Zoek.exe v5.0.0.0 Updated 19-February-2014 Tool run by Administrator on do 27/02/2014 at 14:04:49.03. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Administrator\Bureaublad\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 27/02/2014 14:06:51 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Anvisoft deleted successfully C:\Program Files\AviSynth 2.5 deleted successfully C:\Program Files\DiskTrix deleted successfully C:\Program Files\Hi Slider deleted successfully C:\Program Files\Kingsoft deleted successfully C:\Program Files\Kvisoft deleted successfully C:\Program Files\Nieuwe map deleted successfully C:\Program Files\Opera deleted successfully C:\Program Files\Skype deleted successfully C:\Program Files\SliceMaker, Inc deleted successfully C:\Program Files\SuperEasy Software deleted successfully C:\Program Files\VideoLAN deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\Anvisoft deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\QuickTime deleted successfully C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten-Disabled deleted successfully C:\Documents and Settings\Administrator\Menu Start\Programma's\Thoosje Windows XP Quick Optimizer deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\BKeeney deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\BlazeVideo deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonEPP deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJEPPEX2 deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\CDRWIN 8 deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD-Cloner deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Karen's Power Tools deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\ProcessLasso deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\xml_param deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZentimoService deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} deleted successfully C:\Documents and Settings\Administrator\Application Data\Astroburn Pro deleted successfully C:\Documents and Settings\Administrator\Application Data\Babylon deleted successfully C:\Documents and Settings\Administrator\Application Data\Beni deleted successfully C:\Documents and Settings\Administrator\Application Data\DriverCure deleted successfully C:\Documents and Settings\Administrator\Application Data\f-secure deleted successfully C:\Documents and Settings\Administrator\Application Data\FMZilla deleted successfully C:\Documents and Settings\Administrator\Application Data\Fovoe deleted successfully C:\Documents and Settings\Administrator\Application Data\Geleiq deleted successfully C:\Documents and Settings\Administrator\Application Data\InfraRecorder deleted successfully C:\Documents and Settings\Administrator\Application Data\JAM Software deleted successfully C:\Documents and Settings\Administrator\Application Data\JGsoft deleted successfully C:\Documents and Settings\Administrator\Application Data\Kerou deleted successfully C:\Documents and Settings\Administrator\Application Data\Media Player Classic deleted successfully C:\Documents and Settings\Administrator\Application Data\PC Cleaners deleted successfully C:\Documents and Settings\Administrator\Application Data\PCPro deleted successfully C:\Documents and Settings\Administrator\Application Data\Qola deleted successfully C:\Documents and Settings\Administrator\Application Data\Qory deleted successfully C:\Documents and Settings\Administrator\Application Data\StepShot deleted successfully C:\Documents and Settings\Administrator\Application Data\Urboho deleted successfully C:\Documents and Settings\Administrator\Application Data\WinPatrol deleted successfully C:\Documents and Settings\Administrator\Application Data\Yslyac deleted successfully C:\Documents and Settings\Administrator\Application Data\Zentimo deleted successfully C:\Documents and Settings\Administrator\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Documents and Settings\LocalService\Application Data\Genie9 deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Ashampoo Music Studio 2012 deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\Ashampoo Video Styler deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\BinaryNow deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\DriverTuner deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\photoOptimizeHistoryDataBase deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\SubtitleCreator deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\TomTom deleted successfully C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Creating Sample_20142702_1435.zip ====================== Copied file C:\Documents and Settings\Administrator\Application Data\ffdshow.exe to sample\ffdshow.exe Copied file C:\Documents and Settings\Administrator\Application Data\Imgburn.exe to sample\Imgburn.exe Copied file C:\Documents and Settings\Administrator\Application Data\xvid.exe to sample\xvid.exe sample\ffdshow.exe renamed to 81F67C35FEDF706F07152FA8B7BF2DDD sample\Imgburn.exe renamed to 2EE60CADA64D2BE565DE78569D54130E sample\xvid.exe renamed to 84FB06A8E0B644987B67DCED16EB3C56 C:\Documents and Settings\All Users\Bureaublad\sample_20142702_1435.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\p798j7lq.default user.js not found ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- prefs_20142702_1439_.backup ==== Deleting Files \ Folders ====================== C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} not found C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\DOCUME~1\ALLUSE~1\APPLIC~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} not found C:\Program Files\MyScrapNook_12EI deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\Program Files\Wondershare deleted C:\Program Files\MocaFlix deleted C:\Program Files\Microsoft Research deleted C:\Program Files\Common Files\Wondershare deleted C:\Documents and Settings\Administrator\Application Data\Wondershare deleted C:\Documents and Settings\Administrator\Application Data\burnaware.ini deleted C:\Documents and Settings\Administrator\Application Data\init.dll deleted C:\Documents and Settings\Administrator\Application Data\sound.dll deleted C:\Documents and Settings\Administrator\Application Data\SYSTEM32.dll deleted C:\Documents and Settings\Administrator\Application Data\tigersetting.dll deleted C:\Documents and Settings\Administrator\Application Data\SpeedyPC Software deleted C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers deleted C:\Documents and Settings\Administrator\Application Data\ParetoLogic deleted C:\Documents and Settings\Administrator\Application Data\Registry Mechanic deleted C:\Documents and Settings\Administrator\Application Data\Systweak deleted C:\Documents and Settings\Administrator\Application Data\OpenCandy deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\Systweak deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedyPC Software deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinMaximizer deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\ProductData deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallMate deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\Premium deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\Package Cache deleted C:\Documents and Settings\Administrator\Local Settings\Application Data\APN deleted C:\Documents and Settings\Administrator\Local Settings\Application Data\Wondershare deleted C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon deleted C:\Documents and Settings\All Users\Menu Start\Programma's\Advanced System Optimizer 3 deleted C:\Documents and Settings\All Users\Menu Start\Programma's\Paragon Drive Backup™ 9.5 Professional Edition deleted C:\Documents and Settings\All Users\Menu Start\Programma's\Wondershare deleted C:\WINDOWS\reimage.ini deleted C:\WINDOWS\Wininit.ini deleted C:\WINDOWS\tasks\ASO-AutoCheckUpdate7Days.job deleted C:\WINDOWS\tasks\ASO-OneClickCare.job deleted C:\WINDOWS\system32\sasnative32.exe deleted C:\WINDOWS\system32\roboot.exe deleted C:\WINDOWS\System32\AI_RecycleBin deleted C:\Documents and Settings\Administrator\Application Data\ffdshow.exe deleted C:\Documents and Settings\Administrator\Application Data\Imgburn.exe deleted C:\Documents and Settings\Administrator\Application Data\xvid.exe deleted "C:\WINDOWS\Installer\1b1d0d.msi" deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\Isolated Storage\{6E004400-5A00-6500-4E00-66007A004B00}" deleted "C:\Documents and Settings\Administrator\Application Data\Hain\qomoa.tah" deleted "C:\Documents and Settings\Administrator\Application