Zoek.exe v5.0.0.0 Updated 06-August-2014 Tool run by User on do 14/08/2014 at 12:30:55,07. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode No Internet Access Detected Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 14/08/2014 12:33:27 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\MSXML 4.0 deleted successfully C:\PROGRA~2\Alwil Software deleted successfully C:\PROGRA~2\Canon IJ Network Tool deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\User\AppData\Roaming\AdobeUM deleted successfully C:\Users\User\AppData\Roaming\Lavasoft deleted successfully C:\Users\User\AppData\Roaming\PeerNetworking deleted successfully C:\Users\User\AppData\Roaming\TeamViewer deleted successfully C:\Users\User\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C08CAF1D-C0A3-40D5-9970-06D067EAC017} deleted successfully HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C08CAF1D-C0A3-40D5-9970-06D067EAC017} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C08CAF1D-C0A3-40D5-9970-06D067EAC017} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Acronis˙True˙Image˙Home Adobe Flash Player 14 ActiveX Bluetooth Stack for Windows by Toshiba Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG3500 series MP Drivers Canon MG3500 series On-screen Manual CCleaner Cloudfogger Codeur Windows Media S‚rie 9 Comodo Dragon COMODO Internet Security Premium DVD MovieFactory for TOSHIBA Folder Size Foxit Cloud Foxit Reader Free Desktop Clock 3.0 Gebruikersregistratie voor Canon MG3500 series Glary Utilities PRO 4.7 Google Toolbar for Internet Explorer HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 40 Java Auto Updater KeePass Password Safe 1.27 LastPass(alleen de‹nstalleren) Magical Jelly Bean KeyFinder Manuels TOSHIBA Microsoft .NET Framework 3.5 Language Pack SP1 - fra Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (FRA) Microsoft .NET Framework 4.5.1 (Fran‡ais) Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Money 2001 Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft OneDrive Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser Module linguistique Microsoft .NET Framework 3.5 SP1- fra MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyDriveConnect 3.3.0.1731 NVIDIA Drivers PrivDog Puran Defrag 7.7 Realtek High Definition Audio Driver R‚ducteur de bruit lect. CD/DVD Revo Uninstaller 1.95 RocketDock 1.3.5 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Synaptics Pointing Device Driver SyncBackFree Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA Hardware Setup Toshiba Online Product Information TOSHIBA SD Memory Utilities TOSHIBA Software Modem TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Visual Studio C++ 10.0 Runtime WinDVD for TOSHIBA Wise JetSearch 1.45 ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivDogService] ==== Deleting Files \ Folders ====================== C:\Program Files\AdTrustMedia deleted C:\Users\User\AppData\Roaming\2BrightSparks deleted C:\Program Files\2BrightSparks deleted C:\clj2600-HB-pd-winx32-frp.exe deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch deleted C:\Windows\System32\AI_RecycleBin deleted "C:\PROGRA~2\boost_interprocess\20140814102327.375199\{91322E78-F850-41B5-BFA4-B6E34C53F506}" deleted "C:\PROGRA~2\boost_interprocess" not deleted "C:\PROGRA~2\boost_interprocess\20140814102327.375199" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== T:\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-08-13 12:39:21 A86F5EEC0ACEC16906532F2B1A7C00B6 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-13 12:39:21 667A4DAAD3AA57B1051484BAC057CF7C 619664 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-13 12:39:21 3662E6500C477AC0DFAECE4CF7B163B8 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-13 12:39:17 E66A29C118DE2FE3E5766E5C7A2E8E2B 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-13 12:27:23 