Zoek.exe v5.0.0.0 Updated 16-November-2014 Tool run by peter on zo 16/11/2014 at 11:43:57,20. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\peter\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16/11/2014 11:46:04 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Optimizer Pro deleted successfully C:\PROGRA~2\WebSearch deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\InterActual deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\install_clap deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\peter\AppData\Roaming\QuickScan deleted successfully C:\Users\peter\AppData\Roaming\TP deleted successfully C:\Users\peter\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\peter\AppData\Local\cdrtfe deleted successfully C:\Users\peter\AppData\Local\Downloaded Installations deleted successfully C:\Users\peter\AppData\Local\Lollipop deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34B05485-5CE3-B1C4-79CD-5A30DEA14638} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34B05485-5CE3-B1C4-79CD-5A30DEA14638} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DCF2D40-388F-4938-80A7-65E9CA45A662} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{554691D1-A879-4DD0-AC59-E0FED9671FA9} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E8C8E76-C360-41F6-BC55-4DE5965D2C10} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F42C51-B67A-4D70-BC82-9087BE33854F} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B4B8A22-CFC7-49D9-B3E0-616AFB720CF} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB54FAC9-CE9D-458F-886-E0F5C5E8A7D9} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED49AB71-25A6-49B2-9A89-5F15FEFD122E} deleted successfully HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F01E6E01-D9C6-412E-B6F1-CD28F417CB2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{34B05485-5CE3-B1C4-79CD-5A30DEA14638} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34B05485-5CE3-B1C4-79CD-5A30DEA14638} deleted successfully HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Partner Service deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.id", "204c3cc0000000000000685d43bdbc59"); user_pref("extensions.delta.instlDay", "15786"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.020:54:51"); user_pref("extensions.delta.vrsni", "1.8.10.0"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "204c3cc0000000000000685d43bdbc59"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15786"); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsni", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.020:54:51"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaulturl", "http://websearch.searchrocket.info/?pid=512&r=2013/05/26&hid=1616663869&lg=EN&cc=BE&unqvl=16&l=1&q="); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://websearch.searchrocket.info/?pid=512&r=2013/05/26&hid=1616663869&lg=EN&cc=BE&un user_pref("sweetim.toolbar.previous.keyword.URL", "http://websearch.searchrocket.info/?pid=512&r=2013/05/26&hid=1616663869&lg=EN&cc=BE&unqvl=16&l=1&q= ---- Lines babylon removed from prefs.js ---- user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "1425b6639723f269dd3288632ee05134"); ---- Lines Sweet removed from prefs.js ---- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.searchguard.enable", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); ---- Lines extensions.51a1af79ca56e removed from prefs.js ---- user_pref("extensions.51a1af79ca56e.epoch", "1390063765"); user_pref("extensions.51a1af79ca56e.url", "http://getjpinet.info/sync2/?ext=ctos&pid=512&country=BE®d=130526064513&lsd=140117164905&ver=7&ind=25901 ---- Lines extensions.51a1afb04d2ae removed from prefs.js ---- user_pref("extensions.51a1afb04d2ae.epoch", "1390063765"); user_pref("extensions.51a1afb04d2ae.url", "http://toolkitcomp.info/sync2/?ext=wbn&pid=512&country=BE®d=130526064608&lsd=140117164904&ver=7&ind=2590 ---- FireFox user.js and prefs.js backups ---- user_20141611_1158_.backup prefs_20141611_1158_.backup ProfilePath: C:\Users\peter\AppData\Roaming\TomTom\HOME\Profiles\w73av5e5.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141611_1158_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34B05485-5CE3-B1C4-79CD-5A30DEA14638}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\ProgramData\coontInuueatosAivee deleted C:\ProgramData\Partner deleted C:\PROGRA~3\StarApp deleted C:\PROGRA~2\GUT3562.tmp deleted C:\PROGRA~2\GUT55FE.tmp deleted C:\PROGRA~2\GUM3561.tmp deleted C:\PROGRA~2\GUM55FD.tmp deleted C:\PROGRA~2\GUMD633.tmp deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted C:\PROGRA~2\Smart Driver Updater deleted C:\PROGRA~2\ContinueToSave deleted C:\found.000 deleted C:\Users\peter\AppData\Roaming\eIntaller deleted C:\Users\peter\AppData\Roaming\Babylon deleted C:\Users\peter\AppData\Roaming\DealPly deleted C:\Users\peter\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\eSafe deleted C:\PROGRA~3\SearchNewTab deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\peter\AppData\Local\IAC deleted C:\Users\peter\AppData\Local\Cool_Mirage deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontInuueatosAivee deleted C:\windows\SysNative\Tasks\DealPly deleted C:\Users\peter\AppData\LocalLow\coontInuueatosAivee deleted C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\ask-search.xml deleted C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\conduit-search.xml deleted C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\WebSearch.