Data\Ogyx\lawod.ixy" deleted "C:\Documents and Settings\Administrator\Application Data\Zyov\iwaxe.xit" deleted "C:\Documents and Settings\Administrator\Application Data\Catae\nyen.nyu" deleted "C:\Documents and Settings\Administrator\Application Data\Omanc\vyof.uzy" deleted "C:\Documents and Settings\Administrator\Application Data\Pikap\ixxi.wok" deleted "C:\Documents and Settings\Administrator\Application Data\Sefik\otaso.evb" deleted "C:\Documents and Settings\Administrator\Application Data\Uvrey\otepn.xyu" deleted "C:\Documents and Settings\Administrator\Application Data\Yfesu\luza.fei" deleted "C:\Documents and Settings\Administrator\Application Data\Yvgyt\ahtyv.sae" deleted "C:\Documents and Settings\Administrator\Application Data\Duefyl\ylac.owe" deleted "C:\Documents and Settings\Administrator\Application Data\Erehyg\uryln.mei" deleted "C:\Documents and Settings\Administrator\Application Data\Fewoma\ivcup.nyo" deleted "C:\Documents and Settings\Administrator\Application Data\Navewa\udvey.liy" deleted "C:\Documents and Settings\Administrator\Application Data\Nyotku\kopo.efy" deleted "C:\Documents and Settings\Administrator\Application Data\Oxkaoh\ifeh.gyu" deleted "C:\DOCUME~1\ALLUSE~1\APPLIC~1\Isolated Storage" deleted "C:\Documents and Settings\Administrator\Application Data\Hain" deleted "C:\Documents and Settings\Administrator\Application Data\Ogyx" deleted "C:\Documents and Settings\Administrator\Application Data\Zyov" deleted "C:\Documents and Settings\Administrator\Application Data\Catae" deleted "C:\Documents and Settings\Administrator\Application Data\Omanc" deleted "C:\Documents and Settings\Administrator\Application Data\Pikap" deleted "C:\Documents and Settings\Administrator\Application Data\Sefik" deleted "C:\Documents and Settings\Administrator\Application Data\Uvrey" deleted "C:\Documents and Settings\Administrator\Application Data\Yfesu" deleted "C:\Documents and Settings\Administrator\Application Data\Yvgyt" deleted "C:\Documents and Settings\Administrator\Application Data\Duefyl" deleted "C:\Documents and Settings\Administrator\Application Data\Erehyg" deleted "C:\Documents and Settings\Administrator\Application Data\Fewoma" deleted "C:\Documents and Settings\Administrator\Application Data\Navewa" deleted "C:\Documents and Settings\Administrator\Application Data\Nyotku" deleted "C:\Documents and Settings\Administrator\Application Data\Oxkaoh" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2014-02-26 16:53:32 C91966E32E718C480716499473713F31 160217 ----a-w- C:\WINDOWS\System32\PowerToysLicense.rtf 2014-02-26 16:53:32 C16DCB4CDFE5068A4B4F025ABB4FEAAF 266360 ----a-w- C:\WINDOWS\System32\TweakUI.exe 2014-02-22 09:33:46 46B1977DACBB1E7026F70CCB5431D9F8 606208 ----a-w- C:\WINDOWS\System32\xvidcore.dll 2014-02-22 09:33:46 1DFC887CB243A525675CE04787DEDF8B 139264 ----a-w- C:\WINDOWS\System32\xvid.ax ====== C:\WINDOWS\system32\drivers ===== 2014-02-09 15:48:01 5B131ED45BE8F8803F977CC32125EA37 30504 ----a-w- C:\WINDOWS\System32\drivers\DrvAgent32.sys 2014-01-31 16:20:53 853DADF45A76CB18EBC415EEBFFE0065 15808 ----a-w- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys ====== C:\WINDOWS\Tasks ====== 2014-02-17 14:05:22 14F77EF243AF33D8D6935BDA6BE96EE3 1044 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-17 14:05:21 F5505FA37F40C981E8B9DC1C3C69DF0E 1040 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-31 16:21:40 0FC44F932701FD7A16EF599CF98EC46D 294 ----a-w- C:\WINDOWS\Tasks\SmartDefrag3_Update.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-02-20 13:11:34 -------- d-----w- C:\Program Files\FileZilla FTP Client 2014-02-20 10:09:35 -------- d-----w- C:\Program Files\Duplicate Photo Finder Plus 2014-02-20 09:45:18 -------- d-----w- C:\Program Files\Awesome Duplicate Photo Finder 2014-02-04 08:44:44 -------- d-----w- C:\Program Files\Atlantis 2014-01-28 14:16:04 -------- d-----w- C:\Program Files\sisagp ======= C: ===== ====== C:\Documents and Settings\Administrator\Application Data ====== 2014-02-21 09:30:46 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\ABBYY 2014-02-21 09:30:46 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\ABBYY 2014-02-20 10:09:51 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\TriSun_Software_Inc 2014-02-20 09:45:30 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Awesome