Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Robby on zo 29/05/2016 at 11:52:12,06. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robby\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-05-29-090912.log 2308 bytes ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Users\Robby\AppData\Local\DataSafeOnline deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CB9BF949-B311-453D-B899-AA0F81D0C0D0} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B1A13A9-1AB4-4ECE-83B8-90E8ADE22224} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E9417B-65FC-45FE-9276-4C2561AC9C14} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39C5B01A-4E2C-4465-9186-94D18326B7E} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42F49050-1D40-4044-A538-DA9C1E1A35D4} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50B83B96-1E65-435D-A9AE-CF16B581EE4} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E79FAB2-9E4D-41CE-988E-B84ED96F844} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAE77F82-9F42-4995-BD47-C32D72B25846} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C74A871B-4229-4305-9A3F-AC746FE10ED} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Download Assistant Adobe Flash Player 18 ActiveX Adobe Flash Player 21 NPAPI Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Adobe SVG Viewer 3.0 Akamai NetSession Interface Albelli.be Fotoboeken Application Profiles ArcSoft Panorama Maker 5 Ask Toolbar BitTorrent Canon Easy-WebPrint EX Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG4200 series MP Drivers Canon MG4200 series On-screen Manual Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu Catalyst Control Center InstallProxy CCleaner D3DX10 DECAdry Express Labels 3.13 DECAdry Font Manager Dell DataSafe Local Backup - Support Software Dell DataSafe Local Backup Dell DataSafe Online Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Delta Chrome Toolbar Delta toolbar DWG TrueView 2013 Express Burn Disc Burning Software Facebook Plug-In Feedback Tool File Uploader FTDownloader Gebruikersregistratie voor Canon MG4200 series Genie Backup Assistant Google Chrome Google SketchUp 8 Google Toolbar for Internet Explorer Google Update Helper Java 8 Update 91 (64-bit) Java Auto Updater Junk Mail filter update KigoVideoConverter 1.1.0 Kruidvat fotoservice LAV Filters 0.55.3 McAfee Security Scan Plus McAfee SecurityCenter McAfee WebAdvisor Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec Nikon Message Center Nikon Transfer Picture Control Utility PowerDVD DX QuickTime Realtek High Definition Audio Driver RelevantKnowledge Roxio Burn Samsung Kies Samsung Story Album Viewer SAMSUNG USB Driver for Mobile Phones Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft .NET Framework 4.5.2 (KB3122656) Security Update for Microsoft .NET Framework 4.5.2 (KB3127229) Security Update for Microsoft .NET Framework 4.5.2 (KB3135996) Security Update for Microsoft .NET Framework 4.5.2 (KB3142033) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984938) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984943) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114542) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114742) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114895) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3115115) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3114892) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB3114426) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2880510) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3115116) 32-Bit Edition Shared C Run-time for x64 Skype Toolbars SkypeT 7.6 Spotify TomTom HOME TomTom HOME Visual Studio Merge Modules Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3115110) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) ViewNX Visual Studio C++ 10.0 Runtime Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR WinZip 19.5 WiseConvert Toolbar Yontoo 1.10.02 ==== Running Processes ====================== C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\RelevantKnowledge\rlservice.exe C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Users\Robby\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Users\Robby\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Tor\tor.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe C:\PROGRA~2\RELEVA~1\rlvknlg32.exe C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Users\Robby\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RelevantKnowledge deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\VDownloader deleted C:\PROGRA~2\Yontoo deleted C:\Program Files (x86)\Delta deleted C:\Program Files (x86)\Ask.com deleted C:\Windows\syswow64\appdata deleted C:\Users\Robby\AppData\LocalLow\Conduit deleted C:\PROGRA~2\FTDownloader.com deleted C:\PROGRA~2\WiseConvert deleted C:\Users\Robby\AppData\Roaming\Updater deleted C:\Users\Robby\AppData\Roaming\BabSolution deleted C:\Users\Robby\AppData\Roaming\Babylon deleted C:\Users\Robby\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted C:\PROGRA~3\{D19C2D22-6043-47E7-B400-83A351841204} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Robby\AppData\Local\onlysearch deleted C:\Users\Robby\AppData\Local\Unity