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\qvo6.xml deleted C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\extensions\ew86@gppa-qhc.org deleted C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\extensions\nuxa4qp@iojdhphynw.edu deleted "C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\delta.xml" deleted "C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\delta.xml" deleted "C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\delta.xml" deleted "C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default\searchplugins\delta.xml" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\peter\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-12 19:48:06 40B2789423E5987A65C29D61300F59A1 140280 ----a-w- C:\Windows\SysWOW64\BgGamingMonitor.dll 2014-11-12 19:48:03 8CA158DCFB0967C764231920CFC03453 64336 ----a-w- C:\Windows\SysWOW64\BGLsp.dll 2014-11-12 08:09:43 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 08:09:42 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-11-12 08:09:42 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 08:09:41 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 08:09:41 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 08:09:41 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-11-12 08:09:40 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-11-12 08:09:40 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 08:09:40 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 08:09:38 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 08:09:38 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 08:09:38 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-11-12 08:09:37 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-11-12 08:09:37 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 08:09:35 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 08:09:34 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 08:09:34 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 08:09:34 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 08:09:33 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-11-12 08:09:33 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-11-12 08:09:29 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-11-12 08:09:29 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 08:09:28 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-11-12 08:09:28 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-11-12 08:09:27 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 08:09:26 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-11-12 08:08:17 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2014-11-12 08:08:16 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2014-11-12 08:08:16 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-11-12 08:08:16 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-11-12 08:07:13 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-11-12 08:07:13 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 08:07:12 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 08:07:11 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 08:07:10 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 08:07:10 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 08:07:05 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 08:07:05 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-11-12 08:07:04 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 08:07:04 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 08:07:04 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-11-12 08:07:04 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-11-12 08:07:04 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-11-12 08:06:46 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2014-11-12 08:06:41 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-11-12 08:06:32 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-16 09:56:21 78BDF4A691F9F2A88E9F194C87D0971E 512 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2014-11-12 19:48:06 1722ADEE84428A882B2EF970A05C665A 153712 ----a-w- C:\Windows\Sysnative\BgGamingMonitor.dll 2014-11-12 19:48:03 76C2D101439A031D8146C04035E66AB9 76624 ----a-w- C:\Windows\Sysnative\BGLsp.dll 2014-11-12 08:09:42 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-11-12 08:09:42 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-11-12 08:09:42 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-11-12 08:09:41 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-11-12 08:09:41 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-11-12 08:09:40 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-11-12 08:09:37 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-11-12 08:09:37 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-11-12 08:09:35 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-11-12 08:09:34 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-11-12 08:09:33 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-11-12 08:09:33 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-11-12 08:09:32 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-11-12 08:09:32 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-11-12 08:09:30 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-11-12 08:09:30 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-11-12 08:09:28 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-11-12 08:09:28 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-11-12 08:09:15 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-11-12 08:09:14 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-11-12 08:09:14 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-11-12 08:09:13 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-11-12 08:09:13 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-11-12 08:09:12 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-11-12 08:09:12 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-11-12 08:09:11 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-11-12 08:09:11 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-11-12 08:09:10 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-11-12 08:09:10 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-11-12 08:09:09 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-11-12 