Duplicate Photo Finder 2014-02-08 10:07:56 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\AC3Filter 2014-02-04 08:45:04 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Atlantis 2014-02-01 09:11:45 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Email2Verify.COM 2014-02-01 09:10:54 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Dr Email Verifier ====== C:\Documents and Settings\Administrator ====== 2014-02-27 09:08:31 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\RSIT.exe 2014-02-26 16:52:42 F10E64CFD6EAB1B2BD224BC1CE358143 150192 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\TweakUiPowertoySetup.exe ====== C: exe-files == 2014-02-27 09:08:31 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\RSIT.exe 2014-02-26 16:52:42 F10E64CFD6EAB1B2BD224BC1CE358143 150192 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\TweakUiPowertoySetup.exe 2014-02-26 13:57:30 F268705904AF97B7DCB46082869867ED 983080 ----a-w- C:\Documents and Settings\Administrator\Mijn documenten\Downloads\KeyUpdateTool_enu.exe 2014-02-22 09:33:45 38F3E49D027F02C3BA87C18219664302 7168 ----a-w- C:\Program Files\Leawo\DVD Creator\monkey.exe 2014-02-22 09:33:37 93C7B7A3E3051BBB9630E41425CFDB3C 150016 ----a-w- C:\Program Files\Leawo\DVD Creator\7z.exe 2014-02-22 09:33:36 275A4FC73F03B3B546C750358DA75E14 6656 ----a-w- C:\Program Files\Leawo\DVD Creator\tiger.exe 2014-02-22 09:33:35 22C787B0C9D2F084B3C47442BCFDA88C 1151472 ----a-w- C:\Program Files\Leawo\DVD Creator\yytool64.exe 2014-02-22 09:33:34 3D0D3EC2D8D10F5DC4D63E0257AEE8BE 904688 ----a-w- C:\Program Files\Leawo\DVD Creator\yytool.exe 2014-02-22 09:32:42 6C39CA2ED1B9189C8AC02D412CD38120 5632 ----a-w- C:\Program Files\Leawo\DVD Creator\f_cache.exe 2014-02-22 09:32:42 0EE0CCE8E00F2EE53D2C570EC57B470A 98304 ----a-w- C:\Program Files\Leawo\DVD Creator\LoadingScreen.exe 2014-02-22 09:32:35 E65D8FF0759D0D7348C2625DADF2E3B2 392206 ----a-w- C:\Program Files\Leawo\DVD Creator\cdrtools\mkisofs.exe 2014-02-22 09:32:33 9AF6A24DD9CFA602249C7395F12F42E2 433166 ----a-w- C:\Program Files\Leawo\DVD Creator\cdrtools\cdrecord.exe 2014-02-22 09:32:20 CD0240396B4F55322CC035B582557D0F 69632 ----a-w- C:\Program Files\Leawo\DVD Creator\dvdauthor\mplex.exe 2014-02-22 09:32:20 84F604B2F2054764B922F64A25EB7A11 229376 ----a-w- C:\Program Files\Leawo\DVD Creator\dvdauthor\spumux.exe 2014-02-22 09:32:19 14810926228BFE39BCC52D2C2B0C513B 188416 ----a-w- C:\Program Files\Leawo\DVD Creator\dvdauthor\dvdauthor.exe 2014-02-22 09:32:18 A701286880A6803A5EAC49DCA852DD6F 226816 ----a-w- C:\Program Files\Leawo\DVD Creator\tsMuxer.exe 2014-02-22 09:32:17 EE81C0AA96A8246A52235D7A7523EC92 396288 ----a-w- C:\Program Files\Leawo\DVD Creator\mkudf250.exe 2014-02-22 09:32:12 9F8D3E6D4766D021FDB782467932FAE6 1869101 ----a-w- C:\Program Files\Leawo\DVD Creator\unins001.exe 2014-02-22 09:32:12 1C83C6657CC32A799D2B53D185A13CFE 3199984 ----a-w- C:\Program Files\Leawo\DVD Creator\DVDCreator.exe 2014-02-22 09:11:23 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe 2014-02-21 12:16:46 293A6EC59C28EB50B1530348EC87C172 3294328 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D1OR9SDC\LeawoDVDCreator5300n[1]\Setup.exe === C: other files == 2014-02-27 13:36:15 63ADFB0218709DD619AB1CDDA690326E 10372214 ----a-w- C:\Documents and Settings\All Users\Bureaublad\sample_20142702_1435.zip 2014-02-23 08:21:12 CDB4542E4BAD0FDF23EE81C96133C1EB 11414 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\geolocation\geo-location-javascript_0_4_08.zip 2014-02-21 08:51:14 BDDD3C4356A7F0D7F4D2202B216EE069 287033917 ----a-w- C:\Documents and Settings\Administrator\Mijn documenten\Downloads\AimersoftPDFConverterPro311.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-500\Software\Startup Defender\HKEY_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="%systemroot%\system32\tscupgrd.exe " [HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="%systemroot%\system32\tscupgrd.exe " [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="%systemroot%\system32\tscupgrd.