Zoek.exe v5.0.0.0 Updated 26-07-2014 Tool run by Claire on zo 27-07-2014 at 21:05:05,00. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Claire\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 27-7-2014 21:06:38 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{6EBCE946-F3F0-4347-9E0E-DAE25E6F34D3} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Claire\AppData\Roaming\HpUpdate deleted successfully C:\Users\Claire\AppData\Roaming\Systweak deleted successfully C:\Users\Claire\AppData\Local\CheckCode deleted successfully C:\Users\Claire\AppData\Local\Downloaded Installations deleted successfully C:\Users\Claire\AppData\Local\kpn deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ArchiveTooltipUtility.exe deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ArchiveTooltipUtility.exe deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.7 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.7 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FunctionRubySnapshot deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FunctionRubySnapshot deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Run] "vProt"=- ""=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agatha christie - death on the nile-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bejeweled 2 deluxe-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cc_kart2-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chuzzle deluxe-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drivegreen1-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fate-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpcustpartic.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iastorui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\insaniquarium deluxe-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jewel quest solitaire-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jewelmatch3-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lmanager.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mysteryofmortlakemansion-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuclient.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\penguins-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\plantsvszombies-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\polar-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\provider.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signalislandui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\slingo deluxe-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\torchlight-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virtualvillagers4thetreeoflife-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wedding dash-wt.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zuma deluxe-wt.exe] ==== Deleting Files \ Folders ====================== C:\Users\Claire\AppData\Roaming\Systweak not found C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\ProgramData\{6EBCE946-F3F0-4347-9E0E-DAE25E6F34D3} not found C:\Users\Claire\AppData\Roaming\DVDVideoSoftIEHelpers deleted "C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll" deleted "C:\windows\SysNative\roboot64.exe" deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\ArchiveTooltipUtility.exe" deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\msvcp100.dll" deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\msvcr100.dll" not deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\QtCore4.dll" deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\QtNetwork4.dll" deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot\FunctionRubySnapshot.exe" deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot\msvcp100.dll" deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot\msvcr100.dll" not deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot\QtCore4.dll" deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot\QtNetwork4.dll" deleted "C:\Windows\SysWOW64\FunctionRubySnapshot\FunctionRubySnapshot.exe" deleted "C:\Windows\SysWOW64\FunctionRubySnapshot\msvcp100.dll" deleted "C:\Windows\SysWOW64\FunctionRubySnapshot\msvcr100.dll" not deleted "C:\Windows\SysWOW64\FunctionRubySnapshot\QtCore4.dll" deleted "C:\Windows\SysWOW64\FunctionRubySnapshot\QtNetwork4.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll" deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility" not deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" not deleted "C:\Windows\SYSWOW64\FunctionRubySnapshot" not deleted "C:\Windows\SysWOW64\FunctionRubySnapshot" not deleted "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\desktop" not deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Claire\AppData\Local\Temp ==== 2014-07-27 18:43:35 D8BE96BC224FB9A6034A01156A527271 43008 ----a-w- C:\Users\Claire\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb_gsmi.dll 2014-07-26 13:33:34 3533CBE60CE4F22818A0ADFD55613B21 84533376 ------w- C:\Users\Claire\AppData\Local\Temp\{3F470DC3-9B77-4ABD-9C86-5FBB514F47F6}_emergency.exe 2014-07-20 13:01:14 62BAFE9A908B1717484D32DE5A54244B 4380069 ------w- C:\Users\Claire\AppData\Local\Temp\n3227\RegClean_0307-7366cb4a.exe 2014-07-20 13:01:05 76E42B2362D3953D8167BBF2B6670A43 4406520 ------w- C:\Users\Claire\AppData\Local\Temp\n3227\eDeals_1507-292f2fe8.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-18 15:16:45 244568416B6D59F39ADE671DD82B2659 25400 ----a-w- C:\Windows\SysWOW64\authuitu.