8FAD1550A16432D56CF6F40953797345 332800 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-13 12:27:23 8F7D200717A58E9800D391F4C2101577 33280 ----a-w- C:\Windows\System32\appinfo.dll 2014-08-13 12:27:23 5E50B8E904FCB8DFC7C29BD3FEB7A593 82432 ----a-w- C:\Windows\System32\consent.exe 2014-08-13 12:27:23 1BD89641D9B1012796AFADAB9A659974 1993728 ----a-w- C:\Windows\System32\authui.dll 2014-08-13 12:27:23 11CFE871D27B4C3485E84BE9E48FFF5E 2263552 ----a-w- C:\Windows\System32\msi.dll 2014-08-13 12:27:02 7191E1CBF4A7A1C0EEC08DED6F6A18A3 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-13 12:26:58 31F57ACBE76A0E17976E18614DE58399 37376 ----a-w- C:\Windows\System32\cdd.dll 2014-08-13 12:26:54 05B803F48B167FED703D968E41C8FF57 421376 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-13 12:26:53 CD599FE695689CADD969134A6DFF536A 717824 ----a-w- C:\Windows\System32\jscript.dll 2014-08-13 12:26:53 9BC276FEBE9095BA13CB7FF9D86D35C8 176640 ----a-w- C:\Windows\System32\ieui.dll 2014-08-13 12:26:53 8A807EB890A68CB9664751D054283473 1810432 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-13 12:26:53 526014FFF6F612D9D0E86C874E7B0C36 1129472 ----a-w- C:\Windows\System32\wininet.dll 2014-08-13 12:26:53 3100F61A0A7921EF93232DF79EB9665B 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-13 12:26:53 03BFA69E881E2A6B4555B156CCC89BE1 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-13 12:26:53 02A1A3C2447C6C61C993CD0458CB9644 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-13 12:26:51 601FCEB3AB6B81F48CCF1E22FFA5E6D4 12356608 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-13 12:26:49 E1DACCBC452185F5F93246B6ABF61043 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-08-13 12:26:49 831B93C9E1D4F14A14FBE37B433C5CE5 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-08-13 12:26:49 7F60324132E77497DB2CBEA7DAE47B11 1137664 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-13 12:26:49 11F23B8F92E4A99F462C000F15F96CD9 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-08-13 12:26:48 BAB1E65F3BB0EA5D388CF46C22231C04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-13 12:26:48 B9F7ADFBF9373D4751193F507C187421 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-13 12:26:48 98CAD7C19474E10C5E8B4F6D44284020 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-13 12:26:47 F2CE7AFE641AF857B0EA0F22F93A5127 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-13 12:26:47 F2645503E6773B1D3E9224A192BB9557 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-13 12:26:47 C6B790771A2BBB4B964329936B22D8D4 9739264 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-13 12:26:47 5E46C4016F81F1B16777787A5AAF1364 231936 ----a-w- C:\Windows\System32\url.dll 2014-08-13 12:26:47 1CBF77E333C1251DD3AF76FD9F67C5D1 1802240 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-13 12:23:33 825EDAE0F2A55CD3578B0FF081595885 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-08-13 12:23:33 16386E2989663F325A6A89991DE5ADFB 297984 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-08 17:20:13 FA2476897DCF7D9598E55F039A5CA3AD 223592 ----a-w- C:\Windows\System32\CbFsNetRdr3.dll 2014-08-08 14:36:16 DF6BE05B03F506A62B3EB786D0336ED1 197632 ----a-w- C:\Windows\System32\CNMLM86.DLL 2014-08-05 13:28:46 69407A3E716210A27CD1DAC2DBC8D658 506880 ----a-w- C:\Windows\System32\qedit.dll 2014-08-05 13:28:41 D0D44370770D491E6BA472C855883422 1248768 ----a-w- C:\Windows\System32\msxml3.dll 2014-08-05 13:28:41 1E06779EDB55D035DD3F4A2B7432A291 1401344 ----a-w- C:\Windows\System32\msxml6.dll 2014-08-05 13:28:38 FB3E5FD7F74BFC301AD3FB7DE670EDCB 502784 ----a-w- C:\Windows\System32\usp10.dll ====== C:\Windows\system32\drivers ===== 2014-08-13 12:26:58 5C2C209CDEFBC51D83D66E8A53B2BE89 638400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-08 17:20:14 F76B4E5CE53311062252B48D80ADC4F9 115928 ----a-w- C:\Windows\System32\drivers\cbfltfs.sys 2014-08-08 