Zoek.exe v5.0.0.0 Updated 04-September-2014 Tool run by carla on do 04-09-2014 at 20:51:30,14. Microsoft® Windows Vista™ Ultimate 6.0.6000 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\carla\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 4-9-2014 20:55:37 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\GUMC023.tmp deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\Common Files\Apple deleted successfully C:\Program Files\Common Files\PDF Architect deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\carla\AppData\Local\WorldofTanks deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54CF99CA-43A0-424E-A383-3C60070C4C48} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54CF99CA-43A0-424E-A383-3C60070C4C48} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{86A06E94-723E-902D-E21C-D6B10B2DD9E2} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_CLASSES_ROOT\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54CF99CA-43A0-424E-A383-3C60070C4C48} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{86A06E94-723E-902D-E21C-D6B10B2DD9E2} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{3A2D5EBA-F86D-4BD3-A177-019765996711} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{54CF99CA-43A0-424E-A383-3C60070C4C48} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{86A06E94-723E-902D-E21C-D6B10B2DD9E2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\APNMCP deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\carla\AppData\Roaming\Mozilla\Firefox\Profiles\8z9amukt.default user.js not found ---- Lines babylon modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- Lines searchqu modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_04-09-2014_2103_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BlockAndSurf"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softonic for Windows] ==== Deleting Files \ Folders ====================== C:\Users\carla\AppData\Roaming\DSite not found C:\Users\carla\AppData\Local\Softonic not found C:\ProgramData\5fd9e3436fcece72 deleted C:\Program Files\Common Files\DVDVideoSoft deleted C:\Users\carla\AppData\LocalLow\{C1E7E53B-3184-C8CE-9DE0-98063DDC813A} deleted C:\PROGRA~2\DivX deleted C:\Program Files\FoxTabPDFConverter deleted C:\user.js deleted C:\PROGRA~2\AskPartnerNetwork deleted C:\PROGRA~2\APN deleted C:\PROGRA~2\boost_interprocess deleted C:\Users\carla\AppData\Local\nsiDED2.tmp deleted C:\Users\carla\AppData\Local\CRE deleted C:\Users\carla\AppData\Local\CrashRpt deleted C:\Users\carla\Downloads\FreeYouTubeToMP3Converter.exe deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Windows\tasks\At1.job deleted C:\Users\carla\AppData\Roaming\Mozilla\Firefox\Profiles\8z9amukt.default\extensions\staged deleted C:\Users\carla\Desktop\NIS_19.0.0.128_SYMTB_SOFTONIC_LOEM_MRFTT_286_6555.exe deleted C:\Users\carla\Desktop\Softonic.lnk deleted "C:\DelFix.txt" deleted "C:\Users\carla\AppData\Local\ChromeHitoryDB" deleted "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe" deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll" deleted "C:\Program Files\AskPartnerNetwork" deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork" not deleted "C:\Program Files\AskPartnerNetwork\Toolbar" deleted "C:\Program Files\AskPartnerNetwork\Toolbar\Updater" deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork\Toolbar" not deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork\Toolbar\Updater" not deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\carla\AppData\Local\Temp ==== 2014-09-04 18:16:16 5285EAD8CA056BA6E53181F27E227244 549272 ----a-w- C:\Users\carla\AppData\Local\Temp\APNSetup.exe 2014-08-26 09:39:35 F56C9E0A0944C9C0AA17BB23530EBD32 26509312 ----a-w- C:\Users\carla\AppData\Local\Temp\Skype.msi 2014-08-23 17:38:42 FB5621842FDABF9F8359775573498FBC 605064 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\npGoogleUpdate3.dll 2014-08-23 17:38:42 C95CDDF65F9F8C9433AFF8F0A811375A 189320 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\psmachine_64.dll 2014-08-23 17:38:42 84180917AAB55EE4392C54E0E0BD4022 166792 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\psmachine.dll 2014-08-23 17:38:42 715CCB3F5EDA626198CCADC7AB8CE9A2 189320 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\psuser_64.dll 2014-08-23 17:38:42 3D58798BD1D1F96381C0B47CA859739D 166792 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\psuser.dll 2014-08-23 17:38:41 DEC1A40D0210FAD3BB67028B97F155A4 26112 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdateHelper.msi 2014-08-23 17:38:41 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdateBroker.exe 2014-08-23 17:38:41 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleCrashHandler64.exe 2014-08-23 17:38:41 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdateOnDemand.exe 2014-08-23 17:38:41 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdateSetup.exe 2014-08-23 17:38:41 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdateComRegisterShell64.exe 2014-08-23 17:38:41 77E585EDD4C7EB7AB2ACC36BC1DC32A5 1696648 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\goopdate.dll 2014-08-23 17:38:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleUpdate.exe 2014-08-23 17:38:41 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Users\carla\AppData\Local\Temp\{46C83197-C7A1-494E-8D7A-CFB97DA0F075}\GoogleCrashHandler.