Zoek.exe v5.0.0.0 Updated 15-February-2014 Tool run by Luc on zo 16/02/2014 at 10:20:01,29. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Luc\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 16/02/2014 10:26:04 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AirPrint deleted successfully C:\PROGRA~2\hpmonitor deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\Corel Painter 12.1 Update deleted successfully C:\ProgramData\PDF Architect deleted successfully C:\Users\Laura\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Luc\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gast\AppData\Local\PDFC deleted successfully C:\Users\Gast\AppData\Local\{C2EC9121-F3DE-4377-A0EB-B2599ED5284D} deleted successfully C:\Users\Laura\AppData\Local\PDFC deleted successfully C:\Users\Laura\AppData\Local\{1A6A3B66-3559-4B02-9555-6DA35FF31731} deleted successfully C:\Users\Laura\AppData\Local\{20494944-9793-4E8D-9876-F3679FA9C475} deleted successfully C:\Users\Laura\AppData\Local\{2B700833-6A5E-4824-B388-70DA6BFF5CA2} deleted successfully C:\Users\Laura\AppData\Local\{3DF616B2-098E-4700-99E7-16B5BC8CF1B7} deleted successfully C:\Users\Laura\AppData\Local\{457EC6ED-39D3-4866-8A7C-A8072395FAA8} deleted successfully C:\Users\Laura\AppData\Local\{47B0B1A8-5CCE-4CDB-A77E-AF5C1D1BF5FF} deleted successfully C:\Users\Laura\AppData\Local\{5C6F2B0E-86D6-4CD5-8C8A-259001C228FA} deleted successfully C:\Users\Laura\AppData\Local\{62870365-85F8-4C21-B558-8525CE1B031D} deleted successfully C:\Users\Laura\AppData\Local\{76DB50D3-703D-4388-A0B3-F273C8957FEB} deleted successfully C:\Users\Laura\AppData\Local\{7EBB2BDA-C0BB-416A-B417-A8C0F4ECA40A} deleted successfully C:\Users\Laura\AppData\Local\{832FE97B-C836-4860-A8F8-4677100555E8} deleted successfully C:\Users\Laura\AppData\Local\{902B4155-AA93-4E01-AC9F-A405B6AE795C} deleted successfully C:\Users\Laura\AppData\Local\{93B2EFF4-6817-4BB5-81EB-456F664E50E6} deleted successfully C:\Users\Laura\AppData\Local\{94745573-C9EA-4E4F-8340-C3B6CDB5D981} deleted successfully C:\Users\Laura\AppData\Local\{9CCB116E-0BF4-4D78-9DA0-B487F1364C0E} deleted successfully C:\Users\Laura\AppData\Local\{A19532FA-0104-4F7D-97B1-EFAD6B94E442} deleted successfully C:\Users\Laura\AppData\Local\{A3EEDE33-04C1-42A5-90D5-07DFC28CB921} deleted successfully C:\Users\Laura\AppData\Local\{AD63D5EE-B3E9-419B-90A4-E5DF4904A3A9} deleted successfully C:\Users\Laura\AppData\Local\{B1843B9E-1A9E-4087-A1F2-EE798F1D2454} deleted successfully C:\Users\Laura\AppData\Local\{B2146331-ECDD-4998-9FEC-5F6FC6BC615B} deleted successfully C:\Users\Laura\AppData\Local\{B740920C-A6BA-4BD6-A889-185145B1D996} deleted successfully C:\Users\Laura\AppData\Local\{B986CE9D-BF6F-4BB1-A8AC-20E1F9B16FB7} deleted successfully C:\Users\Laura\AppData\Local\{BEACA2DB-EA98-42B1-BE8D-D1C30DE92734} deleted successfully C:\Users\Laura\AppData\Local\{C4B779B6-93BD-47AE-A8FE-02234A7ADE2F} deleted successfully C:\Users\Laura\AppData\Local\{D0EE949D-6619-4ADB-A09A-9A625D89F725} deleted successfully C:\Users\Laura\AppData\Local\{DB0882B5-4925-4CF4-8D94-427F57450169} deleted successfully C:\Users\Laura\AppData\Local\{DB69760F-C423-4368-8D4C-362AE2ACD614} deleted successfully C:\Users\Laura\AppData\Local\{EB2B88CC-6EB5-47E4-B725-D29A0000F1A9} deleted successfully C:\Users\Laura\AppData\Local\{FC03D3AA-4359-4CBF-A974-C489C007E740} deleted successfully C:\Users\Luc\AppData\Local\PackageAware deleted successfully C:\Users\Luc\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{22651F0B-7253-4F8C-8418-2C743A934C1A} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FACDEA0-46CC-47D8-AE56-F312BCD38282} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CC9AFC1A-84ED-41AD-A9C7-9A6B1D667B87} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ECCE0073-A837-45A2-95B9-600420505F7E} deleted successfully HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ECCE0073-A837-45A2-95B9-600420505F7E} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "BE"); user_pref("extensions.Softonic.cv", "cv5"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.dfltlng", "nl"); user_pref("extensions.Softonic.dfltsrch", "false"); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "17C8DB1FEBD0AC9A335AB6B017105BFA"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.hrdid", "68ecae4600000000000068a3c4eaa3d0"); user_pref("extensions.Softonic.id", "68ecae4600000000000068a3c4eaa3d0"); user_pref("extensions.Softonic.instlDay", "15643"); user_pref("extensions.Softonic.instlRef", "INF00008"); user_pref("extensions.Softonic.instlday", "15643"); user_pref("extensions.Softonic.instlref", "INF00008"); user_pref("extensions.Softonic.isdcmntcmplt", "false"); user_pref("extensions.Softonic.keywordurl", ""); user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.422:03:11"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.monitorreport", true); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.newtab", "false"); user_pref("extensions.Softonic.newtaburl", ""); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prtnrid", "softonic"); user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"101\",\"name\":\"Radio Mambo 106 