08:08:23 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-11-12 08:08:22 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-11-12 08:08:22 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-11-12 08:08:17 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-11-12 08:08:17 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll 2014-11-12 08:08:17 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-11-12 08:08:16 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2014-11-12 08:07:13 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-11-12 08:07:13 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-11-12 08:07:12 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL 2014-11-12 08:07:11 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-11-12 08:07:10 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-11-12 08:07:10 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-11-12 08:07:10 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-11-12 08:07:10 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-11-12 08:07:06 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-11-12 08:07:06 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-11-12 08:07:04 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-11-12 08:07:04 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-11-12 08:07:04 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-11-12 08:07:04 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-11-12 08:07:04 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-11-12 08:06:46 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-11-12 08:06:46 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2014-11-12 08:06:42 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll 2014-11-12 08:06:32 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-11-12 08:08:17 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-16 10:22:08 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\peter\AppData\Roaming ====== ====== C:\Users\peter ====== 2014-11-16 10:21:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\peter\Downloads\RSITx64.exe ====== C: exe-files == 2014-11-16 10:22:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\peter.exe 2014-11-16 10:21:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\peter\Downloads\RSITx64.exe 2014-11-15 15:33:36 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-11-15 15:33:36 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-11-15 15:33:36 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-11-15 15:33:32 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-11-15 15:33:32 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-11-15 15:33:32 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-11-15 15:33:31 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-11-15 15:33:30 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe 2014-11-12 19:48:07 515DEE2860EFD5ECF4748630969C5735 82768 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Files32\BgDelayStartup.exe 2014-11-12 19:48:06 7856E74A3A571546F25C7B26514C0170 86864 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgDelayStartup.exe 2014-11-12 19:48:05 A6DB1F5D3D64B0E85EFDCF270733B068 359760 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\InspectorScan.exe 2014-11-12 19:48:03 FE156055D69FE94E09E64D0CBD9B173E 306512 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BackupRun.exe 2014-11-12 19:48:03 D7BC1AE5B3DBA44038DD7866BA265C5A 228688 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe 2014-11-12 19:48:03 2BB82C10908DE35F454314EC3DBB862B 381776 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BackupShellTransfer.exe 2014-11-12 19:48:02 E37CBE3B46B56E2331848796BE5DF518 235856 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Files32\BsMailProxy\BgCertUtil32.exe 2014-11-12 19:48:02 CAEF8AA238E6C503D43EC653AFF6FA81 476496 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe 2014-11-12 19:48:02 C825E42C1D520CBF9A1C714C5E80030C 248144 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgSecErase.exe 2014-11-12 19:48:02 61579DC69BDB506B851B1D8B39AB3D00 130896 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\UpdatePatcher.exe 2014-11-12 19:48:02 34F87DB506E7E485BADE66AC5511F439 592208 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe 2014-11-12 19:48:02 290189128E1694CF3EB27E2928239B5F 280912 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe 2014-11-12 19:48:01 2450314ED6CD377767FA378774D0269F 2933072 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe 2014-11-12 19:48:01 0ECE0518A6F439F043CEF0286A5DFA47 1167184 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\ManualUpdate.exe 2014-11-12 19:48:00 BBEC295070D8F6D45F84D10C2316407C 158032 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgProbe.exe 2014-11-12 19:48:00 96D1E0D9E6E69A41FB78D53B9103D317 148816 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Files32\BgProbe.exe 2014-11-12 19:48:00 7EDF69309275B7BBA41E0CA89706622F 1351504 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe 2014-11-12 19:48:00 745C84553B6544AC03CDD8DB84803029 154448 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgNag.exe 2014-11-12 19:48:00 6663F49805E672A51D0E6CF1DE1CC855 71504 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgLauncher.exe 2014-11-12 19:48:00 40ADCFFED0BDB1E5B94931DFD3E5F6D2 77648 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BgRegister.exe 2014-11-12 19:43:10 E20CC35E7A0C10A9E18472CFAA47C3E5 384848 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe 2014-11-12 08:09:42 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-11-12 08:09:41 B569522A58F9B53B20D16516D26E0DD8 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-11-12 08:09:41 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-11-12 08:09:37 B5724D61C7CB3FC9BACD9F8E58A77A03 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-11-12 08:09:37 