17:20:07 39BC435500ACF56D1D2DB80E4D9E90BF 299528 ----a-w- C:\Windows\System32\drivers\cbfs3.sys 2014-08-05 13:28:49 F5272A105F59A7B3B345D9D6D87DA7AD 273408 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-08-05 13:28:43 A4196D394207369E1431E8681B373312 915392 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-08-05 13:28:43 95389980F70FC4990A4395A0B8BBE1D6 31232 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys ====== C:\Windows\Tasks ====== 2014-08-06 09:43:21 -------- d-----w- C:\Windows\system32\Tasks\2BrightSparks ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-08 17:20:02 -------- d-----w- C:\Program Files\Cloudfogger 2014-08-08 17:15:11 -------- d-----w- C:\Program Files\KeePass Password Safe 2014-08-06 12:17:27 -------- d-----w- C:\Program Files\TomTom International B.V 2014-08-06 12:17:23 -------- d-----w- C:\Program Files\MyDrive Connect 2014-08-06 12:09:12 -------- d-----w- C:\Program Files\Microsoft Money 2014-08-05 17:36:44 -------- d-----w- C:\Program Files\Microsoft OneDrive ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2014-08-10 16:38:55 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\Cloudfogger 2014-08-08 17:21:47 -------- d-----w- C:\Users\User\AppData\Roaming\KeePass 2014-08-08 17:20:28 -------- d-----w- C:\Users\User\AppData\Roaming\Cloudfogger 2014-08-08 17:20:28 -------- d-----w- C:\Users\User\AppData\Local\CrashRpt 2014-08-06 13:09:17 -------- d-----w- C:\Users\User\AppData\Roaming\MailWasherPro 2014-08-06 12:17:50 -------- d-----w- C:\Users\User\AppData\Local\TomTom 2014-08-06 09:41:49 -------- d-----w- C:\Users\User\AppData\Local\2BrightSparks ====== C:\Users\User ====== 2014-08-10 16:38:51 1F13D6834834C8DBC4B54BD66C28C9C5 6814744 ----a-w- C:\Users\User\Downloads\InstallMyDriveConnect_3_3_0_1731.exe 2014-08-10 16:38:51 -------- d-----w- C:\Users\User\Downloads 2014-08-09 14:03:34 -------- d-----w- C:\Users\Public\Foxit Software 2014-08-08 17:21:31 -------- d-----w- C:\ProgramData\boost_interprocess 2014-08-08 17:20:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudfogger 2014-08-06 13:09:13 -------- d-----w- C:\Users\User\Desktop 2014-08-06 12:17:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2014-08-06 09:41:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks 2014-08-05 17:36:43 -------- d-----r- C:\Users\User\OneDrive 2014-08-05 17:36:06 -------- d-----w- C:\ProgramData\Microsoft OneDrive ====== C: exe-files == 2014-08-13 12:39:21 667A4DAAD3AA57B1051484BAC057CF7C 619664 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-13 12:39:17 E66A29C118DE2FE3E5766E5C7A2E8E2B 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-13 12:27:23 5E50B8E904FCB8DFC7C29BD3FEB7A593 82432 ----a-w- C:\Windows\System32\consent.exe 2014-08-13 12:27:02 3716C202039D542081CF1C14A7C767DC 19456 ----a-w- C:\Windows\servicing\GC32\tzupd.exe 2014-08-13 12:26:49 831B93C9E1D4F14A14FBE37B433C5CE5 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-08-13 12:26:49 24E81DD09DC95A57E540CBE0DB82F2DC 22528 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe 2014-08-13 12:26:49 11F23B8F92E4A99F462C000F15F96CD9 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-08-13 12:26:48 6AECB1303D69A5B2098A07A2D3F87D40 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-08-13 12:26:48 4284E58A38F0A0E69205B9122E15AED3 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-08-13 12:26:47 F2CE7AFE641AF857B0EA0F22F93A5127 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-13 12:26:47 76F9BA272D99BB7859695A4F9207178E 757976 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-08-12 16:58:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\User.exe 2014-08-10 16:38:51 1F13D6834834C8DBC4B54BD66C28C9C5 6814744 ----a-w- C:\Users\User\Downloads\InstallMyDriveConnect_3_3_0_1731.exe 2014-08-09 14:03:14 26EABEEA7F30DCF21DA0577C4EE26FAA 242216 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe 2014-08-09 14:03:13 2702B078FBB78931F652E392EBAF7A2A 902696 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\unins000.exe 2014-08-09 14:03:03 49E549A01BB5FF6E82E386176E4D7305 96320 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 2014-08-09 14:03:01 236BFA1DBFED844EC1FDC2525AC01243 2085952 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\SendCrashReport.exe 2014-08-09 14:03:00 3B4147F1629F7AEA54E80172E210B48A 11274816 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\Foxit Updater.exe 2014-08-09 14:02:56 5BB96B76B424E2D267F6DF5C02120398 37955136 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe 2014-08-09 14:02:55 724B745EAC1CB508EC7D1BBA4EE4460C 60480 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe 2014-08-09 14:02:54 EFE19AA432862C5D438E706864F33C4A 2427968 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\UninstallPrint.exe 2014-08-09 14:02:38 3C192E6771B413D1ED0BEE9FDBCE3104 1902144 ----a-w- C:\Program Files\Foxit Software\Foxit Reader\unins000.exe 2014-08-08 17:20:05 76E26B834AB5E4F489E820A6D0EFCB1A 631296 ----a-w- C:\Program Files\Cloudfogger\CrashSender1300.exe 2014-08-08 17:20:03 CF2CE7251085916C41A7B5345CB0496A 7173456 ----a-w- C:\Program Files\Cloudfogger\Cloudfogger.exe 2014-08-08 17:20:02 4C79A0E85D3E26BDE5537AF54C156226 1165136 ----a-w- C:\Program Files\Cloudfogger\unins000.exe 2014-08-08 17:15:11 8868DCB680DBCABEADCAC0EFDD640643 1196823 ----a-w- C:\Program Files\KeePass Password Safe\unins000.exe 2014-08-08 17:15:11 068325C597D1F228543FDF6BB1CAA85E 2117632 ----a-w- C:\Program Files\KeePass Password Safe\KeePass.exe 2014-08-08 14:36:19 769A0142C090D1BA2EF4CBDCC9AC3800 15448 ----a-w- C:\Windows\System32\spool\drivers\w32x86\3\CNMSE86.EXE 2014-08-08 14:36:19 769A0142C090D1BA2EF4CBDCC9AC3800 15448 ----a-w- C:\Windows\System32\DriverStore\FileRepository\ip4300.inf_54acac30\PRN2KXP\CNMSE.EXE 2014-08-07 17:38:08 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\User\AppData\Local\Microsoft\SkyDrive\Update\OneDriveSetup.exe 2014-08-07 17:38:08 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\OneDriveSetup.exe 2014-08-07 17:37:52 2DE22C0868B0FC1E10F06767665A9619 87200 ----a-w- C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveConfig.exe === C: other files == 2014-08-13 12:26:58 5C2C209CDEFBC51D83D66E8A53B2BE89 638400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-13 12:23:33 825EDAE0F2A55CD3578B0FF081595885 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-08-08 17:20:14 F76B4E5CE53311062252B48D80ADC4F9 115928 ----a-w- C:\Windows\System32\drivers\cbfltfs.sys 2014-08-08 17:20:07 39BC435500ACF56D1D2DB80E4D9E90BF 299528 ----a-w- C:\Windows\System32\drivers\cbfs3.sys 2014-08-08 17:20:04 F76B4E5CE53311062252B48D80ADC4F9 115928 ----a-w- C:\Program Files\Cloudfogger\Drivers\release\32bit\cbfltfs.sys 2014-08-08 17:20:04 ED6F48C234555552FD31AAECFD792A8C 148312 ----a-w- C:\Program Files\Cloudfogger\Drivers\release\64bit\cbfltfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Windows\CurrentVersion\Run] "AtomicAlarmClock6"="C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe" "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" "SkyDrive"="C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Cloudfogger"="C:\Program Files\Cloudfogger\Cloudfogger.exe --silent --autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AtomicAlarmClock6"="C:\Program Files\Free Desktop Clock\FreeDesktopClock.exe" "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" "SkyDrive"="C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Cloudfogger"="C:\Program Files\Cloudfogger\Cloudfogger.exe --silent --autostart" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00TCrdMain] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="00TCrdMain" "hkey"="HKLM" "command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2 Service" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcronisTimounterMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AcronisTimounterMonitor" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Folder Size] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Folder Size" "hkey"="HKCU" "command"="C:\\Program Files\\FolderSize\\FolderSize.