Zoek.exe v5.0.0.0 Updated 08-September-2014 Tool run by Asus on ma 08-09-2014 at 18:10:56,64. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Asus\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\PROGRA~2\Astonsoft deleted successfully C:\PROGRA~2\Optimizer Pro deleted successfully C:\PROGRA~2\VS Revo Group deleted successfully C:\PROGRA~3\374311380 deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\FLEXnet deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{52AC600B-5800-407E-99FF-83CD0669760B} deleted successfully C:\Users\Asus\AppData\Local\Conduit deleted successfully C:\Users\Asus\AppData\Local\PackageAware deleted successfully C:\Users\Asus\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-206591823-4190339796-2464555395-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-206591823-4190339796-2464555395-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-206591823-4190339796-2464555395-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\374311380 not found C:\PROGRA~3\{52AC600B-5800-407E-99FF-83CD0669760B} not found C:\ProgramData\Performance Optimizer deleted C:\PROGRA~2\SopCast deleted C:\PROGRA~2\SearchProtect deleted C:\PROGRA~2\Conduit deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\Uniblue\DriverScanner deleted C:\PROGRA~3\Uniblue deleted C:\PROGRA~3\Package Cache deleted C:\Users\Asus\AppData\Local\Ilivid Player deleted C:\Users\Asus\AppData\Local\CRE deleted C:\Users\Asus\AppData\Local\SearchProtect deleted C:\Users\Asus\AppData\LocalLow\boost_interprocess deleted C:\Users\Asus\AppData\LocalLow\DataMngr deleted C:\Users\Asus\AppData\LocalLow\Conduit deleted C:\Users\Asus\AppData\LocalLow\Toolbar4 deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Asus\Documents\Optimizer Pro deleted "C:\Users\Asus\AppData\Local\{2FC54B58-1881-44E8-A3CD-38996192FD71}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Asus\AppData\Local\Temp ==== 2014-09-08 16:04:46 D11FB7A5078631BE2E183DC56FCD5375 43008 ----a-w- C:\Users\Asus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_auixs.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-27 17:59:36 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2014-08-27 17:48:04 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2014-08-27 17:48:04 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2014-08-27 17:48:04 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\SysWOW64\wups.dll 2014-08-27 17:47:42 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2014-08-27 17:47:42 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\SysWOW64\wuwebv.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-27 17:59:38 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-08-27 17:59:37 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2014-08-27 17:48:20 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2014-08-27 17:48:20 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\Windows\Sysnative\wups2.dll 2014-08-27 17:48:20 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\Windows\Sysnative\wucltux.dll 2014-08-27 17:48:19 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2014-08-27 17:48:04 7EC6617005F76714C7E16605E7A8AB06 38880 ----a-w- C:\Windows\Sysnative\wups.dll 2014-08-27 17:48:04 1180B5ADFB507258DA10F51B46681A33 97792 ----a-w- C:\Windows\Sysnative\wudriver.dll 2014-08-27 17:48:04 0DB2758CF1BAFE22E0970FDA0785B74C 700384 ----a-w- C:\Windows\Sysnative\wuapi.dll 2014-08-27 17:47:42 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2014-08-27 17:47:42 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe ====== C:\Windows\Sysnative\drivers ===== 2014-08-15 16:20:34 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-07 16:56:53 -------- d-----w- C:\Program Files\trend micro 2014-09-07 14:03:21 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2014-08-18 17:23:56 -------- d-----w- C:\PROGRA~2\Plex ======= C: ===== ====== C:\Users\Asus\AppData\Roaming ====== 2014-09-08 16:06:38 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER620D.tmp.secure.hdmp 2014-09-08 16:06:38 40C1B1F151408E2CA306748355955F74 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER620C.tmp.WERInternalMetadata.xml 2014-09-07 17:03:04 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERAE1A.tmp.secure.hdmp 2014-09-07 17:03:04 86AAF6E93492B614761FA2A97543A422 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERAE09.tmp.WERInternalMetadata.xml 2014-09-07 16:57:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER8F35.tmp.secure.hdmp 2014-09-07 16:57:24 