Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Eddy Schiphorst on wo 16-04-2014 at 14:31:11,83. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eddy Schiphorst\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 16-4-2014 14:34:59 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Foxit Software deleted successfully C:\PROGRA~2\Gabest deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\appdata deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\DCSCMIN deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Defender deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Firewall SysScan deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\JavaUpdater deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\mswin deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Oqdau deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Qeze deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\R2hSJYgkwAAgZCO deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\sudo deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\System deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\Systweak deleted successfully C:\Users\Eddy Schiphorst\AppData\Roaming\tep deleted successfully C:\Users\Eddy Schiphorst\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully C:\Users\Eddy Schiphorst\AppData\Local\CrashDumps deleted successfully C:\Users\Eddy Schiphorst\AppData\Local\HP MediaSmart Video deleted successfully C:\Users\Mieke\AppData\Local\PackageAware deleted successfully C:\Users\Mieke\AppData\Local\{B709E72A-43EE-4DFD-98D4-A188E87E9B95} deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2976567902-532905084-1553938647-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-2976567902-532905084-1553938647-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E76558FB-394E-4B11-93BA-FE63BD56A3A8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{D19CA586-DD6C-4a0a-96F8-14644F340D60} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALSysIO deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ALSysIO deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1304972082] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audio Device] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audiodg_NL.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfmmon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java 7 Build 5326 Update Init] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l80vS6v3d3gK1y1®] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServices] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdater] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash_Media] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtek] [-HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Users\Mieke\AppData\Local\Temp\S3G1S4DDNS.exe"=- ==== Deleting Files \ Folders ====================== "C:\Users\Eddy Schiphorst\AppData\Local\Temp\tmp9CF9.tmp.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\W73vu5p2WaOE.exe" not found "C:\Users\Eddy Schiphorst\Documents\audiodg_NL.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\Firewall SysScan\cfmmon.exe" not found "C:\Users\Eddy Schiphorst\AppData\Local\Temp\rdl3386.tmp.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\R2hSJYgkwAAgZCO\jedVOIjq46.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\winupd.exe" not found "C:\Users\Mieke\AppData\Roaming\services.exe" not found "C:\windows\SysNative\Windupdt\winupdate.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\dwm.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\Defender\csrss.exe" not found "C:\Users\Mieke\AppData\Local\Temp\S3G1S4DDNS.exe" not found "C:\Users\EDDYSC~1\AppData\Local\Temp\ALSysIO64.sys" not found C:\PROGRA~2\FoxTabPDFConverter deleted C:\PROGRA~2\CieoNetUtilities_0eEI deleted C:\Users\Eddy Schiphorst\AppData\Roaming\net.bat deleted C:\Users\Eddy Schiphorst\AppData\Roaming\net.vbs deleted C:\Users\Eddy Schiphorst\AppData\Roaming\SKHci.vbs deleted C:\Users\Eddy Schiphorst\AppData\Roaming\Stves.vbs deleted C:\Users\Eddy Schiphorst\AppData\Roaming\ExpressFiles deleted C:\Users\Eddy Schiphorst\AppData\Roaming\ParetoLogic deleted C:\Users\Eddy Schiphorst\AppData\Roaming\DriverCure deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\Tarma Installer deleted C:\windows\SysNative\Tasks\MySearchDial deleted C:\Windows\Tasks\MySearchDial.job deleted C:\Users\Eddy Schiphorst\Downloads\SpeedyPC_Error_Fix.exe deleted C:\Users\Eddy Schiphorst\AppData\LocalLow\BabylonToolbar deleted C:\Users\Mieke\AppData\LocalLow\BabylonToolbar deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\END deleted C:\Users\Eddy Schiphorst\AppData\Roaming\biacgl.exe deleted C:\Users\Eddy Schiphorst\AppData\Roaming\Fanta-Athena-v1.8.3.exe deleted C:\Users\Eddy Schiphorst\AppData\Roaming\ReclaimerV2.exe deleted C:\Users\Mieke\AppData\Roaming\201D.exe deleted C:\Users\Mieke\AppData\Roaming\88ED.exe deleted C:\Users\Mieke\AppData\Roaming\93A0.exe deleted C:\Users\Mieke\AppData\Roaming\C79E.exe deleted C:\Users\Mieke\AppData\Roaming\rrqvSZ.exe deleted C:\Users\Mieke\AppData\Roaming\yfzFNDi.exe deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\loadit.exe" not deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\dam" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\srvc" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\uranium's keylog" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\loadit.exe" not deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Ruyt\etvai.efa" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Ruyt\etvai.tmp" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Omidil\azen.tmp" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Omidil\azen.xey" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Onziug\gaga.exe" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Woinzi\igehy.ydq" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Ruyt" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Omidil" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Onziug" deleted "C:\Users\Eddy Schiphorst\AppData\Roaming\Woinzi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\EDDYSC~1\AppData\Local\Temp ==== ====== Java Cache ===== 2014-04-11 16:33:40 EE115BA0129632EB1AFB1B24A4402E3B 59478 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7f6fe92-78fe241f 2014-04-11 16:33:46 9371AF0385B6869FB41E919C4E65EE66 1372 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3fdcc1c2-140c56a3 2014-03-29 18:56:48 6A3FD73BE29817ABC34F07AEC29EC859 9310 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\631da85c-2559ff52 2014-04-11 16:33:41 139E903DD91BD2C4C77DB29E8E185AFC 30317 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\632b91dc-2b71fe83 2014-03-29 18:56:49 95AC32B5FF9F41715A87AC7E88DF1C1F 610 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\77feba4-79123820 2014-04-11 16:33:44 F9E07DCBEAA91D28CA1BED00BBBB4DF9 12041 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\85e6ef9-426cb6d2 2014-03-29 18:58:27 7F20E6FF47DC678C8137870474C216A2 216072 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1da5a37f-1c26fbf6 2014-04-11 16:37:05 454E2A716339C6F7AF6A4DAFCD2EB002 217529 ----a-w- C:\Users\Eddy Schiphorst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\1da5a37f-25ab7080 ====== C:\Windows\SysWOW64 ===== 2014-04-15 15:43:55 204882085A7D984D455AA4DE7B7074C6 5694464 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-04-14 19:48:22 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2014-04-14 19:48:21 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2014-04-14 19:48:21 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-04-14 19:48:21 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-14 19:48:20 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-14 19:45:18 AAB5D8C5ABE71873DC19ED004EF25009 792576 ----a-w- C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-12 21:24:12 AA12D7A960DB78DD9690AB5B5DAE6586 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-04-12 21:23:59 CE6921D33682C6C3DB8A45853CC69402 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-04-12 21:23:41 A127D17C354B473B0F4C6265538F5A2C 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-12 21:23:35 EDACA6C44D9CE200F899B7DB0F201DFF 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-04-12 21:23:35 EBC35FE64056910A84485BEEB6DCCAC6 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-04-12 21:23:35 7E9FE7DB43BC204E44F159F843E35C15 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-04-12 21:23:35 34FC79C948EE2C5FD0CD699E7D7F91B7 244224 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-04-12 21:23:34 31385A6CAA31BE9D07B0B32E5AA99ABB 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-04-12 21:23:33 82287FCFFA4A2D60FD744E3FEB3192C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-04-12 21:23:33 21BF6759685FD193715B483F2B3F21B1 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-04-12 21:23:33 0FDC1A576A3F40420882C0F7C4A66EAD 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-04-12 21:23:32 C9CA9803299EB6AFA34CB520BAAB083D 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-12 21:23:28 BB185D4A9362AA17CBCEC0768CDBF249 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-04-12 21:23:28 6557B48D53D653CFCCE3CB1CFA53A8E1 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-12 21:23:28 0F4A295516781897FFB09B4CCF2E8798 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-04-12 21:23:25 E4E829EE073E046B0EB19B5FECB19B8C 1789440 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-04-12 21:23:25 05BD47136DE62FAFE9F95B40E4100144 2178048 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-04-12 21:23:24 C4A383FD50FBD7E274DD41CF571DF898 1967104 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-04-12 21:23:24 76F58DB8F85C125E0D6B3AA42F3BF1D0 1143808 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-04-12 21:23:22 2AFBB91BBD2378933B26E6D68C140D1B 11745792 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-04-12 21:23:21 EA85144F35EDE6EE25C484D4242FF2C8 17387008 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-12 21:23:20 8C46360D6EF9D4C563FE834C4F287DA3 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-04-10 16:02:09 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-10 16:02:08 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-10 16:02:08 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 16:02:07 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-10 16:02:07 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-10 16:02:07 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-16 11:46:39 B85C4D09B0FDAAF7F8EDF6CED15DF372 512 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2014-04-15 15:43:55 879A3F94118D686E63041A386FE91EBE 6574592 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-04-14 19:48:27 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2014-04-14 19:48:22 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-14 19:48:22 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2014-04-14 19:48:22 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2014-04-14 19:48:21 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-04-14 19:48:21 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2014-04-14 19:48:21 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe 2014-04-14 19:48:21 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2014-04-14 19:48:21 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2014-04-14 19:48:20 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2014-04-14 19:45:18 9E2EDE952A3EC44754A829F048CE93A0 1030144 ----a-w- C:\Windows\Sysnative\TSWorkspace.dll 2014-04-14 19:28:48 9940885B418CD9632FB9DABBCB0E46C5 6368 ----a-w- C:\Windows\Sysnative\PerfStringBackup.TMP 2014-04-12 21:24:13 7446786E7092ABE122D372F95E6ED74B 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-04-12 21:23:59 FFF555C177D9F2B79B5C3146BED09FB1 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-04-12 21:23:41 6A8AA25D37F89E40B834F34950E3B89B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-12 21:23:39 D6067F7EE060C5D6D79008AD591B4E3B 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-04-12 21:23:39 964C89BC8A52A260D68C90FDDEB862E2 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-04-12 21:23:39 72116CC377FF4281B0132C397026D911 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-04-12 21:23:39 3F498856C68725717195C16568FE19D0 586240 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-04-12 21:23:35 E7161E2C66FF9B1E87C30FC9D2497ABB 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-04-12 21:23:35 E0D95345D1EBB54F28E958782B9C0CE0 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-04-12 21:23:35 CFBA793F678EB3855052ECF99357A9A1 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-04-12 21:23:35 CB57E934280D346AE0A9B053DAA284C5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-04-12 21:23:35 75AD355828187145A60E3DC7BAF7B0F3 628736 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-04-12 21:23:35 3F547245C78F4847B73EDDFD4A2F7E12 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-04-12 21:23:33 A3F9A9E46BDDBB8B20B7CF3EEDB990F2 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-04-12 21:23:33 1BF215FF4DF6DE10D2F81A2CE85157D2 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-04-12 21:23:32 37D0FB9E5E8EDA40B66FC3FB3D660261 23549440 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-12 21:23:28 EBAD8A4D048ED257E4A45F6356541F86 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-04-12 21:23:28 915D8A9E112C97C90C654F792B6B28B9 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-04-12 21:23:27 A3A132CBE48AF0324466469F2CAAE8A2 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-04-12 21:23:27 710FD0E362A1A5C087DB90C1BAC46411 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-04-12 21:23:25 F220BA78AB542C70211D73AE4729B2CD 2260480 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-04-12 21:23:25 1F8534A19A66275C863DE17645CB2A13 2767360 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-04-12 21:23:24 32417AE8280276968E5C551ED85D3525 1400832 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-04-12 21:23:24 1654093C8BD3342997D27B71684ACCE8 2043904 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-04-12 21:23:23 A14BB2F5F6457738AAA11367F5172A05 13551104 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-04-12 21:23:21 BF25489459C7A762DD7B3186C7E3984D 5784064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-04-10 16:02:10 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-10 16:02:09 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-10 16:02:08 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-10 16:02:08 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-10 16:02:08 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-15 20:42:08 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\48230029.sys 2014-04-15 17:25:22 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-15 17:24:54 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-15 17:24:54 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-04-14 19:48:22 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2014-04-10 16:09:31 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2014-04-10 16:01:56 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-10 16:01:56 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-10 16:01:55 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-15 19:00:23 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== 2014-04-14 20:46:05 B77D5B59C0A348BC03EE1F620D6C04F3 608 ----a-w- C:\DelFix.txt ====== C:\Users\Eddy Schiphorst\AppData\Roaming ====== 2014-04-14 17:01:50 -------- d-sh--w- C:\Users\Eddy Schiphorst\AppData\Locallow\EmieUserList 2014-04-14 16:50:54 -------- d-sh--w- C:\Users\Eddy Schiphorst\AppData\Local\EmieUserList 2014-04-14 16:50:54 -------- d-sh--w- C:\Users\Eddy Schiphorst\AppData\Local\EmieSiteList 2014-04-13 06:11:58 -------- d-sh--w- C:\Users\Eddy Schiphorst\AppData\Locallow\EmieSiteList 2014-03-25 09:45:18 F93DEA868291E8DE5F9E9D8A5BF7F462 86 ----a-w- C:\Users\Eddy Schiphorst\AppData\Roaming\WB.CFG ====== C:\Users\Eddy Schiphorst ====== 2014-04-16 11:59:12 -------- d-----w- C:\ProgramData\CanonIJ 2014-04-16 11:52:46 -------- d--h--w- C:\ProgramData\CanonIJScan 2014-04-15 17:22:51 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Eddy Schiphorst\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-15 06:17:55 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Eddy Schiphorst\Downloads\RSITx64.exe 2014-04-14 20:52:42 565592D342E241EB6FCA351F9C810AE3 4787368 ----a-w- C:\Users\Eddy Schiphorst\Downloads\ccsetup412.exe 2014-04-14 20:05:48 7FFE531FC3065DE780E683F4197B5F67 4892480 ----a-w- C:\Users\Eddy Schiphorst\Downloads\wzmp_8.exe ====== C: exe-files == 2014-04-15 19:03:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Eddy Schiphorst.exe 2014-04-15 19:03:15 995C982E4CF1680191BBDE660C69C97A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2976567902-532905084-1553938647-1001\$IQ8VH84.exe 2014-04-15 18:58:57 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\$Recycle.Bin\S-1-5-21-2976567902-532905084-1553938647-1001\$RQ8VH84.exe 2014-04-15 17:22:51 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Eddy Schiphorst\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-15 06:17:55 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Eddy Schiphorst\Downloads\RSITx64.exe 2014-04-14 20:52:42 565592D342E241EB6FCA351F9C810AE3 4787368 ----a-w- C:\Users\Eddy Schiphorst\Downloads\ccsetup412.exe 