FM\",\"url\":\"http://www.mambo.it/player/mambo.asx\",\" user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.savedVrsnTs", "1"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.smplgrp", "none"); user_pref("extensions.Softonic.srch", ""); user_pref("extensions.Softonic.srchprvdr", ""); user_pref("extensions.Softonic.storage\\storage\\mpvfloatingwindmutex", "752313240416428@@@Thu Jan 01 1970 01:00:00 GMT+0100 (Romance (standaardtijd)) user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "9acc75996b342170588d1768b8d37cd7@@@Sat Feb 15 2014 09:23:38 GMT+0100 (Romance (stan user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/INF00008/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.tlbrid", "base"); user_pref("extensions.Softonic.tlbrsrchurl", "http://search.softonic.com/INF00008/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.6.7.4"); user_pref("extensions.Softonic.vrsnTs", "1.6.7.422:03:11"); user_pref("extensions.Softonic.vrsni", "1.6.7.4"); user_pref("extensions.Softonic.vrsnts", "1.6.7.422:03:11"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.422:03:11"); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,web2pdfextension%40web2pdf.adobedotcom:1.2,%7B972ce4c6-7e08-4474-a285-3208198ce6f user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files ( user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.6.0,smartwebprinting@hp.com:4.51,50d71a4c9e37d@50d71a4c9e3b5.com:1,toolbar@ask.com:3.15. ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/INF00008/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.id", "68ecae4600000000000068a3c4eaa3d0"); user_pref("extensions.Softonic.instlDay", "15643"); user_pref("extensions.Softonic.vrsn", "1.6.7.4"); user_pref("extensions.Softonic.vrsni", "1.6.7.4"); user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.422:03:11"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.instlRef", "INF00008"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.admin", false); ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.6.0,smartwebprinting@hp.com:4.51,50d71a4c9e37d@50d71a4c9e3b5.com:1,toolbar@ask.com:3.15. ---- Lines extensions.50d71a4c9e428 removed from prefs.js ---- user_pref("extensions.50d71a4c9e428.epoch", "1392537312"); user_pref("extensions.50d71a4c9e428.url", "http://good-tech.net/sync2/?ext=savebc&pid=2050&country=BE®d=121223145052&lsd=140215075440&ver=4&ind=171 ---- FireFox user.js and prefs.js backups ---- user_20141602_1043_.backup prefs_20141602_1043_.backup ==== Deleting Files \ Folders ====================== C:\Windows\syswow64\appdata deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\Softonic deleted C:\PROGRA~2\BabylonToolbar deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\WiseConvert_2.1 deleted C:\PROGRA~2\Conduit deleted C:\found.000 deleted C:\Users\Cami\AppData\Roaming\pdfforge deleted C:\Users\Luc\AppData\Roaming\Babylon deleted C:\Users\Luc\AppData\Roaming\BabylonToolbar deleted C:\Users\Luc\AppData\Roaming\pdfforge deleted C:\ProgramData\Ask deleted C:\ProgramData\SaveByclick deleted C:\ProgramData\Package Cache deleted C:\Users\Luc\AppData\Local\Conduit deleted C:\Users\Cami\AppData\LocalLow\SaveByclick deleted C:\Users\Cami\AppData\LocalLow\WiseConvert_2.1 deleted C:\Users\Cami\AppData\LocalLow\AskToolbar deleted C:\Users\Cami\AppData\LocalLow\PriceGong deleted C:\Users\Cami\AppData\LocalLow\Conduit deleted C:\Users\Gast\AppData\LocalLow\WiseConvert_2.1 deleted C:\Users\Gast\AppData\LocalLow\PriceGong deleted C:\Users\Gast\AppData\LocalLow\Conduit deleted C:\Users\Laura\AppData\LocalLow\SaveByclick deleted C:\Users\Laura\AppData\LocalLow\AskToolbar deleted C:\Users\Luc\AppData\LocalLow\WiseConvert_2.1 deleted C:\Users\Luc\AppData\LocalLow\Softonic deleted C:\Users\Luc\AppData\LocalLow\PriceGong deleted C:\Users\Luc\AppData\LocalLow\Conduit deleted C:\user.js deleted C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default\searchplugins\askcom.xml deleted C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default\extensions\50d71a4c9e37d@50d71a4c9e3b5.com deleted C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default\extensions\ffxtlbra@softonic.com deleted "C:\Windows\Installer\73ff3d.msi" deleted "C:\Windows\Installer\73ff3d.msi" deleted "C:\Users\Luc\AppData\Local\{0019A47C-35B2-414C-B571-A2C5923574C3}" deleted "C:\Users\Luc\AppData\Local\{0DD2AE02-15A7-472B-8B3E-BED8BB9B332A}" deleted "C:\Users\Luc\AppData\Local\{86FDE294-B232-4763-8E36-2C81BBD58C77}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Luc\AppData\Local\Temp ==== 2014-02-03 19:59:58 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Luc\AppData\Local\Temp\{C81956B2-2F83-4448-8FF6-8EA3B917B346}\ISBEW64.exe 2014-02-03 19:57:38 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Luc\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISRT.dll 2014-02-03 19:57:38 96A7ECD707EBCDD47E3A72E4B10FCE6A 558512 ----a-w- C:\Users\Luc\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\_isres_0x0409.