deleted C:\Users\Robby\AppData\Local\PutLockerDownloader deleted C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Robby\Downloads\winzip19-softonic (1).exe deleted C:\Users\Robby\Downloads\winzip19-softonic.exe deleted C:\Users\Robby\AppData\LocalLow\SkwConfig.bin deleted C:\Users\Robby\AppData\LocalLow\Unity deleted C:\Users\Robby\AppData\LocalLow\WiseConvert deleted C:\Users\Robby\AppData\LocalLow\Delta deleted C:\Users\Robby\AppData\LocalLow\PriceGong deleted C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted C:\windows\SysNative\Tasks\BrowserProtect deleted C:\windows\SysNative\Tasks\EPUpdater deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Robby\Documents\Add-in Express deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted "C:\Users\Robby\AppData\Local\{2DC139D2-114B-4CE6-AA72-C2AE71880264}" deleted "C:\Users\Robby\AppData\Roaming\Configure Folder Actions" deleted "C:\Users\Robby\AppData\Roaming\Contents" deleted "C:\ProgramData\Core Data Application" deleted "C:\ProgramData\Dance" deleted "C:\ProgramData\Desktop Pictures" deleted "C:\ProgramData\Dictionaries" deleted "C:\ProgramData\mntemp" deleted "C:\Windows\SysNative\rlls64.dll" deleted "C:\Windows\Syswow64\rlls.dll" deleted "C:\Users\Robby\AppData\Roaming\StPrsSW\stprss.exe" deleted "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" deleted "C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe" deleted "C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe" deleted "C:\PROGRA~2\RelevantKnowledge\rlvknlg.exe" deleted "C:\PROGRA~2\RelevantKnowledge\rlvknlg32.exe" deleted "C:\PROGRA~2\RelevantKnowledge\rlvknlg64.exe" deleted "C:\Users\Robby\AppData\Roaming\StPrsSW" deleted "C:\Program Files (x86)\RelevantKnowledge" deleted "C:\PROGRA~2\RelevantKnowledge" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3960 MB CPU Info: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz CPU Speed: 2922,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: ATI Radeon HD 5450 | ATI Radeon HD 5450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW TS-H653G Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 923,0GB Hard Disks - Free: C: 835,7GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 08/16/32 | DELL - 20100201 Time Zone: Romance (standaardtijd) Motherboard *: Dell Inc. 033FF6 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: McAfee Antivirus en antispyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Antivirus en antispyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} Default Browser: Google Chrome 50.0.2661.102 Internet Explorer Version: 11.0.9600.18314 Google Chrome version: 50.0.2661.102 Adobe Reader version: 11.0.12.18 Flash Player version: 21.0.0.213 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Robby\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-05-29 08:59:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\RENF356.tmp 2016-05-29 08:59:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\RENF345.tmp 2016-05-29 08:59:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\RENF344.tmp 2016-05-29 08:58:02 AD7DCBB6E6AC65BF347A3FB19CF001D7 110144 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll 2016-05-15 14:31:20 1C3CF537103CF4BD150B7CB6DF507E78 511096 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT ====== C:\Windows\Sysnative\drivers ===== 2016-05-12 18:24:10 4371705697BBB2CAA7C7523058109CE9 264936 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2016-05-12 18:24:10 3A9D7D464BDB3B70D7ECF689ADABBD4D 986344 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2016-05-12 18:22:59 C08CCCE2BE68D04E6C142614736959DA 154344 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-05-12 18:22:59 8308FC2E9147D7632221E3279BB14660 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-05-12 18:22:59 6474F8823C7188D2DA579F01FB6CED6B 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-05-12 18:22:59 1F8DA4ECAEA7E2BCD97E738795817431 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-05-12 18:22:59 0878723427BA190E5ABA5AA0112FA4D4 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-05-12 18:22:59 035C0A9A63DF3F3A52B90D8F6BF0F166 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-05-26 15:26:55 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-05-29 08:59:58 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Robby\AppData\Roaming ====== 2016-05-29 08:58:24 -------- d-----w- C:\Users\Robby\AppData\Roaming\Sun 2016-05-28 08:04:23 -------- d-----w- C:\Users\Robby\AppData\Locallow\Oracle 2016-05-15 14:31:54 4D3A4EDA07C87FEB9F147DEE1F641278 152376 ----a-w- C:\Users\Robby\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Robby ====== 2016-05-29 08:58:23 -------- d-----w- C:\Users\Robby\.oracle_jre_usage 2016-05-29 08:57:36 -------- d-----w- C:\Users\Robby\Desktop 2016-05-29 08:56:08 E9B7CFFD57B5C42D4657B4964E77E50E 57667136 ----a-w- C:\Users\Robby\Downloads\jre-8u91-windows-x64.exe 2016-05-28 08:05:56 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91 (2).exe 2016-05-28 08:05:17 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91 (1).exe 2016-05-28 08:04:16 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91.exe 2016-05-26 