2014-04-14 20:05:48 7FFE531FC3065DE780E683F4197B5F67 4892480 ----a-w- C:\Users\Eddy Schiphorst\Downloads\wzmp_8.exe 2014-04-12 21:23:49 F972DDD19A10F53D74021DDEAC07CCA6 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-04-12 21:23:49 E0155A11B26C7D5347069AB7ACB62D02 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-04-12 21:23:49 C5C7E33308BAE18BD9F59F9A93E85D33 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-04-12 21:23:49 BEA4E0C0BA936E8A3DB24D1A37BF70BE 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-04-12 21:23:24 EA8386CA87165460D39A1D29FF11080B 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-04-12 21:23:24 0667ED9F8E905E1F73DB60ACCEDCBCA7 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-04-10 20:50:42 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe === C: other files == 2014-04-15 20:42:08 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\48230029.sys 2014-04-15 17:25:22 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-15 17:24:54 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-15 17:24:54 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-14 19:48:22 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2014-04-14 19:10:50 0BE568FD1E7D6C6D64D2272649F5C716 111 ----a-w- C:\Users\Eddy Schiphorst\AppData\Local\Temp\scripttest.vbs 2014-04-14 16:45:15 00049D9D73B7BE9EEEED35EACC859E83 150 ----a-w- C:\Users\Eddy Schiphorst\AppData\Roaming\BullGuard\TuneUp\RegBk_2014.04.14.18.45.15\_RestoreAll.bat 2014-04-10 16:09:31 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2014-04-10 16:01:56 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-10 16:01:56 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-10 16:01:55 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2976567902-532905084-1553938647-1001\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Reader Application Helper"="C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\PROGRA~1\\BULLGU~1\\BULLGU~1\\Files32\\BgAgent.dll BgGamingMonitor.dll C:\\PROGRA~2\\Citrix\\ICACLI~1\\RSHook.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\PROGRA~1\\BULLGU~1\\BULLGU~1\\BgAgent.dll BgGamingMonitor.dll" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "audiodg_NL.exe"="C:\\Users\\Eddy Schiphorst\\Documents\\audiodg_NL.exe" "shoff"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\tep\\slaver.exe\"" "QkI1OTQ1MTc0NzNGNTc4Nz"="C:\\Users\\Eddy Schiphorst\\psbs.exe" "egregregerfwde"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\svhost.exe\"" "Microsoft© Windows© Operating System"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\msadrh10.exe" "mnonri.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\System\\msiexec.exe" "msiexec.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\System\\msiexec.exe" "{B05203D6-2EC0-C849-D28C-EDE1C67049CE}"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Oqdau\\miuto.exe\"" "Windows Live"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\winini.exe" "{46458128-3BA7-5CDA-915E-F342F0B1CDE9}"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Qeze\\keke.exe\"" "gngfgfgfhnfg.exe"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\gngfgfgfhnfg.exe\"" "iOhvXCFgKA5YwN58Ybt1yVRcgtGb4G"="\"C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\gngfgfgfhnfg.exe\"" "NDNDMzVDNzk5QUVCODRERj"="C:\\Users\\Eddy Schiphorst\\XAPOieap.exe" "2113224810.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\tmp7568.tmp.exe" "123155087.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\tmpDEF.tmp.exe" "1097919217.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\tmp1DB7.tmp.exe" "1837955523.exe"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\tmp78B2.tmp.exe" "vetuisu"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\mswin\\wanadapter.exe" "JavaUpdater"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\JavaUpdater\\ambdmj.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\1304972082] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="1304972082" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\tmp9CF9.tmp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Audio Device] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Audio Device" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\W73vu5p2WaOE.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\audiodg_NL.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="audiodg_NL.exe" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\Documents\\audiodg_NL.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfmmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfmmon.exe" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Firewall SysScan\\cfmmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Easybits Recovery" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Flash_Media] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Flash_Media" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\dwm.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Quick Launch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Quick Launch" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch\\HPMSGSVC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisorDock] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPAdvisorDock" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\Dock\\HPAdvisorDock.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPToneControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPToneControl" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HPToneControl\\HPTonectl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPWirelessAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWirelessAssistant" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Wireless Assistant\\DelayedAppStarter.exe 120 C:\\Program Files\\Hewlett-Packard\\HP Wireless Assistant\\HPWA_Main.exe /hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Java 7 Build 5326 Update Init] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Java 7 Build 5326 Update Init" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Local\\Temp\\rdl3386.tmp.