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "Advanced SystemCare 7"="C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /Auto" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ProcessGovernor] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundFrost Service] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [21/02/2014 11:10] C:\WINDOWS\tasks\ASOService.job --a------ C:\Program Files\Advanced System Optimizer 3\ASO3.exe [] C:\WINDOWS\tasks\avast\Undetermined Task.exe [] C:\WINDOWS\tasks\GlaryUpdate 4.job --a------ C:\Program Files\Glary Utilities 4\CheckUpdate.exe [06/01/2014 09:36] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/02/2011 17:02] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/02/2011 17:02] C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Program Files\Windows Defender\MpCmdRun.exe [03/11/2006 18:20] C:\WINDOWS\tasks\videopadDowngrade.job --a------ C:\Program Files\NCH Software\VideoPad\videopad.exe [06/12/2012 13:52] C:\WINDOWS\tasks\videopadShakeIcon.job --a------ C:\Program Files\NCH Software\VideoPad\videopad.exe [06/12/2012 13:52] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "fmconverter@gmail.com"="C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [27/01/2014 16:48] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{54affe52-8223-453b-be1e-2fe2e250045c}"="C:\Documents and Settings\Administrator\Application Data\Lamantine\Sticky Password\spAutofill" [25/02/2013 17:19] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\ADMINI~1\Application Data\Mozilla\Firefox\Profiles\p798j7lq.default - DOM-granskaren DOM Inspector - %ProfilePath%\extensions\inspector@mozilla.org - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - JavaScript Deobfuscator - %ProfilePath%\extensions\jsdeobfuscator@adblockplus.org.xpi - View Source Chart - %ProfilePath%\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi - Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi AppDir: C:\Program Files\Mozilla Firefox - Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p798j7lq.default D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash A9C86900D2A61728C8326FE7147617C5 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat F3B0E300AFC94E1A775A2D935A7D384F - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 6EA3310070AEFD3E0CE2668DB3FF8BDE - C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll - Advanced SystemCare 7 Opera Plugin F4045A73A07A12EEDF1F43021AC4F3C8 - C:\Program Files\IObit\Surfing Protection\BrowerProtect\NPASCSafariPluginProtect.dll - Advanced SystemCare 7 626791785FF2A338575E8AF0563D8333 - C:\WINDOWS\npMSDM.dll - Microsoft Download Manager Plugin 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/01/2014 17:47] jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[18/01/2014 00:05] lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[] nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[12/10/2013 13:04] Freemake Video Converter - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Advanced SystemCare Surfing Protection - Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="x/" "Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="x/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{EE2A8171-48A8-43B3-B0B5-CA0587CCED56}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {EE2A8171-48A8-43B3-B0B5-CA0587CCED56} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_nlBE460" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-1292428093-1659004503-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6C6919F04B85B5445BE61B02F0CE1C15 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F9196C6-58B4-445B-B56E-B1200FECC151} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6C6919F04B85B5445BE61B02F0CE1C15 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFrost Service deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\_ocster_backup_\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\_ocster_backup_\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\p798j7lq.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4476 folders=357 414512374 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\temp will be emptied at reboot C:\Documents and Settings\Default User\Local Settings\temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully C:\Documents and Settings\_ocster_backup_\Local Settings\temp emptied successfully C:\Documents and Settings\_ocster_backup_\Local Settings\temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on do 27/02/2014 at 15:51:13.25 ======================