15:26:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Robby\Downloads\RSITx64.exe ====== C: exe-files == 2016-05-29 09:51:59 F2D675EA4E03292AE3FA954D01ADE3AC 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$I40WGBX.exe 2016-05-29 09:51:59 AC3F7200DB3D82F1E9DD19471EBC6A2F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$ID7J8XM.exe 2016-05-29 09:51:59 AB937EB91419527E51C919ADDDEA4308 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$IJ0F4MW.exe 2016-05-29 09:51:59 316189D45A74B1F863A990E20A76C0D9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$IGC9TE2.exe 2016-05-29 09:51:29 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RGC9TE2.exe 2016-05-29 09:51:27 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$R40WGBX.exe 2016-05-29 09:50:47 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RD7J8XM.exe 2016-05-29 09:50:28 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RJ0F4MW.exe 2016-05-29 09:23:46 E8658BE20E19CB06F272DBF8DE56A2BC 421889 ----a-w- C:\Program Files (x86)\TomTom\MySportsConnect\Uninstaller.exe 2016-05-29 08:58:02 !HASH: COULD NOT OPEN FILE !!!!! 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2016-05-29 08:58:02 !HASH: COULD NOT OPEN FILE !!!!! 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2016-05-29 08:58:02 !HASH: COULD NOT OPEN FILE !!!!! 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2016-05-29 08:57:48 FD8EF22947F00E0EBBCC6A5A46DC4C10 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\rmiregistry.exe 2016-05-29 08:57:48 ED7628FA1A39D026435FAAE3BA671017 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\ktab.exe 2016-05-29 08:57:48 D701E531A3F8E12481A9204F27B568B5 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\servertool.exe 2016-05-29 08:57:48 D3D68F182E19205444D3C74437237ECE 315456 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\javaws.exe 2016-05-29 08:57:48 B1E378F05A0FB76A374DA298F0F157C1 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\pack200.exe 2016-05-29 08:57:48 A984F0CEC910AC6F5FC0F30417C71062 15936 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\jjs.exe 2016-05-29 08:57:48 A0611310E7EA30992F2939B916B3F527 15936 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\rmid.exe 2016-05-29 08:57:48 981FF90E4BD4DD81015CD906BC3113DE 206912 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\javaw.exe 2016-05-29 08:57:48 8217271144F60572383AB9441A6173D6 15936 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\java-rmi.exe 2016-05-29 08:57:48 8104ACCFA2CEF169825378305F5E1C65 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\kinit.exe 2016-05-29 08:57:48 7306DE808D7DA0E895549BB1C7C487FC 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\policytool.exe 2016-05-29 08:57:48 66EA355D504DC22A7A7282DC3BA48446 197184 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\unpack200.exe 2016-05-29 08:57:48 578A6AD28693B6D8316F9695F7E62E11 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\tnameserv.exe 2016-05-29 08:57:48 53F2DA7EA6826B727D10E59960B40EBB 101440 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\jp2launcher.exe 2016-05-29 08:57:48 4FF6984835BE52EAE3982A16F1031298 34368 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\jabswitch.exe 2016-05-29 08:57:48 3E748560E921FD10393E61DD9ACF79C8 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\klist.exe 2016-05-29 08:57:48 2C9D8499EF36012B80003B4B7D665182 206912 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\java.exe 2016-05-29 08:57:48 283A25F0E5167B994D22FD1A231EA965 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\keytool.exe 2016-05-29 08:57:48 15C72A586C334FD91D29A9ED3EA0E9AD 67136 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\ssvagent.exe 2016-05-29 08:57:48 0EE6732793AEEA3AFFC2A8B28912D86D 16448 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\orbd.exe 2016-05-29 08:57:48 08314082F278728FA63B4730983A3D77 77888 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$RP5BQI0\javacpl.exe 2016-05-29 08:56:08 E9B7CFFD57B5C42D4657B4964E77E50E 57667136 ----a-w- C:\Users\Robby\Downloads\jre-8u91-windows-x64.exe 2016-05-28 08:05:56 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91 (2).exe 2016-05-28 08:05:17 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91 (1).exe 2016-05-28 08:04:16 33684EB020CDD22CB6DD62E338F77589 737856 ----a-w- C:\Users\Robby\Downloads\chromeinstall-8u91.exe 2016-05-26 15:26:59 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Robby.exe 2016-05-26 15:26:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Robby\Downloads\RSITx64.exe 2016-05-26 15:23:13 FA34E3A8FF05F69B2EDEA72438E7FFFF 454144 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2016-05-26 15:23:13 DAE5C698C08E4FDFB052D4A2B05FAF2B 358400 ----a-w- C:\Windows\System32\GWX\GWXDetector.exe 2016-05-26 15:23:13 A93954A96CC7B19F88C8211A88E5949A 421488 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2016-05-26 15:23:13 7003287A5032A3AF1CCF1B9A6FFAA057 534016 ----a-w- C:\Windows\System32\GWX\GWX.exe 2016-05-26 15:23:13 5A1761A6B80DFA60523A0A1850E214EC 755200 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2016-05-26 15:23:13 246CE916C4EB466C436EFB2E1827C7B6 119296 ----a-w- C:\Windows\System32\GWX\GWXUX.exe === C: other files == 2016-05-29 08:57:49 48922D981C54DE75CC1E154AFFB43AE0 