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-02-13 02:02:03 3D485254E43EF4E4F707346B5731EA9A 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-02-13 02:01:30 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-02-13 02:01:30 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 02:01:29 85AC8EB265EDCAD86D651D45C5E3AB83 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-02-13 02:01:28 C9D1131E2163CE932DF3EAAF0EEA3673 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 02:01:27 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 02:01:27 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 02:01:27 408805B8083896DC95E6340F4016BEBD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-02-13 02:01:27 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-13 02:01:27 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-02-13 02:01:26 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-02-13 02:01:26 0F739443669F3A48F1B2325995117BFE 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-02-13 02:01:25 9C89246184979A070B0C6CCF61C68136 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-02-13 02:01:25 5D9DC6332A4FC66388B09BBE7CF53750 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-02-13 02:01:25 40E68599FE3A10F816217D3789FCE74E 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 02:01:25 34CBED7698D557DDB43F8732FBC2ACB9 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-02-13 02:01:24 79FA7D8B488F90EDE325963379A6F738 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-02-13 02:01:23 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-02-13 02:01:23 99280392987A1A96C756A9F38C4CE396 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-02-12 20:27:55 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\SysWOW64\locale.nls 2014-02-12 20:27:50 E4561704CBFA193761743E5AF746C669 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-02-12 20:27:49 17B06F23237FCD731FA2E10ECD6EDFE1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 20:26:58 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 20:26:58 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 20:26:57 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 20:26:56 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 20:26:55 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 20:26:53 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\SysWOW64\msdrm.dll 2014-02-12 20:26:53 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\SysWOW64\secproc.dll 2014-02-12 20:26:52 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 20:26:52 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 20:26:36 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 20:26:29 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-02-13 02:02:03 F67C7D80745379DC4C5332EFFE5AC696 548864 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-02-13 02:01:30 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-02-13 02:01:29 63B5E990896BA81D604032A48CC80A5C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-02-13 02:01:29 1D1D7F52EC84294859642A4309FE648E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-02-13 02:01:28 FD08F8BA2437A85F500EFFE3FD3158A6 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-02-13 02:01:28 E77092C38028EB0A5C461B3436E0A6D5 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-02-13 02:01:28 CDE728C8FB1D6E132CED44835FA44C87 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-02-13 02:01:28 99ED8FBAFD325550D07A32664D9E3CC8 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-02-13 02:01:28 27516B54E116D5EF8B0129B5C829A87C 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-02-13 02:01:27 FCFAEDF0AA1A78A1875FDB798598408B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-02-13 02:01:27 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-02-13 02:01:27 C1E2C16D58D76323800C3EE5E2C5095A 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-02-13 02:01:27 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-02-13 02:01:26 F348B2D0983C91392632B4291C517AA4 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-02-13 02:01:26 D016F5092E4FFC41147E8555A71D2DDE 23170048 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-02-13 02:01:26 3906C9640406FC0FC00A324947C74893 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-02-13 02:01:25 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-02-13 02:01:25 6300AD525D639CECBB3D144B6D7B30F9 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-02-13 02:01:25 263B6E451526A90FF8B1CEC759F22956 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-02-13 02:01:25 22874047B810B5B174C68ACD7C0B6510 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-02-13 02:01:24 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-02-13 02:01:23 5922EEA922D3AD686342F866CAEE851F 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-02-12 20:27:55 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\Sysnative\locale.nls 2014-02-12 20:27:51 0D298133C359AB8CB9EB4FA178BF3947 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-02-12 20:27:49 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-02-12 20:26:59 1B3741488AA7E237961A29D1E7A44C0A 626176 ----a-w- C:\Windows\Sysnative\RMActivate.exe 2014-02-12 20:26:59 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 ----a-w- C:\Windows\Sysnative\RMActivate_isv.exe 2014-02-12 20:26:57 297926B15AE5390409F1007EB28A8EFB 552960 ----a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe 2014-02-12 20:26:56 03F8F411F118CFDA508E77C747BB05EA 553984 ----a-w- C:\Windows\Sysnative\RMActivate_ssp.exe 2014-02-12 20:26:55 5693212AB2EBCACBBE05EC3A642113E2 485888 ----a-w- C:\Windows\Sysnative\secproc_isv.dll 2014-02-12 20:26:55 