54:24 33DB506498E0419CD50B144DE7CCFC75 6144 ----a-w- C:\Windows\System32\KBDBASH.DLL 2014-10-16 14:54:24 1235259E135F87BF4AE5864A818E1513 6144 ----a-w- C:\Windows\System32\KBDRU1.DLL 2014-10-16 14:54:21 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\System32\mscories.dll 2014-10-16 14:54:21 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\System32\mscorier.dll 2014-10-16 14:54:21 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\System32\dfshim.dll 2014-10-16 14:54:20 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-10-16 14:54:20 8C8B6144B47FE37724590CA832ED26CA 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-10-16 14:54:19 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\System32\vbscript.dll 2014-10-16 14:54:19 CEA291F4C62ECBE1565EC4B37D9AF088 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-10-16 14:54:19 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-10-16 14:54:19 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-10-16 14:54:19 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-10-16 14:54:19 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-10-16 14:54:19 8F390C7AA11DF00FC3EF86FA72A939D2 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-10-16 14:54:18 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\System32\wininet.dll 2014-10-16 14:54:17 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\System32\dxtrans.dll 2014-10-16 14:54:16 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-10-16 14:54:16 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\System32\ieui.dll 2014-10-16 14:54:15 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-10-16 14:54:15 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-10-16 14:54:14 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\System32\iertutil.dll 2014-10-16 14:54:13 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\System32\jscript9.dll 2014-10-16 14:54:13 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-10-16 14:54:12 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\System32\mshtml.dll 2014-10-16 14:54:09 AF31CC5BAEB4916C0AF9AB062CFE8DA2 677888 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-16 14:54:09 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-10-16 14:54:08 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-10-16 14:54:08 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-10-16 14:54:08 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\System32\urlmon.dll 2014-10-16 14:54:07 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-10-16 14:54:07 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-10-16 14:54:06 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-10-16 14:54:06 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-10-16 14:54:06 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-10-16 14:54:05 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\System32\ieframe.dll 2014-10-16 14:53:49 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\System32\mstscax.dll 2014-10-16 14:53:48 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\System32\mstsc.exe 2014-10-16 14:53:47 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\System32\winsta.dll 2014-10-16 14:53:47 E05E31F7BF577228E27CFFCA5B54ABBD 523264 ----a-w- C:\Windows\System32\termsrv.dll 2014-10-16 14:53:47 154C266939DBFE18F6CF2D2D793C1F84 919552 ----a-w- C:\Windows\System32\rdpcorets.dll 2014-10-16 14:53:46 B4203FC65D4C0D7A0B7A02AFD13472BB 130048 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2014-10-16 14:53:46 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\System32\aaclient.dll 2014-10-16 14:53:46 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2014-10-16 14:53:45 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\System32\credssp.dll 2014-10-16 14:53:33 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\System32\msi.dll 2014-10-16 14:53:27 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\System32\packager.dll ====== C:\Windows\system32\drivers ===== 2014-10-16 14:53:46 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-16 14:53:45 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== 2014-10-15 04:39:05 C2A0EB052284B124D12C677176E93C5B 3324 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809957859-1319238196-1854184364-1005 2014-10-02 16:01:34 89E88D1EAD4A6B801BBB325993860DDC 3612 ----a-w- C:\Windows\system32\Tasks\RNUpgradeHelperResumePrompt_Renée 2014-10-02 16:01:03 A6C83FA552BFF23762C719E5E0A65BBD 370 ----a-w- C:\Windows\Tasks\ReclaimerUpdateFiles_Renée.job 2014-10-02 16:01:03 0726F38B415264C4581F77C19984D13B 2964 ----a-w- C:\Windows\system32\Tasks\ReclaimerUpdateFiles_Renée 2014-10-02 15:59:34 09610D6F2A76CC51612C1B963A545D22 2960 ----a-w- C:\Windows\system32\Tasks\ReclaimerUpdateXML_Renée 2014-10-02 15:56:06 8C4039944C75CF12CC04D49D98973676 366 ----a-w- C:\Windows\Tasks\ReclaimerUpdateXML_Renée.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-16 09:46:05 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\RENE~1\AppData ====== 2014-10-15 04:40:17 -------- d-----w- C:\Users\mos\AppData\Roaming\RealNetworks ====== C:\Users\RENE~1 ====== ====== C: exe-files == 2014-10-16 14:54:09 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-10-16 14:54:07 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-10-16 14:54:03 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-16 09:46:09 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Renée.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Users\Ren‚e\Desktop\Garmin\Garmin\Express Tray\ExpressTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SDTray"="E:\Spybot - Search & Destroy 2\SDTray.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot" "QuickTime Task"="E:\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Users\Ren‚e\Desktop\Garmin\Garmin\Express Tray\ExpressTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acer ePower Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer PowerSmart Manager\\ePowerTrayLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Adobe Bridge CS5.1\\Bridge.exe\" -stealth" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeDeluxeAgent" "hkey"="HKLM" "command"="\"C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AVG_UI" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVG\\AVG2014\\avgui.exe\" /TRAYONLY" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"R:\\Office 2010\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\Kernel\\CLML\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Device Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Device Detection" "hkey"="HKCU" "command"="E:\\HEMA Service Photo\\dd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecLiveUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files\\EgisTec Egis Software Update\\EgisUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Users\\Ren‚e\\Desktop\\Garmin\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google+ Auto Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google+ Auto Backup" "hkey"="HKCU" "command"="\"C:\\Users\\Ren‚e\\AppData\\Local\\Programs\\Google\\Google+ Auto Backup\\Google+ Auto Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDriveSync" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\Drive\\googledrivesync.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IntelliPoint" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwlDaemon" "hkey"="HKLM" "command"="C:\\Program Files\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCplDaemon" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"E:\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpybotSD TeaTimer" "hkey"="HKCU" "command"="E:\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Real\\RealPlayer\\update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vProt" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebCake Desktop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WebCake Desktop" "hkey"="HKCU" "command"="\"C:\\Users\\Ren‚e\\AppData\\Roaming\\Web Cake\\WebCakeDesktop.