2E1CAA313AAE151B8D6E81C0075DE88C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-11-12 08:09:35 591C6FD1541BAFAEEE82B1F5831C8532 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-11-12 08:09:34 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-11-12 08:09:34 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 08:09:31 0A2FA344ABBE0D160CE9773256A42B21 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-11-12 08:09:29 F00FC8AF1B04C4611F92BC3DA01A2F49 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-11-12 08:09:28 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-12 08:08:22 C265E023A65D7DA049E1B1D957F714EE 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-11-12 08:08:22 037DF5FF4E17AD355309F0E4B15B48BE 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-11-12 08:07:12 7EEB4D2A17421D337F970FB5C3B24410 106496 ----a-w- C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe 2014-11-12 08:07:12 73E0DAD52482E65C478EA46081C8785A 141312 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe === C: other files == 2014-11-12 08:08:17 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-11-12 08:06:46 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3912184471-2576750514-564948755-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart " "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun " "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dolby Advanced Audio v2"="C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe -autostart" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe " "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe " "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart " "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun " "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "BLEServicesCtrl"="C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe" ==== Startup Folders ====================== 2014-04-20 06:50:17 1847 ----a-w- C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/11/2014 20:55] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/10/2014 05:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/10/2014 05:27] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\peter\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard" [01/08/2014 05:04] ==== Firefox Extensions ====================== ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\v3o2tte6.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\peter\AppData\Roaming\TomTom\HOME\Profiles\w73av5e5.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Docs - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Local Weather - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjepakjckgnfbmmopjiendmekokmiaj AdBlock - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Maps - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh Google Wallet - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {7CF9E125-6996-4DAE-99B4-96D7AB335CAF} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_nlBE526" ==== shortcuts on Users Desktops ====================== C:\Users\peter\Desktop\BullGuard Online Drive.lnk - C:\Users\peter\Desktop\cdrtools Frontend.lnk - C:\Program Files (x86)\cdrtfe\cdrtfe.exe C:\Users\peter\Desktop\Google Drive.lnk - C:\Users\peter\Google Drive ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\BullGuard.lnk - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\Public\Desktop\TuneUp 1-klik Onderhoud.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Burning Studio.lnk - C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Burning Studio\burningstudio.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Photo Commander.lnk - C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Commander\apc.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Photo Optimizer.lnk - C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Photo Optimizer\photooptimizer.exe C:\Users\Public\Desktop\Medion MediaPack\Ashampoo Snap.lnk - C:\Program Files (x86)\Medion MediaPack 2\Ashampoo Snap\ashsnap.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\cdrtfe (debug mode).lnk - C:\Program Files (x86)\cdrtfe\cdrtfe.exe /debug C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\cdrtfe Help.lnk - C:\Program Files (x86)\cdrtfe\help\cdrtfe_english.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\cdrtools Frontend.lnk - C:\Program Files (x86)\cdrtfe\cdrtfe.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\Changes.lnk - C:\Program Files (x86)\cdrtfe\doc\changes.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\CommandShell.lnk - C:\Program Files (x86)\cdrtfe\tools\scripts\cmdshell.cmd C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\Readme M2F2Extract.lnk - C:\Program Files (x86)\cdrtfe\doc\m2f2extract_en.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cdrtools Frontend\Verwijder cdrtools Frontend.lnk - C:\Program Files (x86)\cdrtfe\uninst\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=ST9750423AS_5WS4L5CAXXXX5WS4L5CA&ts=1373525005 C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Media Suite.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Mesh.lnk - C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=adk&from=adk&uid=ST9750423AS_5WS4L5CAXXXX5WS4L5CA&ts=1373525005 C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Medion FastBoot.lnk - C:\Windows\Installer\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}\_3BF550C2AC7750ECFA5076.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TuneUp Utilities - Startoberfläche.lnk - C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A073082F-8E3B-1580-888B-1729BCCD1C0D} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=212 folders=58 40682299 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\peter\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\peter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 16/11/2014 at 12:16:58,91 ======================