399FC1B75790EE606A6FD9F2FB4C891C 488448 ----a-w- C:\Windows\Sysnative\secproc.dll 2014-02-12 20:26:54 C6AC2C91541D24F9E236A670C0CA793D 528384 ----a-w- C:\Windows\Sysnative\msdrm.dll 2014-02-12 20:26:53 DC6DD779F35BB42E2E76FDFEC565C251 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll 2014-02-12 20:26:53 B41B1FEDEBBD955B4E25676B42087885 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp.dll 2014-02-12 20:26:35 E8710B5DDA963E6BA198DF5FB209E72A 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2014-02-12 20:26:30 C676E5EA388AF7C4C031F56F9B42E362 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-15 08:20:28 -------- d-----w- C:\Program Files\trend micro 2014-01-25 12:43:37 -------- d-----w- C:\Program Files\iPod 2014-01-25 12:43:35 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-01-25 12:43:35 -------- d-----w- C:\PROGRA~2\iTunes 2014-01-25 08:37:31 -------- d-----w- C:\PROGRA~2\Snapshot Viewer 2014-01-20 12:30:24 -------- d-----w- C:\PROGRA~2\MP3jam ======= C: ===== ====== C:\Users\Luc\AppData\Roaming ====== 2014-01-25 08:37:39 -------- d-----w- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2014-01-20 12:30:35 -------- d-----w- C:\Users\Luc\AppData\Roaming\Mp3jam ====== C:\Users\Luc ====== 2014-02-15 08:19:36 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Luc\Desktop\RSITx64.exe 2014-02-03 20:05:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2014-02-03 19:58:07 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-01-25 12:44:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-01-25 12:43:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-01-25 08:37:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools ====== C: exe-files == 2014-02-15 08:20:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Luc.exe 2014-02-13 02:01:27 AFAB9B381886ABE3490689B7633A858F 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-02-13 02:01:27 9E8F9FDD407DDE997965EEFD9E635CCF 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-02-13 02:01:25 C6E1178294BDEAB1CACF50427688DF05 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-02-13 02:01:25 4263F6C131E513CEA1AE82B5B81A4E1A 808152 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-02-11 18:57:43 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe 2014-02-11 18:57:43 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe 2014-02-11 18:57:42 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe 2014-02-11 18:57:35 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe 2014-02-11 18:57:34 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe 2014-02-11 18:57:34 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe 2014-02-11 18:57:32 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1003\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\Cami\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Cami\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" [HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1005\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BATINDICATOR"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe" "LaunchHPOSIAPP"="C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" "Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "CompeGPSDev"="C:\Program Files (x86)\CompeGPS\CompeGPSDev.exe -cie C:\Program Files (x86)\CompeGPS\CompeGPSDev.bat" "IsaKbcCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe" "F-Secure Manager"="C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE /splash" "hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "F-Secure Hoster (44163)"="C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe -app -hosterid:1" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "Gadwin PrintScreen"="C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "MCTDUtil"="C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil" "FDispPos"="C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos" "BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2012-02-12 07:34:03 1050 ----a-w- C:\Users\Cami\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-02-07 19:20:19 1051 ----a-w- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-09-17 09:46:36 1049 ----a-w- C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2011-09-25 11:09:49 960 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk 2011-09-25 11:08:20 964 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk 2012-12-08 08:38:24 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2011-09-25 11:06:19 1820 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [06/02/2014 13:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2011 22:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2011 22:47] C:\Windows\tasks\HPCeeScheduleForLUC-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 06:15] C:\Windows\tasks\HPCeeScheduleForLuc.