Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by harrie on Wed 06/11/2014 at 22:49:27.51. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\harrie\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 6/11/2014 10:54:01 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Bic deleted successfully C:\Users\harrie\AppData\Roaming\Outlook deleted successfully C:\Users\harrie\AppData\Roaming\SupTab deleted successfully C:\Users\harrie\AppData\Local\CrashDumps deleted successfully C:\Users\harrie\AppData\Local\Soldiers deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2971273702-3882408664-4228624218-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2971273702-3882408664-4228624218-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2971273702-3882408664-4228624218-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4C7F7B48-8FEA-46A2-BD06-E666017C28BF} deleted successfully HKEY_USERS\S-1-5-21-2971273702-3882408664-4228624218-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\SLsvc.exe C:\ProgramData\IePluginServices\PluginService.exe C:\ProgramData\WPM\wprotectmanager.exe C:\Windows\System32\spoolsv.exe C:\Program Files\DVBLogic\DVBLink2\DVBLinkServer.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\System32\WinService.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe C:\Program Files\Greener Web\updateGreenerWeb.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Greener Web\bin\utilGreenerWeb.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\DllHost.exe C:\Users\harrie\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Users\harrie\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe C:\Windows\system32\conime.exe C:\Windows\PLFSetI.exe C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Greener Web\bin\GreenerWeb.PurBrowse.exe C:\Users\harrie\Desktop\zoek.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Update Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Util Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Util Greener Web deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wpm deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Deleting Files \ Folders ====================== C:\Users\harrie\AppData\Roaming\SupTab not found C:\Program Files\Linkey deleted C:\ProgramData\systemk deleted C:\ProgramData\WPM deleted C:\Users\harrie\AppData\Roaming\sweet-page deleted C:\Users\harrie\AppData\Roaming\Systweak deleted C:\Users\harrie\AppData\Roaming\AppCloudUpdater deleted C:\Program Files\RegClean Pro deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted C:\Program Files\FoxTabFlvPlayer deleted C:\extensions deleted C:\Users\harrie\AppData\Roaming\Smiley.ico deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak PhotoStudio deleted C:\Windows\System32\Tasks\WinMaximizer-harrie-Startup deleted C:\Windows\Tasks\WinMaximizer-harrie-Startup.job deleted C:\Users\harrie\AppData\LocalLow\Seyaarcch--NeWTabo deleted C:\Users\harrie\AppData\LocalLow\coontinuUetOsavee deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\roboot.exe deleted C:\Users\harrie\Documents\Optimizer Pro deleted "C:\Program Files\SupTab\DpInterface32.dll" deleted "C:\Program Files\Greener Web\updateGreenerWeb.exe" deleted "C:\ProgramData\IePluginServices\PluginService.exe" deleted "C:\Program Files\SupTab\DpInterface32.dll" deleted "C:\Program Files\Greener Web\updateGreenerWeb.exe" deleted "C:\Program Files\SupTab\DpInterface32.dll" deleted "C:\PROGRA~2\IePluginServices\PluginService.exe" deleted "C:\Program Files\Greener Web\updateGreenerWeb.exe" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.PurBrowse.exe" deleted "C:\Program Files\Greener Web\bin\utilGreenerWeb.exe" deleted "C:\Program Files\Settings Manager\systemk\sysapcrt.dll" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.PurBrowse.exe" deleted "C:\Program Files\Greener Web\bin\utilGreenerWeb.exe" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe" deleted "C:\Program Files\Greener Web\bin\GreenerWeb.PurBrowse.exe" deleted "C:\Program Files\Greener Web\bin\utilGreenerWeb.exe" deleted "C:\Program Files\SupTab" not deleted "C:\Program Files\Greener Web" not deleted "C:\Program Files\Settings Manager" not deleted "C:\ProgramData\IePluginServices" not deleted "C:\Program Files\SupTab" not deleted "C:\Program Files\Greener Web" not deleted "C:\Program Files\SupTab" not deleted "C:\PROGRA~2\IePluginServices" not deleted "C:\Program Files\Greener Web" not deleted "C:\Program Files\Greener Web\bin" not deleted "C:\Program Files\Settings Manager\systemk" not deleted "C:\Program Files\Greener Web\bin" not deleted "C:\Program Files\Greener Web\bin" not deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3066 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz CPU Speed: 673.6 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce GT 130M | NVIDIA GeForce GT 130M | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Intel(R) WiFi Link 5100 AGN | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW TS-L633B Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 453.0GB | D: 465.8GB Hard Disks - Free: C: 337.8GB | D: 442.3GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 03/23/09 | ACRSYS - 6040000 Time Zone: W. Europe Standard Time Motherboard *: Acer JM70 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton 360 disabled (Outdated) Firewall: Norton 360 disabled Default Browser: Google Chrome 35.0.1916.114 Internet Explorer Version: 9.0.8112.16421 Google Chrome version: 35.0.1916.114 Adobe Reader version: 9.5.5.316 Sun Java version: 1.7.0_55 (32-bit) Flash Player version: 13.0.0.214 Shockwave Player version: 11.6.3r633 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\harrie\AppData\Local\Temp ==== 2014-06-11 20:38:47 5634C601025C31032A0AF1590B4C0CA6 43008 ----a-w- C:\Users\harrie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk3ccng.