Zoek.exe v5.0.0.0 Updated 31-07-2014 Tool run by Sjaan on do 31-07-2014 at 20:21:56,07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sjaan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 31-7-2014 20:24:56 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVG deleted successfully C:\PROGRA~2\Music App deleted successfully C:\PROGRA~2\MyHeritage deleted successfully C:\PROGRA~2\PC Performer deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\Web Cake deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\AVG2013 deleted successfully C:\PROGRA~3\Browser Manager deleted successfully C:\PROGRA~3\BrowserProtect deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Systweak deleted successfully C:\PROGRA~3\WinZipEC deleted successfully C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\Users\Sjaan\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\Sjaan\AppData\Roaming\AVG2013 deleted successfully C:\Users\Sjaan\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Sjaan\AppData\Roaming\PCCUStubInstaller deleted successfully C:\Users\Sjaan\AppData\Roaming\PerformerSoft deleted successfully C:\Users\Sjaan\AppData\Roaming\rightbackup deleted successfully C:\Users\Sjaan\AppData\Roaming\systweak deleted successfully C:\Users\Sjaan\AppData\Roaming\TP deleted successfully C:\Users\Sjaan\AppData\Local\Avg2013 deleted successfully C:\Users\Sjaan\AppData\Local\GHISLER deleted successfully C:\Users\Sjaan\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\Sjaan\AppData\Local\MigWiz deleted successfully C:\Users\Sjaan\AppData\Local\PDFC deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{395cfbfb-4053-454c-883d-10bf819d83d2} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{836657FD-73B6-46DB-8756-18D653609D44} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files (x86)\PC Veilig\Anti-Virus\FSGK32.EXE C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\FAT32NativeRaw.exe C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe C:\Users\Sjaan\AppData\Roaming\Massive Media\Twoo.exe C:\Users\Sjaan\AppData\Local\iLivid\iLivid.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Fighters\Tray\FightersTray.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\PC Veilig\Common\FSLAUNCH.EXE C:\Users\Sjaan\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RgFltX64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RgFltX64 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=1224657a000000000000e0cb4efc326f&q="); user_pref("extensions.Softonic.id", "1224657a000000000000e0cb4efc326f"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.instlDay", "16017"); user_pref("extensions.Softonic.vrsn", "1.8.21.14"); user_pref("extensions.Softonic.vrsni", "1.8.21.14"); user_pref("extensions.Softonic.vrsnTs", "1.8.21.1416:31:26"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "OC"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "opencandy2013"); user_pref("extensions.Softonic.instlRef", "MOY00621"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=1224657a000000000000e0cb4efc326f"); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=1224657a000000000000e0cb4efc326f"); ---- Lines babylon modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}\":{\"descriptor\":\"C:\\\\ ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}\":{\"descriptor\":\"C:\\\\ ---- Lines InboxAce modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}\":{\"descriptor\":\"C:\\\\ ---- Lines SpeedAnalysis removed from prefs.js ---- user_pref("extensions.speedanalysis02@SpeedAnalysis.com.id", "\"ef534ae9-b2ec-9f9e-db96-572b4e7456bd\""); user_pref("extensions.speedanalysis02@SpeedAnalysis.com.mzID", "75"); user_pref("extensions.speedanalysis02@SpeedAnalysis.com.uuid", "\"a1ab5651-2924-11e3-8099-0025901ef77c\""); ---- Lines SpeedAnalysis modified from prefs.js ---- user_pref("extensions.enabledAddons", "speedanalysis02%40SpeedAnalysis.com:1.0.0.3,zulagames%40ZulaGames.com:1.0.0.6,%7B972ce4c6-7e08-4474-a285-320819 user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- user_31-07-2014_2037_.backup prefs_12-05-2013_2225_.backup prefs_31-07-2014_2037_.backup ProfilePath: C:\Users\Sjaan\AppData\Roaming\TomTom\HOME\Profiles\txskg5rv.default prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [--HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}] [--HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iLivid"=- "nudegf.exe"=- ""=- "weelab.exe"=- "ujwede.exe"=- "zzihla.exe"=- "xgrzhz.exe"=- "eplabu.exe"=- "udczrz.exe"=- "rzaqsu.exe"=- "zzihaw.exe"=- "fkzrzz.exe"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Allin1Convert EPM Support"=- "AnyProtect