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-18 15:16:45 62507E599AE37E91C1BEED8DE35E5236 29496 ----a-w- C:\Windows\Sysnative\authuitu.dll 2014-07-18 15:16:45 40D653A452721F45F5FDCDF7C6A67569 40248 ----a-w- C:\Windows\Sysnative\TURegOpt.exe ====== C:\Windows\Sysnative\drivers ===== 2014-07-12 09:42:47 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== 2014-07-24 06:39:52 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-07-20 13:01:49 17D67C62EFFB5B8669D3C6C7EC9093D4 3316 ----a-w- C:\Windows\Sysnative\Tasks\Advanced System Protector ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-27 12:02:10 -------- d-----w- C:\Program Files\Microsoft Silverlight 2014-07-27 10:57:50 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-07-27 12:02:09 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight ======= C: ===== 2014-07-18 15:32:25 4213FEC2E5915C73E849856ED5641615 3288 ------w- C:\bootsqm.dat ====== C:\Users\Claire\AppData\Roaming ====== 2014-07-27 12:26:15 -------- d-----w- C:\Users\Claire\AppData\Roaming\Nero 2014-07-27 10:50:29 -------- d-----w- C:\Users\Claire\AppData\Local\ElevatedDiagnostics 2014-07-26 13:46:01 -------- d-----w- C:\Users\Claire\AppData\Local\ArchiveTooltipUtility 2014-07-19 18:08:28 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AVG 2014-07-18 15:16:33 -------- d-----w- C:\Users\Claire\AppData\Local\AVG 2014-07-18 14:41:05 -------- d-----w- C:\Users\Claire\AppData\Local\Avg2014 ====== C:\Users\Claire ====== 2014-07-27 12:02:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-20 13:01:30 CA4A499386723DE11EBAF419FB90B8E3 6953496 ------w- C:\Users\Claire\Desktop\Silverlight.exe 2014-07-18 15:16:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014 ====== C: exe-files == 2014-07-27 12:01:45 2EDE6612B7042D8582819CAB084E6883 13087456 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYZA678B\Silverlight_x64.exe 2014-07-27 12:00:53 30DAFA3816B53B576436D841D163F8DC 6286448 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARWP9IOG\Silverlight.exe 2014-07-27 11:01:00 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYZA678B\RSITx64.exe 2014-07-27 10:57:50 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Claire.exe 2014-07-26 13:36:36 7336678A8DF1B7864AB9A3C85164E629 515783 ----a-w- C:\Windows\Temp\UptUpdater.exe 2014-07-26 13:33:34 3533CBE60CE4F22818A0ADFD55613B21 84533376 ------w- C:\Users\Claire\AppData\Local\Temp\{3F470DC3-9B77-4ABD-9C86-5FBB514F47F6}_emergency.exe 2014-07-21 21:06:00 2F35C2E96C6AA3D885175CF7C885E450 262216 ------w- C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2014-07-21 21:02:54 C06FEF70D9E4F57CB34464A397CBC6A2 280640 ------w- C:\Users\Claire\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe 2014-07-21 21:02:50 099E24D4FE2ADA03F648B470830BD382 35464216 ------w- C:\Users\Claire\AppData\Roaming\Dropbox\bin\Dropbox.exe === C: other files == 2014-07-27 12:02:49 FCD25445C1A3E24E25DCF2E3D1F1367B 92817 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IRY4ZDC4\System.Windows.Controls[1].zip 2014-07-27 12:02:49 ECDC5F4BFF60A1A0341A0A1152185681 13485 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5B1JTYVE\System.ComponentModel.Composition.Initialization[1].zip 2014-07-27 12:02:49 CDF45276041F6B24B930A9A08CE081BE 39445 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8H233UGF\System.ServiceModel.Web.Extensions[1].zip 2014-07-27 12:02:49 77857A69AD319C70114D2856CFB14866 23573 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8H233UGF\System.Windows.Controls.Data.Input[1].zip 2014-07-27 12:02:49 5BF38779F83CA64C33AC237555664E54 35271 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\88PG2OWQ\System.ServiceModel.DomainServices.Client.Web[1].zip 2014-07-27 12:02:49 234A644C9D46BEDB966DB2ADDCDBA808 25710 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5B1JTYVE\System.ComponentModel.DataAnnotations[1].zip 2014-07-27 12:02:49 0DD83955982BDBC087F15C57F036824F 86709 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5B1JTYVE\System.ComponentModel.Composition[1].zip 2014-07-27 12:02:49 02333CFFBA7D54D2D338452764DDBE42 73130 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\88PG2OWQ\System.ServiceModel.DomainServices.Client[1].zip 2014-07-27 10:54:59 4AE62FEF367533EDD03A810E3520A4F5 8 ------w- C:\Users\Claire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\88PG2OWQ\ams1.ib.adnxs[1].com 2014-07-21 21:01:56 D732AC5645E4AB4C0E2579962D19F9DE 1129037 ------w- C:\Users\Claire\AppData\Roaming\Dropbox\bin\xui_resources.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-605732264-4259940056-2261553441-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 7520 series (NET)"="C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe -deviceID CN2942B1NY05VV:NW -scfn HP Photosmart 7520 series (NET) -AutoStart 1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Photosmart 7520 series (NET)"="C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe -deviceID CN2942B1NY05VV:NW -scfn HP Photosmart 7520 series (NET) -AutoStart 1" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe " "Power Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe " "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Folders ====================== 2014-03-24 11:12:14 1058 ------w- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-12-21 15:08:21 1948 ----a-w- C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 7520 series (netwerk).lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-07-2014 11:28] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-CRvG-Claire" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\Advanced System Protector" ["C:\Program Files (x86)\RegClean Pro\SystweakASP.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 7520 series" ["C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe] "C:\Windows\SysNative\tasks\ScanToPCActivationApp.exe_{E125D6EB-791D-4277-B5F4-3A52A33C7464}" [C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [21-12-2012 17:06] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=89 folders=31 50596936 bytes) ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility\msvcr100.dll" not found "C:\Windows\SYSWOW64\FunctionRubySnapshot\msvcr100.dll" not found "C:\Windows\SysWOW64\FunctionRubySnapshot\msvcr100.dll" not found "C:\Users\Claire\AppData\Local\ArchiveTooltipUtility" not found "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" not found "C:\Windows\SYSWOW64\FunctionRubySnapshot" not found "C:\Windows\SysWOW64\FunctionRubySnapshot" not found ==== EOF on zo 27-07-2014 at 21:12:53,38 ======================