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-06-03 18:39:55 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll ====== C:\Windows\system32\drivers ===== 2014-06-10 09:40:20 17E8DD614D7EF04AE68A3B44CB9FD8B9 55128 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}t.sys 2014-06-08 22:24:10 7FBB88DB986633305EE7CEA40B55E62E 55128 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys ====== C:\Windows\Tasks ====== 2014-06-08 21:18:02 F76585459C530642EE8B7CE13F138F44 3240 ----a-w- C:\Windows\system32\Tasks\AppCloudUpdater 2014-06-08 21:18:02 C67AA3BA9830E35D33CDC3CFB55C67B4 296 ----a-w- C:\Windows\Tasks\AppCloudUpdater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-08 21:25:25 -------- d-----w- C:\Program Files\Settings Manager 2014-06-08 21:18:53 -------- d-----w- C:\Program Files\SupTab 2014-06-08 21:18:19 -------- d-----w- C:\Program Files\Greener Web 2014-05-25 16:08:51 -------- d-----w- C:\Program Files\Dropbox 2014-05-23 20:22:26 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\harrie\AppData\Roaming ====== 2014-06-08 21:27:06 -------- d-----w- C:\Users\harrie\AppData\Roaming\Soldiers939 2014-06-08 21:20:06 -------- d-----w- C:\Users\harrie\AppData\Roaming\1H1Q 2014-05-16 18:32:07 -------- d-----w- C:\Users\harrie\AppData\Roaming\DropboxMaster ====== C:\Users\harrie ====== 2014-06-10 18:28:02 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\harrie\Desktop\RSIT (1).exe 2014-06-10 18:27:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\harrie\Downloads\RSIT.exe 2014-06-09 20:07:50 A61A24E28CE5E961941D61C1D342AC39 4748896 ----a-w- C:\Users\harrie\Downloads\ccsetup414.exe 2014-06-09 19:53:07 FDED57423425B37E487E9F5D55BE7122 709260 ----a-w- C:\Users\harrie\Downloads\delfix_10.7.exe 2014-06-08 21:18:54 -------- d-----w- C:\ProgramData\IePluginServices 2014-06-02 21:00:47 -------- d-----r- C:\Users\harrie\Pictures ====== C: exe-files == 2014-06-10 18:28:02 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\harrie\Desktop\RSIT (1).exe 2014-06-10 18:27:12 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\harrie\Downloads\RSIT.exe 2014-06-10 10:34:21 988FF9CFC2264C2744747117EFB91187 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2971273702-3882408664-4228624218-1000\$I9TOLGY.exe 2014-06-10 09:39:52 451FE84C43B79AF625C32EC67B5E46EC 96544 ----a-w- C:\Program Files\Greener Web\bin\GreenerWeb.BrowserAdapter.exe 2014-06-09 20:07:50 A61A24E28CE5E961941D61C1D342AC39 4748896 ----a-w- C:\Users\harrie\Downloads\ccsetup414.exe 2014-06-09 19:53:07 FDED57423425B37E487E9F5D55BE7122 709260 ----a-w- C:\Users\harrie\Downloads\delfix_10.7.exe === C: other files == 2014-06-10 09:40:20 17E8DD614D7EF04AE68A3B44CB9FD8B9 55128 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}t.sys 2014-06-08 22:24:10 7FBB88DB986633305EE7CEA40B55E62E 55128 ----a-w- C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gt.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2971273702-3882408664-4228624218-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DVBLink MediaCenter Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DVBLink MediaCenter Launcher" "hkey"="HKLM" "command"="C:\\Program Files\\DVBLogic\\DVBLink2\\DVBLinkMCLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Family Tree Builder Update" "hkey"="HKLM" "command"="C:\\Program Files\\MyHeritage\\Bin\\FTBCheckUpdates.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\harrie\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDriveConnect.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyDriveConnect.exe" "hkey"="HKCU" "command"="\"C:\\Program Files\\MyDrive Connect\\MyDriveConnect.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyTomTomSA.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyTomTomSA.exe" "hkey"="HKCU" "command"="\"C:\\Program Files\\MyTomTom 3\\MyTomTomSA.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerSuite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PowerSuite" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\Uniblue\\POWERS~1\\launcher.exe\" delay 20000 -m" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reader Application Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reader Application Helper" "hkey"="HKLM" "command"="C:\\Program Files\\Sony\\ReaderDesktop\\appHelper\\ReaderAppHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Remote Control Editor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Remote Control Editor" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\TerraTec\\Remote\\TTTvRc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skytel" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\Skytel.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Program Files\\Utorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acer VCM.lnk" "backup"="C:\\Windows\\pss\\Acer VCM.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\Acer\\ACERVC~1\\AcerVCM.exe " "item"="Acer VCM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WG111v2 Smart Wizard Wireless Setting.lnk" "backup"="C:\\Windows\\pss\\WG111v2 Smart Wizard Wireless Setting.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\NETGEAR\\WG111V~1\\WG111v2.exe " "item"="WG111v2 Smart Wizard Wireless Setting" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^harrie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\harrie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\harrie\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^harrie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] "path"="C:\\Users\\harrie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Screen Clipper and Launcher.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Screen Clipper and Launcher" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\odserv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\p2psvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDRSVC] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Sony SCSI Helper Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update melondrea] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Util melondrea] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinRM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wscsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WSearch] ==== Startup Folders ====================== 2014-05-16 18:32:32 956 ----a-w- C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/15/2014 10:15 PM] C:\Windows\tasks\AppCloudUpdater.job --a------ C:\Users\harrie\AppData\Roaming\APPCLO1\UPDATE1\UPDATE1.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd0ad5aff79aa0.