Scanner"=- "BlockAndSurf"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\di9BlockAndSurf not found C:\Program Files (x86)\Music App not found C:\Program Files (x86)\predm not found C:\Users\Sjaan\AppData\Roaming\rightbackup not found C:\Program Files (x86)\Wajam not found C:\Users\Sjaan\AppData\Roaming\systweak not found C:\ProgramData\Systweak not found C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found "C:\Windows\Installer\1835bfd.msi" not found "C:\Windows\Installer\1835c04.msi" not found C:\Windows\Syswow64\CommandOSWYSIWYG deleted C:\Program Files (x86)\AnyProtectEx deleted C:\Users\Sjaan\AppData\Roaming\hzepnu deleted C:\Users\Sjaan\AppData\Roaming\uiawwn deleted C:\Users\Sjaan\AppData\Roaming\aqihwe deleted C:\ProgramData\3256 deleted C:\Program Files (x86)\PC Speed Maximizer deleted C:\7f3958de7d6bf28c26d7212bdd5188bb deleted C:\Users\Sjaan\daemonprocess.txt deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\ParetoLogic deleted C:\PROGRA~2\COMMON~1\ParetoLogic deleted C:\PROGRA~2\RegUse deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\vGrabber-software deleted C:\install.exe deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted C:\Users\Sjaan\AppData\Roaming\aps.uninstall.scan.results deleted C:\Users\Sjaan\AppData\Roaming\Web Cake deleted C:\Users\Sjaan\AppData\Roaming\ParetoLogic deleted C:\Users\Sjaan\AppData\Roaming\DriverCure deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DealPly deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Systweak deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\BSD deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Babylon deleted C:\PROGRA~3\Trymedia deleted C:\Users\Sjaan\AppData\Local\VideoDownloadConverter_4z deleted C:\Users\Sjaan\AppData\Local\SearchUILog deleted C:\Users\Sjaan\AppData\Local\IAC deleted C:\Users\Sjaan\AppData\Local\Mobogenie deleted C:\Users\Sjaan\AppData\Local\cache deleted C:\Users\Sjaan\AppData\Local\Babylon deleted C:\Users\wangzhisong\AppData\Local\Mobogenie deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader deleted C:\windows\SysNative\Tasks\LaunchApp deleted C:\windows\SysNative\Tasks\fsupdate deleted C:\Users\Sjaan\Downloads\screensaver.exe deleted C:\Users\Sjaan\Searches deleted C:\Users\Sjaan\AppData\LocalLow\imeshmusicboxtoolbarnew deleted C:\Users\Sjaan\AppData\LocalLow\IAC deleted C:\Users\Sjaan\AppData\LocalLow\Softonic deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\Reimage.ini deleted C:\Windows\tasks\ParetoLogic Registration3.job deleted C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job deleted C:\Windows\tasks\ParetoLogic Update Version3.job deleted C:\Windows\tasks\PC Health Advisor Defrag.job deleted C:\Windows\tasks\PC Health Advisor.job deleted C:\Windows\tasks\APSnotifierPP1.job deleted C:\Windows\tasks\APSnotifierPP2.job deleted C:\Windows\tasks\APSnotifierPP3.job deleted C:\windows\SysNative\tasks\APSnotifierPP1 deleted C:\windows\SysNative\tasks\APSnotifierPP2 deleted C:\windows\SysNative\tasks\APSnotifierPP3 deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\END deleted C:\Users\wangzhisong deleted C:\Windows\Syswow64\sho1FE3.tmp deleted C:\Windows\Syswow64\sho6817.tmp deleted C:\Windows\Syswow64\sho6BBD.tmp deleted C:\Windows\Syswow64\sho779E.tmp deleted C:\Windows\Syswow64\shoCAF4.tmp deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Users\Sjaan\Documents\Optimizer Pro deleted C:\Users\Sjaan\Documents\Mobogenie deleted C:\Users\Sjaan\Documents\PC Speed Maximizer deleted C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\searchplugins\askcom.xml deleted C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\searchplugins\bingp.xml deleted C:\Users\Sjaan\Desktop\Video Downloader.lnk deleted C:\Users\Sjaan\Desktop\iLivid.lnk deleted C:\Users\Sjaan\Desktop\Sync Folder.lnk deleted C:\Users\Sjaan\Desktop\SpeedAnalysis.lnk deleted C:\Users\Sjaan\Desktop\MyPC Backup.lnk deleted C:\Users\Sjaan\Desktop\PC Speed Maximizer.lnk deleted C:\Users\Sjaan\MEMORY.EXE deleted C:\Users\Sjaan\SAME.EXE deleted C:\Users\Sjaan\TP3.EXE deleted C:\Users\Sjaan\AppData\Local\AnyProtectScannerSetup.exe deleted C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\extensions\{fa63398e-322b-4833-9af3-15837ad12138} deleted "C:\Windows\Installer\119a8f7.msi" deleted "C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default\extensions\speedanalysis02@SpeedAnalysis.com.xpi" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\FAT32NativeRaw.exe" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\msvcp100.dll" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\msvcr100.dll" not deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\QtCore4.dll" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\QtNetwork4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\iLivid.exe" deleted "C:\Users\Sjaan\AppData\Local\iLivid\libeay32.