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-09-04 18:16:05 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-09-04 18:15:18 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-09-04 18:15:18 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-09-04 18:15:18 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe ====== C:\Windows\system32\drivers ===== 2014-08-12 13:20:04 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-08-12 13:19:49 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-08-12 13:19:49 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-08-12 13:19:49 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-26 09:40:48 -------- d-----w- C:\Program Files\Common Files\Skype 2014-08-12 08:06:42 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\carla\AppData\Roaming ====== 2014-09-04 18:19:07 -------- d-----w- C:\Users\carla\AppData\Local\AskPartnerNetwork ====== C:\Users\carla ====== 2014-09-04 18:36:48 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (4).exe 2014-09-04 18:13:00 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (3).exe 2014-09-04 18:12:16 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (2).exe 2014-09-04 18:10:47 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (1).exe 2014-09-04 18:09:59 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67.exe 2014-09-01 04:59:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\carla\Downloads\RSIT.exe 2014-08-26 09:39:08 82901D6179D63704B923B2CE1E8887C7 1677928 ----a-w- C:\Users\carla\Downloads\SkypeSetup (1).exe 2014-08-26 09:38:32 82901D6179D63704B923B2CE1E8887C7 1677928 ----a-w- C:\Users\carla\Downloads\SkypeSetup.exe 2014-08-23 17:39:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome ====== C: exe-files == 2014-09-04 18:36:48 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (4).exe 2014-09-04 18:32:57 D88AE1702447A9181581F9184D3C0F1F 1056448 ----a-w- C:\Users\carla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1LFJFAIC\install_flashplayer14x32axau_chra_dy_awa_aih[1].exe 2014-09-04 18:16:16 5285EAD8CA056BA6E53181F27E227244 549272 ----a-w- C:\Users\carla\AppData\Local\Temp\APNSetup.exe 2014-09-04 18:16:05 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-09-04 18:15:18 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-09-04 18:15:18 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-09-04 18:14:55 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-09-04 18:14:55 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-09-04 18:14:55 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-09-04 18:14:54 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-09-04 18:14:54 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-09-04 18:14:54 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-09-04 18:14:54 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-09-04 18:14:54 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-09-04 18:14:54 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-09-04 18:14:54 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-09-04 18:14:54 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-09-04 18:14:54 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-09-04 18:14:54 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-09-04 18:14:54 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-09-04 18:14:54 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-09-04 18:14:52 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-09-04 18:14:52 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-09-04 18:14:52 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-09-04 18:14:52 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-09-04 18:14:52 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-09-04 18:14:52 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-09-04 18:13:28 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\carla\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-09-04 18:13:00 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (3).exe 2014-09-04 18:12:16 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (2).exe 2014-09-04 18:10:47 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67 (1).exe 2014-09-04 18:09:59 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\carla\Downloads\chromeinstall-7u67.exe 2014-09-03 07:42:53 A715DD1F4D7894100FBA9153048FDE1B 62992 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avguirux.exe 2014-09-03 07:42:53 9B3A0BC81C174ADF77DC6869AC6BCDDD 15888 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgrdtestx.exe 2014-09-03 07:42:53 7556F0CCABAD60FA2F19165D6BBD92EA 62992 ----a-w- C:\Program Files\AVG\AVG2014\avguirux.exe 2014-09-03 07:42:53 4505C7EEC5B0FFA5C45A7450198CBCC0 6018176 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe 2014-09-03 07:42:53 23E082855C7B3552390F425153617767 6018176 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe 2014-09-03 07:42:53 0FED596E388C979A5E865CEBA466B927 15888 ----a-w- C:\Program Files\AVG\AVG2014\avgrdtestx.exe 2014-09-01 04:59:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\carla\Downloads\RSIT.exe === C: other files == 2014-09-04 18:14:55 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "DellSystemDetect"="C:\Users\carla\AppData\Local\Apps\2.0\2346X6O2.ME9\EH6N7LBK.ZZH\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" "Dell MFP Color Laser Printer 3115cn Launcher"="C:\Program Files\Dell Printers\Dell MFP Color Laser Printer 3115cn\Address Book Editor\Launcher.exe /s" "PaperPort PTD"="C:\Program Files\Dell Printers\paperport\pptd40nt.exe" "IndexSearch"="C:\Program Files\Dell Printers\paperport\IndexSearch.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "MSConfig"="C:\Windows\system32\msconfig.exe /auto" "ApnTBMon"="C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" "SunJavaUpdateSched"="C:\Program Files\Java\jre7\bin\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "DellSystemDetect"="C:\Users\carla\AppData\Local\Apps\2.0\2346X6O2.ME9\EH6N7LBK.ZZH\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\carla\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bluetooth HCI Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Bluetooth HCI Monitor" "hkey"="HKLM" "command"="RunDll32 HCIMNTR.DLL,RunCheckHCIMode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\D91EF1D092AE2C39F65B3DEE6096C8D05056BAEA._service_run] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="D91EF1D092AE2C39F65B3DEE6096C8D05056BAEA._service_run" "hkey"="HKCU" "command"="\"C:\\Users\\carla\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --type=service" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ECenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ECenter" "hkey"="HKLM" "command"="C:\\Dell\\E-Center\\EULALauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\carla\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAAnotif" "hkey"="HKLM" "command"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jswtrayutil] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jswtrayutil" "hkey"="HKLM" "command"="\"C:\\Program Files\\Wireless\\WPS\\jswtrayutil.