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2011 10:03 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [05/02/2011 10:03 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AppCloudUpdater" [C:\Users\harrie\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cd0ad5aff79aa0" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Launch HTC Sync Loader" [C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton 360\Engine\21.3.0.12\WSCStub.exe"] "C:\Windows\system32\tasks\{478CFAD0-E0C6-4629-BC2C-2D6630BD2F99}" [C:\Program Files\Skype\\Phone\Skype.exe] "C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe] "C:\Windows\system32\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe] "C:\Windows\system32\tasks\Norton 360\Norton Error Processor" [C:\Program Files\Norton 360\Engine\21.3.0.12\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [03/12/2014 06:41 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\harrie\AppData\Roaming\Mozilla\Firefox\Profiles\nl5nammo.default - Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn - Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn - Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension ==== Firefox Plugins ====================== Profilepath: C:\Users\harrie\AppData\Roaming\Mozilla\Firefox\Profiles\nl5nammo.default AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton 360\Engine\21.3.0.12\Exts\Chrome.crx[04/28/2014 02:52 PM] Google Docs - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Identity Safe for Google Chrome™ - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - harrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.default-search.net?sid=492&aid=155&itype=n&ver=12565&tm=372&src=hmp" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1402262285&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.sweet-page.com/?type=hp&ts=1402262285&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1402262285&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX" "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1402262285&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX&q={searchTerms}" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1402262285&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r=499" {21128A38-6486-4536-A541-27A217B2FEB5} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_enNL429NL430" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\harrie\Desktop\Berry's Internet Club.lnk - C:\Program Files\Berry's Internet Club\bic.exe C:\Users\harrie\Desktop\Bridge to Bridge.lnk - C:\Program Files\Bridge Beter\bb.exe -b2b C:\Users\harrie\Desktop\Documents.lnk - C:\Users\harrie\Documents C:\Users\harrie\Desktop\Dropbox.lnk - C:\Users\harrie\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\harrie\Desktop\EXCEL.lnk - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Users\harrie\Desktop\Huismail.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\harrie\Desktop\MyHeritage Family Tree Builder.lnk - C:\Program Files\MyHeritage\Bin\MyHeritage.exe C:\Users\harrie\Desktop\Picture manager.lnk - C:\Program Files\Microsoft Office\Office12\OIS.EXE C:\Users\harrie\Desktop\Recycle Bin - Shortcut.lnk - C:\Users\harrie\Desktop\word.lnk - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Users\harrie\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk - C:\Program Files\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\HTC Sync.lnk - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Users\Public\Desktop\RegClean Pro.lnk - C:\Program Files\RegClean Pro\RegCleanPro.exe C:\Users\Public\Desktop\SketchUp 8.lnk - C:\Program Files\Google\Google SketchUp 8\SketchUp.exe ==== shortcuts in Users Start Menu ====================== C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scpp&ts=1402265336&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scpp&ts=1402265336&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\harrie\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\harrie\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\harrie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=scpp&ts=1402265336&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\LiveUpdate.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\NBRT.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Norton 360.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Support.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Uninstall Norton 360.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk - C:\Program Files\jZip\jZip.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk - C:\Program Files\jZip\jZip.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=scpp&ts=1402265336&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iexplore - Shortcut.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scpp&ts=1402265336&from=cor&uid=HitachiXHTS545050B9A300_090416PB4400Q7GKR7RAX C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - ==== shortcuts After Repair ====================== C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\harrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\harrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iexplore - Shortcut.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\vfd-ob deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coIEPlg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\harrie\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: DVBLink Server (DVBLinkServer2) - DVBLogic - C:\Program Files\DVBLogic\DVBLink2\DVBLinkServer.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IePlugin Services (IePluginServices) - Unknown owner - C:\ProgramData\IePluginServices\PluginService.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: SCM_Service - Unknown owner - C:\Windows\System32\WinService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\harrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\harrie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=290 folders=79 60131183 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\harrie\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\harrie\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\harrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\SupTab" not found "C:\Program Files\Greener Web" not found "C:\Program Files\Settings Manager" not found "C:\ProgramData\IePluginServices" not found "C:\Program Files\SupTab" not found "C:\Program Files\Greener Web" not found "C:\Program Files\SupTab" not found "C:\PROGRA~2\IePluginServices" not found "C:\Program Files\Greener Web" not found ==== EOF on Wed 06/11/2014 at 23:41:24.81 ======================