14130 ----a-w- C:\$Recycle.Bin\S-1-5-21-1471801812-407514678-4231117504-1001\$R501N4U\deploy\ffjcext.zip ==== Orphaned Tasks deleted from Registry ====================== BrowserProtect deleted EPUpdater deleted Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse deleted Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse deleted JavaUpdateSched deleted NCH Swift Sound\expressburnDowngrade deleted NCH Swift Sound\expressburnShakeIcon deleted RtbSync deleted Scheduled Update for Ask Toolbar deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" "Akamai NetSession Interface"="C:\Users\Robby\AppData\Local\Akamai\netsession_win.exe" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m" "PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "DellSupportCenter"="C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "Nikon Transfer Monitor"="C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" "GBMLite8AgentLaCie"="C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GBMLite8AgentLaCie"="C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe" "Akamai NetSession Interface"="C:\Users\Robby\AppData\Local\Akamai\netsession_win.exe" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\browse~1\\261519~1.190\\{c16c1~1\\browse~1.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" "hkey"="HKLM" "item"="CanonQuickMenu" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool] "command"="\"c:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\"" "hkey"="HKLM" "item"="Desktop Disc Tool" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk] "backup"="C:\\Windows\\pss\\WinZip Preloader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files\\WinZip\\WzPreloader.exe" "item"="WinZip Preloader" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Preloader.lnk" ==== Startup Folders ====================== 2010-05-26 18:20:45 1980 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk 2016-01-29 19:20:57 2057 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf50eeb320c67d.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 20:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e2895fd2f128.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 20:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf50eeb7296a56.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 20:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e289607d3d67.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 20:27] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cf50eeb320c67d" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0e2895fd2f128" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf50eeb7296a56" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0e289607d3d67" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\ShdUpdate" [C:\Users\Robby\AppData\Local\ShdUpdate\shupd.exe] "C:\Windows\SysNative\tasks\VideoMet" [C:\Users\Robby\AppData\Roaming\VideoMet\vidmet.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [24/04/2016 11:19] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [24/04/2016 11:19] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Robby\AppData\Roaming\TomTom\HOME\Profiles\nqo3b9hl.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ExtDir: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - FTdownloader V3.0 - %ExtDir%\ftdownloader3@ftdownloader.com.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bbffdhejhaoiflnpooogkckfdcmmjppn - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[20/04/2016 12:41] jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click11.crx[] mkndcbhcgphcfkkddanakjiepeknbgle - C:\Program Files (x86)\RelevantKnowledge\rlcm.crx[] niapdbllcanepiiimjjndipklodoedlc - C:\Users\Robby\AppData\Local\Temp\YontooLayers.crx[] nohfdhapjjlndfgjnmdlcabloeembdkj - C:\Users\Robby\AppData\Roaming\BabSolution\CR\delta2.crx[] Google Docs - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{CB9BF949-B311-453D-B899-AA0F81D0C0D0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB9BF949-B311-453D-B899-AA0F81D0C0D0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{BBBE211F-CDC6-49F2-8F2D-41F1F35DF297}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{BBBE211F-CDC6-49F2-8F2D-41F1F35DF297} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{12DD1D3C-E4E1-44DE-8233-3F92EE5EF0AD} - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{12DD1D3C-E4E1-44DE-8233-3F92EE5EF0AD} - No_Url_Value HKCU\SearchScopes\{A30E1B67-AB8F-4E0D-94C9-A20CA181FDE9} - https://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{BBBE211F-CDC6-49F2-8F2D-41F1F35DF297} - No_Url_Value ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1471801812-407514678-4231117504-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe O4 - HKLM\..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Robby\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Windows Internet Name Service - Unknown owner - C:\Windows\system32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=799 folders=243 207782377 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robby\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Robby\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 29/05/2016 at 12:30:26,16 ======================