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZoiperCommunicator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ZoiperCommunicator" "hkey"="HKCU" "command"="E:\\Zoiper Communicator\\Zoiper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\MCAFEE~1\\202B13~1.181\\SSSCHE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ren‚e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\RENE~1\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ren‚e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^iexplore.exe.lnk] "path"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\iexplore.exe.lnk" "backup"="C:\\Windows\\pss\\iexplore.exe.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\INTERN~1\\iexplore.exe " "item"="iexplore.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ren‚e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="R:\\OFFICE~1\\Office14\\ONENOTEM.EXE /tsr" "item"="OneNote 2010 Schermopname en Snel starten" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ren‚e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OUTLOOK.EXE] "path"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OUTLOOK.EXE" "backup"="C:\\Windows\\pss\\OUTLOOK.EXE.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OUTLOOK.EXE" "item"="OUTLOOK" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ren‚e^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk] "path"="C:\\Users\\Ren‚e\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Send to OneNote.lnk" "backup"="C:\\Windows\\pss\\Send to OneNote.lnk.Startup" "backupExtension"=".Startup" "command"="R:\\OFFICE~1\\Office15\\ONENOTEM.EXE /tsr" "item"="Send to OneNote" ==== Startup Folders ====================== 2014-07-12 10:51:16 1015 ----a-w- C:\Users\RENE~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-07-11 06:53:26 676 ----a-w- C:\Users\RENE~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/10/2014 08:56] C:\Windows\tasks\DriverToolkit Autorun.job --a------ C:\DrivC:rToolkit\DrivC:rToolkit.C:xC: [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/10/2009 16:54] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/10/2009 16:54] C:\Windows\tasks\ReclaimerUpdateFiles_Renée.job [Undetermined Task] C:\Windows\tasks\ReclaimerUpdateXML_Renée.job [Undetermined Task] C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Renée.job [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["E:\ccleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\DriverToolkit Autorun" [E:\DriverToolkit\DriverToolkit.exe] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Users\Ren‚e\Desktop\Garmin\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealCreateProcessScheduledTask1194655S-1-5-21-809957859-1319238196-1854184364-1000" [c:\program files\real\realplayer\update\realsched.exe] "C:\Windows\system32\tasks\RealCreateProcessScheduledTask37416683S-1-5-21-809957859-1319238196-1854184364-1000" [c:\program files\real\realplayer\update\realsched.exe] "C:\Windows\system32\tasks\RealCreateProcessScheduledTask40662144S-1-5-21-809957859-1319238196-1854184364-1000" [c:\program files\real\realplayer\update\realsched.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809957859-1319238196-1854184364-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809957859-1319238196-1854184364-1005" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809957859-1319238196-1854184364-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809957859-1319238196-1854184364-1005" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-809957859-1319238196-1854184364-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-809957859-1319238196-1854184364-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{92A0FE40-BE12-420F-9F41-60CEE2BEFD17}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{ADA5EA08-3019-4C86-BB86-D1DD2134E3FC}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{272633AE-1F51-4E27-834B-C7EC42F615AA}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1618] "C:\Windows\system32\tasks\{56E4C740-48BA-494E-8B2A-508053E02234}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\{D9B09313-4F30-4780-8023-CDA18E430AA5}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon" [C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["E:\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["E:\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["E:\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24/12/2012 19:15] ==== Firefox Extensions ====================== ProfilePath: C:\Users\RENE~1\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default - Undetermined - C:\Users\Renée\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default\extensions\formhistory@yahoo.com - Undetermined - C:\Users\Renée\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} - AVG Security Toolbar - %ProfilePath%\extensions\avg@toolbar - Form History Control - %ProfilePath%\extensions\formhistory@yahoo.com - SaveSense - %ProfilePath%\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi - IE View - %ProfilePath%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\RENE~1\AppData\Roaming\Mozilla\Firefox\Profiles\txrrxz43.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files\Movdap\WebCakeLayers.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29/11/2012 21:35] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/10/2011 12:09] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[] Google Docs - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf RealDownloader - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Skype Click to Call - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl AVG Secure Search - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\RENE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\RENE~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.facebook.com/" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" "SearchAssistant"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.facebook.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {4B325B24-1966-4B65-A22B-51049C2E9CD5} Wikipedia (en) Url="http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}" {59AFDD03-8BCD-4F59-9C17-941B1F6E68E8} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_nlBE360" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-809957859-1319238196-1854184364-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCake Desktop deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoiperCommunicator deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guest\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RENE~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RENE~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\RENE~1\AppData\Local\Mozilla\Firefox\Profiles\txrrxz43.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\RENE~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4382 folders=1395 578083056 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Guest\AppData\Local\Temp emptied successfully C:\Users\mos\AppData\Local\Temp emptied successfully C:\Users\RENE~1\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\RENE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Microsoft\BingBar" not found "C:\Program Files\Movdap" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found ==== EOF on vr 17/10/2014 at 9:52:08,24 ======================