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\msvcp100.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\msvcr100.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtCore4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtGui4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtNetwork4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtWebKit4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtXml4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\ssleay32.dll" deleted "C:\Program Files (x86)\MyPC Backup\AWSSDK.dll" deleted "C:\Program Files (x86)\MyPC Backup\GetText.dll" deleted "C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll" deleted "C:\PROGRA~2\MyPC Backup\AWSSDK.dll" deleted "C:\PROGRA~2\MyPC Backup\GetText.dll" deleted "C:\PROGRA~2\MyPC Backup\LogicNP.EZShellExtensions.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBContextMenu.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBIconOverlays.dll" deleted "C:\Users\Sjaan\AppData\Roaming\Babylon\log_file.txt" deleted "C:\Users\Sjaan\AppData\Roaming\Babylon\ocr_data" deleted "C:\Users\Sjaan\AppData\Local\iLivid\iLivid.exe" deleted "C:\Users\Sjaan\AppData\Local\iLivid\libeay32.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\msvcp100.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\msvcr100.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtCore4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtGui4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtNetwork4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtWebKit4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\QtXml4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\ssleay32.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qgif4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qico4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qjpeg4.dll" deleted "C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db" not deleted "C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Babylon.exe" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\BabyServices.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\BContentServer.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\BContentServerExt.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\BException.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\captlib.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll" deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll" deleted "C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe" deleted "C:\Program Files\Babylon\Babylon-Pro\captlib64.dll" deleted "C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not deleted "C:\PROGRA~2\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qgif4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qico4.dll" deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats\qjpeg4.dll" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw" not deleted "C:\Users\Sjaan\AppData\Local\iLivid" deleted "C:\Program Files (x86)\MyPC Backup" not deleted "C:\PROGRA~2\Babylon" not deleted "C:\Program Files\Babylon" not deleted "C:\PROGRA~2\MyPC Backup" not deleted "C:\Users\Sjaan\AppData\Roaming\Babylon" deleted "C:\Users\Sjaan\AppData\Local\iLivid" deleted "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\desktop" not deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats" deleted "C:\Program Files (x86)\MyPC Backup\Database" not deleted "C:\Program Files (x86)\MyPC Backup\x64" not deleted "C:\PROGRA~2\Babylon\Babylon-Pro" not deleted "C:\PROGRA~2\Babylon\Babylon-Pro\Utils" not deleted "C:\Program Files\Babylon\Babylon-Pro" not deleted "C:\PROGRA~2\MyPC Backup\Database" not deleted "C:\PROGRA~2\MyPC Backup\x64" not deleted "C:\Users\Sjaan\AppData\Local\iLivid\imageformats" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4003 MB CPU Info: Intel(R) Celeron(R) CPU G530T @ 2.00GHz CPU Speed: 1993,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (E: | ) E: hp DVD A DH16ABSH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 448,3GB | D: 17,4GB | Q: 0,0MB Hard Disks - Free: C: 61,0GB | D: 2,1GB | Q: 0,0MB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | 11/18/11 | HPQOEM - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: PEGATRON CORPORATION 2AD4 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: PC Veilig 9.12 On-access scanning disabled (Outdated) Anti-Spyware: PC Veilig 9.12 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: PC Veilig 9.12 disabled Internet Explorer Version: 