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCplDaemon" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvMediaCenter" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMX Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMX Daemon" "hkey"="HKLM" "command"="ICO.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RoxWatchTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SigmatelSysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\SigmaTel\\C-Major Audio\\WDM\\sttray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VMonitorVMUVC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VMonitorVMUVC" "hkey"="HKLM" "command"="\"C:\\Program Files\\Vimicro Corporation\\VMUVC\\VMonitor.exe\" VMUVC" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\BTTray.lnk" "backup"="C:\\Windows\\pss\\BTTray.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="BTTray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^carla^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] "path"="C:\\Users\\carla\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Screen Clipper and Launcher.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Screen Clipper and Launcher.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Screen Clipper and Launcher" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Realtek11nSU] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04-09-2014 20:34] C:\Windows\tasks\G2MUpdateTask-S-1-5-21-529141160-3697808969-3365384195-1000.job --a------ C:\Users\carla\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [14-08-2014 07:09] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12-02-2010 15:21] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [12-02-2010 15:21] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-529141160-3697808969-3365384195-1000Core.job --a------ C:\Users\carla\AppData\Local\Google\Update\GoogleUpdate.exe [05-09-2013 21:40] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-529141160-3697808969-3365384195-1000UA.job --a------ C:\Users\carla\AppData\Local\Google\Update\GoogleUpdate.exe [05-09-2013 21:40] C:\Windows\tasks\User_Feed_Synchronization-{76253507-1608-4880-BCC1-42928305085A}.job --ah----- C:\Windows\system32\msfeedssync.exe [02-01-2010 06:56] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\G2MUpdateTask-S-1-5-21-529141160-3697808969-3365384195-1000" [C:\Users\carla\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-529141160-3697808969-3365384195-1000Core" [C:\Users\carla\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-529141160-3697808969-3365384195-1000UA" [C:\Users\carla\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\ScanSoft Background Update" [C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe] "C:\Windows\system32\tasks\Sun Microsystems-online actualiseringsprogramma" [C:\Program Files\Java\jre1.6.0\bin\jusched.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{76253507-1608-4880-BCC1-42928305085A}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [15-06-2013 13:51] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ==== Firefox Plugins ====================== Profilepath: C:\Users\carla\AppData\Roaming\Mozilla\Firefox\Profiles\8z9amukt.default 0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation AF98ECFCA95399CB7402C34E5E2967B6 - C:\Program Files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll - ABN AMRO e.dentifier2 Plug-in ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions clelpneigicmackibcbkigogpffkkflp - C:\Users\carla\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[29-11-2011 07:22] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions clelpneigicmackibcbkigogpffkkflp - C:\Users\carla\AppData\Local\CRE\clelpneigicmackibcbkigogpffkkflp.crx[] Just Pin It - carla\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe Skype Click to Call - carla\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - carla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\carla\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://google.com/", "startup_urls": [ "http://www.searchnu.com/406", "https://www.google.nl/", "http://search.gboxapp.com/", "http://nl.msn.com/?pc=UP97&ocid=UP97DHP" ], ==== Chrome Fix ====================== C:\Users\carla\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe deleted successfully C:\Users\carla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eokdcgmibpioegghefegkcdjcbiggefe_0.localstorage deleted successfully C:\Users\carla\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eokdcgmibpioegghefegkcdjcbiggefe_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11406&pf=V7&trgb=IE&p2=%5EBBE%5EOSJ000%5EYY%5ENL&gct=hp&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5ENL&apn_dbr=ie_8.0.6001.18882&apn_uid=1F1CDC26-64C3-4946-809A-3591B43FAC7F&itbv=12.15.5.30&doi=2014-09-04&psv=&pt=tb" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Start Page Redirect Cache"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully HKEY_USERS\S-1-5-21-529141160-3697808969-3365384195-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{D8278076-BC68-4484-9233-6E7F1628B56C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\clelpneigicmackibcbkigogpffkkflp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\clelpneigicmackibcbkigogpffkkflp deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D91EF1D092AE2C39F65B3DEE6096C8D05056BAEA._service_run deleted successfully ==== Empty IE Cache ====================== C:\Users\carla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\carla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\carla\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=981 folders=189 266225728 bytes) ==== Empty Temp Folders ====================== C:\Users\carla\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\carla\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\carla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\carla\AppData\Local\AskPartnerNetwork" not found ==== EOF on do 04-09-2014 at 21:22:22,06 ======================