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 06:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForLuc" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForLUC-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPOSIAPP64" ["%ProgramFiles(x86)%\Hewlett-Packard\HP Keyboard\ModLEDKey.exe"] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\{7966D8D0-8284-48ED-A435-A873543889A6}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.104.396/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\{966529ED-C86C-461B-BB16-CA637A4C465D}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.104.396/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [12/01/2013 19:04] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [08/12/2012 09:40] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default - Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn ==== Firefox Plugins ====================== Profilepath: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\l5lzqxfg.default FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash 053E986A84F5EE271D38896B8079157D - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.110.21 178F30EB6105041AE4FA3943DBF40C75 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions abkfgmodpegkcomcnnbglaabngikejpd - C:\ProgramData\SaveByclick\abkfgmodpegkcomcnnbglaabngikejpd.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Luc\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 10:45] SaveByclick - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd YouTube - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype Click to Call - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia SaveByclick - Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd Skype Click to Call - Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda SaveByclick - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd Google Docs - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Babylon Toolbar - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Skype Click to Call - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.nl.softonic.com_0.localstorage deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully C:\Users\Cami\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd deleted successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfgmodpegkcomcnnbglaabngikejpd deleted successfully C:\Users\Cami\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage deleted successfully C:\Users\Cami\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage-journal deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage deleted successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage-journal deleted successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage deleted successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abkfgmodpegkcomcnnbglaabngikejpd_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{8976F662-5EC1-4BCE-B378-1BB7729F8552}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {8976F662-5EC1-4BCE-B378-1BB7729F8552} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGIE_nlBE467" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-7?mpre=http://shop.ebay.com/?_nkw={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1959850832-3161369149-4255949484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\50d71a4c9e37d@50d71a4c9e3b5.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\abkfgmodpegkcomcnnbglaabngikejpd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cami\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Cami\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Cami\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Laura\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Laura\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Luc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Luc\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Luc\AppData\Local\Mozilla\Firefox\Profiles\l5lzqxfg.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Cami\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=630 folders=163 48339318 bytes) ==== Empty Temp Folders ====================== C:\Users\Cami\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\Laura\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Luc\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Luc\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Cami\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found "C:\Users\Cami\AppData\Local\Temp\~DF118A0008DC2FFE7B.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF1A25C3A0488DAF60.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF26D8DFB826FED7C0.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF353F33474B6A46E7.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF48A184ED51494769.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF48F875E68DACEC62.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF52F601F4E8674EDE.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DF71AE8129F297B9E3.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFA7DE34ED519C81F9.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFB93F191D3820B778.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFC4FE8A2DE62775CB.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFCC8FE9B306E23ABC.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFD490DDB33B556FD8.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFD9A6EF0832E789A7.TMP" not found "C:\Users\Cami\AppData\Local\Temp\~DFE400139324282EF5.TMP" not found "C:\Users\Laura\AppData\Local\Temp\AdobeARM.log" not found "C:\Users\Laura\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found "C:\Users\Laura\AppData\Local\Temp\~DF9F76E92008BE27BA.TMP" not found ==== EOF on zo 16/02/2014 at 11:15:01,52 ======================