11.0.9600.17207 Adobe Reader version: 11.0.07.79 Sun Java version: 1.7.0_65 (32-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Sjaan\AppData\Local\Temp ==== 2014-07-31 18:08:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\l6otntxj.dll 2014-07-25 08:13:54 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\856804_stp\AnyProtectScannerSetup.exe 2014-07-23 12:58:26 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\app.exe 2014-07-23 12:51:44 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\6782196_stp\AnyProtectScannerSetup.exe 2014-07-23 12:51:44 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\1983870_stp\AnyProtectScannerSetup.exe 2014-07-23 12:51:44 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\1954889_stp\AnyProtectScannerSetup.exe 2014-07-23 12:51:44 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\1940750_stp\AnyProtectScannerSetup.exe 2014-07-23 12:41:08 A3AB2955C4E075CC8AA98D27990585CE 13383928 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\UniProtectorPackage.exe 2014-07-23 12:39:28 5B2322A6CA9618AB2A57D81968833219 12273152 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\ReimagePackage.exe 2014-07-23 12:37:52 5FA9BB616FD2B1826BC2E77ABF0DD41F 772640 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\is1349176143\222DEC81_stp.EXE 2014-07-23 12:31:43 CF95932C00190451115C782E139DE582 264488 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes.dll 2014-07-23 12:31:43 C4CF03B998D4D758B89CD07F22D7A7F9 645168 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe 2014-07-23 12:31:43 87AA773F15D90973090D4DF76F8E60EF 565808 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\MSS\3.8.150.1\mcbrwsr2.dll 2014-07-23 12:31:43 2AA753368BF68871962D2E99B8692985 153760 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes_LD.dll 2014-07-23 12:31:43 14E9947D26B0A418AA02F87741E4B40B 769736 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\MSS\3.8.150.1\McInstallerStartup.dll 2014-07-23 11:45:23 915742C2F53E48FA605B2A554FD93EE7 8102472 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\n1252\OptimizerPro.exe 2014-07-23 11:38:25 2F56A856BF812156052777697DB8271E 290665 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\n1572\VOPackage.exe 2014-07-23 11:38:18 BA0FAAEDEDAB6E6365A92143B558BD8C 4242370 ----a-w- C:\Users\Sjaan\AppData\Local\Temp\n1572\systemsspeedup_0307-cd6becd7.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\15143134_stp\AnyProtectScannerSetup.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\13942110_stp\AnyProtectScannerSetup.exe 2014-07-22 11:53:08 93B3D9FDB32A28260024803369E1F6F7 575783 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\12756615_stp\AnyProtectScannerSetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-21 13:27:10 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll 2014-07-18 22:01:09 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-07-18 22:01:06 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-07-18 22:01:06 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-07-18 22:01:06 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-21 19:04:44 881A730D64636C42076244A80DEA0ECD 365576 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT ====== C:\Windows\Sysnative\drivers ===== 2014-07-23 12:04:09 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf 2014-07-09 10:37:20 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== 2014-07-30 07:45:01 022C3324D5401AD60FB0D49021876279 3362 ----a-w- C:\Windows\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000 2014-07-25 15:00:04 DA132498B5D9E80A4E93C9362261B628 3186 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForSjaan 2014-07-25 15:00:00 7A3661557AF606F8128A45692C15F826 332 ----a-w- C:\Windows\Tasks\HPCeeScheduleForSjaan.job 2014-07-23 10:00:20 44569F14390F2978FB8C583869DA7C67 2978 ----a-w- C:\Windows\Sysnative\Tasks\{8F81DBBD-7C19-447E-9EB8-9DD2E69CED0B} 2014-07-09 13:12:44 610E6D691BDCEC8C567A35E41777BDCE 3340 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-26 13:07:20 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-07-23 11:38:10 -------- d-----w- C:\PROGRA~2\FLVM Player 2014-07-02 08:05:08 -------- d-----w- C:\PROGRA~2\COMMON~1\xing shared ======= C: ===== 2014-07-24 23:32:45 D3D4552543E27E19E680B691F694403B 589 ----a-w- C:\TRANSLATE ====== C:\Users\Sjaan\AppData\Roaming ====== 2014-07-28 11:45:26 EF4765ACD581F192889C19B0D6542A84 191632 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-07-23 13:06:43 -------- d-----w- C:\Users\Sjaan\AppData\Local\ElevatedDiagnostics 2014-07-23 12:38:11 -------- d-----w- C:\Users\Sjaan\AppData\Roaming\FlvPlayer 2014-07-23 11:38:30 -------- d-----w- C:\Users\Sjaan\AppData\Local\FAT32NativeRaw 