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GUDelayStartup" "hkey"="HKCU" "command"="C:\\Program Files\\Glary Utilities 4\\StartupManager.exe -delayrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HSON] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HSON" "hkey"="HKLM" "command"="%ProgramFiles%\\TOSHIBA\\TBS\\HSON.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScannerSelectorEX" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LtMoh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LtMoh" "hkey"="HKLM" "command"="C:\\Program Files\\ltmoh\\Ltmoh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyDriveConnect.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyDriveConnect.exe" "hkey"="HKCU" "command"="\"C:\\Program Files\\MyDrive Connect\\MyDriveConnect.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCplDaemon" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMediaCenter" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvSvc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvSvc" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmoothView] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmoothView" "hkey"="HKLM" "command"="%ProgramFiles%\\Toshiba\\SmoothView\\SmoothView.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\topi] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="topi" "hkey"="HKLM" "command"="C:\\Program Files\\TOSHIBA\\Toshiba Online Product Information\\topi.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOSCDSPD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TOSCDSPD" "hkey"="HKCU" "command"="TOSCDSPD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Toshiba Registration" "hkey"="HKLM" "command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaRegistration.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrueImageMonitor.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk] "item"="Install LastPass IE RunOnce" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Install LastPass IE RunOnce.lnk" "backup"="C:\\Windows\\pss\\Install LastPass IE RunOnce.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\LPUNIN~1.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/08/2014 15:25] C:\Windows\tasks\GlaryInitialize 4.job --a------ C:\Program Files\Glary Utilities 4\Initialize.exe [28/02/2014 10:23] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GlaryInitialize 4" [C:\Program Files\Glary Utilities 4\Initialize.exe] "C:\Windows\system32\tasks\GU4SkipUAC" [C:\Program Files\Glary Utilities 4\Integrator.exe] "C:\Windows\system32\tasks\2BrightSparks\SyncBackFree\L-PC01-User\SyncBackFree OneDrive Kopij" [C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe] "C:\Windows\system32\tasks\2BrightSparks\SyncBackFree\L-PC01-User\SyncBackFree Outlook naar WD" [C:\Program Files\2BrightSparks\SyncBackFree\SyncBackFree.exe] "C:\Windows\system32\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [10/09/2009 10:36] ==== Chrome Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cmaiofennmphjldldcpphcechfnnohja - C:\Users\User\AppData\Local\AdTrustMedia\PrivDog\PrivDog_chrome.crx[15/06/2014 16:09] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_fr" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1738508118-990416778-2497299500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=321 folders=86 83651604 bytes) ==== Empty Temp Folders ====================== C:\Users\User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\PROGRA~2\boost_interprocess" deleted ==== EOF on do 14/08/2014 at 16:22:59,13 ======================