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\l80vS6v3d3gK1y1©] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="l80vS6v3d3gK1y1©" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\R2hSJYgkwAAgZCO\\jedVOIjq46.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reader Application Helper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reader Application Helper" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\ReaderDesktop\\appHelper\\ReaderAppHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Realtek] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Realtek" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Defender\\csrss.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmartMenu" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sQlKQMYbpL] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sQlKQMYbpL" "hkey"="HKLM" "command"="\"C:\\Users\\Mieke\\AppData\\Roaming\\rrqvSZ.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svchost] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="svchost" "hkey"="HKCU" "command"="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Update" "hkey"="HKCU" "command"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\winupd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsServices] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WindowsServices" "hkey"="HKLM" "command"="C:\\Users\\Mieke\\AppData\\Roaming\\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winupdater] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winupdater" "hkey"="HKCU" "command"="C:\\Windows\\system32\\Windupdt\\winupdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Eddy Schiphorst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Eddy Schiphorst\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\EDDYSC~1\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" ==== Startup Folders ====================== 2014-04-01 11:36:26 811 ----a-w- C:\Users\Eddy Schiphorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk 2014-04-14 18:46:25 862 ----a-w- C:\Users\Mieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk 2014-01-17 07:23:20 1049 ----a-w- C:\Users\Mieke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-01-09 11:01:08 1318 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 21:10] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForMieke.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForMieke" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{26B6158D-9EAB-425B-9E61-8D5F75D0A4AF}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B5CAEA00-E05F-45D7-BC52-6E98FE5C5233}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{28F0A4C8-F302-4749-A4CB-E3409A114656}" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\{83F8C484-0EDB-41E4-B71D-0FDAB944C6B7}" [C:\Grabit\alt.binaries.boneless\Password Protected Regure Pro 3.1.0\Password Protected Regure Pro 3.1.0\Crack\RegCurePro.exe] "C:\Windows\SysNative\tasks\{8CDBB420-C940-4818-B68E-2FCB9F55C957}" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\{C3DFAAC1-56E7-4EFA-AB72-0B46B83A0FB5}" [C:\Grabit\alt.binaries.boneless\Password Protected Regure Pro 3.1.0\Password Protected Regure Pro 3.1.0\Crack\RegCurePro.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard" [15-10-2013 15:46] ==== Firefox Extensions ====================== ProfilePath: C:\Users\EDDYSC~1\AppData\Roaming\TomTom\HOME\Profiles\6d6n1haq.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eddy Schiphorst\AppData\Roaming\Mozilla\Firefox\Profiles\tcc1ngt3.default-1394097352096 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies F7E675EBDE6DA3A1665F2DCFA683322F - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1304972082 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Audio Device deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audiodg_NL.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfmmon.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash_Media deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java 7 Build 5326 Update Init deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l80vS6v3d3gK1y1© deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtek deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sQlKQMYbpL deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServices deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdater deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eddy Schiphorst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eddy Schiphorst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Mieke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mieke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Mieke\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mieke\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mieke\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Eddy Schiphorst\AppData\Local\Mozilla\Firefox\Profiles\tcc1ngt3.default-1394097352096\Cache emptied successfully C:\Users\Mieke\AppData\Local\Mozilla\Firefox\Profiles\84r7fcxa.default-1394093263522\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Mieke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=533 folders=26 124372572 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eddy Schiphorst\AppData\Local\Temp will be emptied at reboot C:\Users\Mieke\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\EDDYSC~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Eddy Schiphorst\AppData\Roaming\loadit.exe" not found "C:\Users\Eddy Schiphorst\AppData\Roaming\loadit.exe" not found ==== EOF on wo 16-04-2014 at 17:05:55,29 ======================