2014-07-23 11:38:12 -------- d-----w- C:\Users\Sjaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player 2014-07-21 14:57:33 -------- d-----w- C:\Users\Sjaan\AppData\Roaming\MusicNet 2014-07-21 13:49:29 5088B935264E2B2E5988AC9664F93723 88248 ----a-w- C:\Users\Sjaan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-09 22:04:24 -------- d-----w- C:\Users\Sjaan\AppData\Local\Adobe 2014-07-02 08:40:50 -------- d-----w- C:\Users\Sjaan\AppData\Roaming\RealNetworks ====== C:\Users\Sjaan ====== 2014-07-26 13:06:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sjaan\Desktop\RSITx64.exe 2014-07-26 11:12:22 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Sjaan\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-23 12:38:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer 2014-07-23 12:04:12 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2014-07-18 22:01:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-02 08:05:36 -------- d-----w- C:\ProgramData\RealNetworks ====== C: exe-files == 2014-07-31 18:14:44 CD76175787627D4543572043E63476C4 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IIPVVU5.exe 2014-07-31 17:58:34 B6F3EFF7F38D65A0C54B11A675173300 1287168 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$RIPVVU5.exe 2014-07-30 09:36:26 3D679AFA9FF264E78D0A7809A8CF2A7D 3491720 ----a-w- C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9F1MQ8P\wzdu18.exe 2014-07-26 21:52:16 ECDC5D308DF2184C50DAC7CD97B1DF30 63488 ----a-w- C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sjaan\MEMORY.EXE 2014-07-26 21:52:16 A645F15916F104199B8D75F7B803ADE9 48704 ----a-w- C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sjaan\SAME.EXE 2014-07-26 21:52:16 3091F9CC6DAB7DC30F3CC48C9C0F0DD6 86448 ----a-w- C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sjaan\TP3.EXE 2014-07-26 13:07:20 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Sjaan.exe 2014-07-26 13:06:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sjaan\Desktop\RSITx64.exe 2014-07-26 11:27:20 A7FCBA4D9AACB577020B3206D72C5616 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1642182672-874913691-4204922181-1000\$IER42D5.exe 2014-07-26 11:12:22 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Sjaan\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-25 15:37:59 561430BC2C62A15CBCC0916324BAEEE6 588719 ----a-w- C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KAIIOYRJ\Setup[1].exe 2014-07-25 08:13:54 A7ED81A0BB0F50C456CFD6048B9A5389 575544 ------w- C:\Users\Sjaan\AppData\Local\Temp\is45637729\856804_stp\AnyProtectScannerSetup.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "Twoo"="C:\Users\Sjaan\AppData\Roaming\Massive Media\Twoo.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "Twoo"="C:\Users\Sjaan\AppData\Roaming\Massive Media\Twoo.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "TkBellExe"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray] "command"="\"C:\\Program Files (x86)\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "hkey"="HKLM" "item"="CloneCDTray" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstaLAN] "command"="\"C:\\Program Files (x86)\\Belkin\\Router Setup and Monitor\\BelkinRouterMonitor.exe\" startup" "hkey"="HKLM" "item"="InstaLAN" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive] "command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s" "hkey"="HKLM" "item"="VirtualCloneDrive" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2014-07-02 08:04:54 1250 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08-07-2014 23:36] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-04-2012 16:04] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\HPCeeScheduleForSjaan.job --a------ [Undetermined Task] C:\Windows\tasks\Scheduled scanning task.job --a------ C:\PROGRA2\PCVEIL1\ANTI-V1\fsav.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\4674" [wscript.exe C:\Users\Sjaan\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ArcSoft Connect Daemon" [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForSjaan" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Real Player-online actualiseringsprogramma" [c:\program files (x86)\real\realplayer\Update\realsched.exe] "C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1642182672-874913691-4204922181-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\Scheduled scanning task" [C:\PROGRA~2\PCVEIL~1\ANTI-V~1\fsav.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8ECC352D-C69B-4BC1-B883-D806E5A8E3BE}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{8F81DBBD-7C19-447E-9EB8-9DD2E69CED0B}" [C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe] "C:\Windows\SysNative\tasks\{921D5ADF-B579-401E-912F-2B3BE7C5B80A}" [F:\MEMORY.EXE] "C:\Windows\SysNative\tasks\{996FD723-18AF-4C08-9E7A-0C1C232D9CA7}" [F:\MEMORY.EXE] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02-07-2014 10:05] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ==== Firefox Plugins ====================== Profilepath: C:\Users\Sjaan\AppData\Roaming\Mozilla\Firefox\Profiles\dq4sr5bc.default D0D8A5784C6260EE1C1EA58A9576F652 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealPlayer Video Downloader (32-bit) D1041C1505FEDBBA27529AB1B57450B8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealPlayer Video Downloader for PepperFlash (32-bit) 06C0E62DE26FBC4F174A91F4B70C45F7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) CE3D390F8BC1FECF847ABAA6E887931E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaaikjhckghnoaaaehhmgjcfajoabi - C:\Users\Sjaan\AppData\Local\imeshmusicboxtoolbarnew\GC\toolbar.crx[] aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Sjaan\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10-06-2014 17:54] RealPlayer Downloader - Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - Sjaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Movies Toolbar - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob Ask Toolbar - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne DropToS - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Torch Games - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp Torch Music - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad FaceLift - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk Torch Helper - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Torch Torrent - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc Google Wallet - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Torch Music - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed Hola for Torch - Sjaan\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh FlowSurf - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn ==== Chrome Fix ====================== C:\Users\Sjaan\AppData\Local\Torch\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob deleted successfully C:\Users\Sjaan\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" {B1CF209D-833E-4D7D-BB7E-E9DC5410D2CE} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {D0D717B8-5DA9-423B-A5B8-E985249F5235} Bing Url="http://www.bing.com/search?FORM=U219DF&PC=U219&q={searchTerms}&src=IE-SearchBox" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-1642182672-874913691-4204922181-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ocr@babylon.com deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:16724" "ProxyOverride"="*origin.com;*ea.com;*akamaihd.net;" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{245D96AF-CB43-4910-ABFB-8361FFBEB459} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8B1881C3-A40C-4DF3-BFD2-CCD2FEDD7D83} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaaikjhckghnoaaaehhmgjcfajoabi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dll O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe O4 - HKCU\..\Run: [Twoo] "C:\Users\Sjaan\AppData\Roaming\Massive Media\Twoo.exe" O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Firewall (avgfws) - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (file missing) O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (file missing) O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (file missing) O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: FAT32NativeRaw.exe - Unknown owner - C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\FAT32NativeRaw.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exe O23 - Service: GamesAppService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sjaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Sjaan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Sjaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Sjaan\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7145 folders=602 705276552 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Sjaan\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Sjaan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw\msvcr100.dll" not found "C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db" not found "C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not found "C:\Users\Sjaan\AppData\Local\FAT32NativeRaw" not found "C:\Program Files (x86)\MyPC Backup" not found "C:\PROGRA~2\Babylon" not found "C:\Program Files\Babylon" deleted "C:\PROGRA~2\MyPC Backup" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on do 31-07-2014 at 20:56:10,02 ======================