86AAF6E93492B614761FA2A97543A422 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER8F24.tmp.WERInternalMetadata.xml 2014-09-07 16:42:51 86AAF6E93492B614761FA2A97543A422 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA2E3.tmp.WERInternalMetadata.xml 2014-09-07 16:42:51 5DD340A1BD3276A2BA4207C03F03F282 1707950 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA2F3.tmp.secure.hdmp 2014-09-07 16:07:17 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER34E5.tmp.secure.hdmp 2014-09-07 16:07:17 6ABED5F4A22D75AD78B141D1F837D4E2 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER34D5.tmp.WERInternalMetadata.xml 2014-09-07 15:53:39 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA582.tmp.secure.hdmp 2014-09-07 15:53:39 769754FD4036BC6369369BC609C76D19 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA572.tmp.WERInternalMetadata.xml 2014-09-07 15:24:10 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERAA43.tmp.secure.hdmp 2014-09-07 15:24:10 6ABED5F4A22D75AD78B141D1F837D4E2 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERAA33.tmp.WERInternalMetadata.xml 2014-09-07 15:03:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER92EC.tmp.secure.hdmp 2014-09-07 15:03:31 769754FD4036BC6369369BC609C76D19 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER92EB.tmp.WERInternalMetadata.xml 2014-09-07 14:46:56 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERCE37.tmp.secure.hdmp 2014-09-07 14:46:56 40C1B1F151408E2CA306748355955F74 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERCE36.tmp.WERInternalMetadata.xml 2014-09-07 14:30:40 F9B41D1F2BE953A3DF32673F1BB03787 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERD01A.tmp.WERInternalMetadata.xml 2014-09-07 14:30:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERD01B.tmp.secure.hdmp 2014-09-07 14:18:12 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER5937.tmp.secure.hdmp 2014-09-07 14:18:12 769754FD4036BC6369369BC609C76D19 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER5936.tmp.WERInternalMetadata.xml 2014-09-07 14:04:27 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERBCBA.tmp.secure.hdmp 2014-09-07 14:04:27 86AAF6E93492B614761FA2A97543A422 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERBCA9.tmp.WERInternalMetadata.xml 2014-09-07 13:58:42 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER8372.tmp.secure.hdmp 2014-09-07 13:58:42 86AAF6E93492B614761FA2A97543A422 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER8361.tmp.WERInternalMetadata.xml 2014-09-07 13:52:44 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA573.tmp.secure.hdmp 2014-09-07 13:52:44 132D775154BEB8551DD7844F1B78ED89 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA562.tmp.WERInternalMetadata.xml 2014-09-07 08:12:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER7510.tmp.secure.hdmp 2014-09-07 08:12:13 132D775154BEB8551DD7844F1B78ED89 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER7500.tmp.WERInternalMetadata.xml 2014-09-07 08:01:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER7FF9.tmp.secure.hdmp 2014-09-07 08:01:11 132D775154BEB8551DD7844F1B78ED89 3652 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER7FF8.tmp.WERInternalMetadata.xml 2014-09-06 23:19:05 F882B4002E1F76F3CABF503A15E5594C 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER9FF6.tmp.WERInternalMetadata.xml 2014-09-06 23:19:05 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WER9FF7.tmp.secure.hdmp 2014-09-06 23:06:20 BC20185D3D9DD31B200AC9FD26837951 1423994 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA46A.tmp.secure.hdmp 2014-09-06 23:06:20 769754FD4036BC6369369BC609C76D19 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA459.tmp.WERInternalMetadata.xml 2014-09-06 22:39:08 E34057362FD915528309B649E77310DB 8774 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA94A.tmp.secure.hdmp 2014-09-06 22:39:07 5BDA9A5C3E939561AE1D6B6078E93431 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WERA929.tmp.WERInternalMetadata.xml 2014-09-06 22:29:15 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WEREEE1.tmp.secure.hdmp 2014-09-06 22:29:15 769754FD4036BC6369369BC609C76D19 3650 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WEREED0.tmp.WERInternalMetadata.xml 2014-09-02 20:06:24 -------- d-----w- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hema Fotoalbum 2014-08-23 18:10:27 -------- d-----w- C:\Users\Asus\AppData\Local\Conexant 2014-08-18 17:24:44 -------- d-----w- C:\Users\Asus\AppData\Local\Plex Media Server ====== C:\Users\Asus ====== 2014-09-07 16:55:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Asus\Downloads\RSITx64.exe 2014-09-07 16:48:33 CB7D21F3024496102D23260818102716 20480 ----a-w- C:\Users\Asus\Desktop\DaS_21.exe 2014-09-07 15:53:11 CB7D21F3024496102D23260818102716 20480 ----a-w- C:\Users\Asus\Downloads\DaS_21.exe 2014-09-07 15:51:54 B603BF2F77768CE9C202422FE2DCBB6E 26765312 ----a-w- C:\Users\Asus\Downloads\TomTomMySportsConnectInstaller.exe 2014-09-07 14:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-06 22:49:01 56D505170804758FE5AA9784B3271C08 118095616 ----a-w- C:\Users\Asus\Downloads\msert.exe 2014-08-23 18:10:30 -------- d-----w- C:\ProgramData\Conexant 2014-08-18 17:24:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2014-08-16 16:07:43 -------- d-----w- C:\ProgramData\Steam ====== C: exe-files == 2014-09-07 16:56:54 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Asus.exe 2014-09-07 16:55:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Asus\Downloads\RSITx64.exe 2014-09-07 16:48:33 CB7D21F3024496102D23260818102716 20480 ----a-w- C:\Users\Asus\Desktop\DaS_21.exe 2014-09-07 15:53:11 CB7D21F3024496102D23260818102716 20480 ----a-w- C:\Users\Asus\Downloads\DaS_21.exe 2014-09-07 15:51:54 B603BF2F77768CE9C202422FE2DCBB6E 26765312 ----a-w- C:\Users\Asus\Downloads\TomTomMySportsConnectInstaller.exe 2014-09-06 22:49:01 56D505170804758FE5AA9784B3271C08 118095616 ----a-w- C:\Users\Asus\Downloads\msert.exe 2014-09-02 20:06:23 76D4CC2398BBD9E305C0EEACB74104D6 5323816 ----a-w- C:\Users\Asus\AppData\Local\Hema Fotoalbum\apc.exe 2014-09-02 20:06:23 30B39F21F1B121DB4B77FC29DA71F661 1184469 ----a-w- C:\Users\Asus\AppData\Local\Hema Fotoalbum\unins000.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-206591823-4190339796-2464555395-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TomTom MySports Connect.exe"="C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTom MySports Connect.exe"="C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\perfor~1\\perfor~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t" "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "EeeStorageBackup"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSMTray] "command"="C:\\Program Files (x86)\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe" "hkey"="HKLM" "item"="ADSMTray" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avast! Antivirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BFE] ==== Startup Folders ====================== 2014-09-07 15:29:36 1051 ----a-w- C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-09-07 15:29:36 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk 2014-09-07 15:29:36 2432 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk 2014-09-07 15:29:36 2855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [30-07-2014 09:57] C:\Windows\tasks\Google Software Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-05-2010 12:30] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-05-2010 12:30] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Ad-Aware Update (Weekly)" [C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Google Software Updater" [C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\P4G\IntlCtrl.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5CF96ED8-4370-441F-9B4F-692201C9FBDC}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\SysNative\tasks\{C3E925C4-40E1-4B7D-9469-C888485EECE9}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [30-07-2014 09:52] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx[04-08-2014 21:20] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[30-07-2014 09:51] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Asus\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Asus\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] Angry Birds - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj Google Cast - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd avast SafePrice - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck avast Online Security - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Greyscale - Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm ==== Chromium Startpages ====================== C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.nl/", "startup_urls": [ "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC840F4B3-9F19-4933-85D4-85D72ECC7352" ], ==== Chrome Fix ====================== C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC840F4B3-9F19-4933-85D4-85D72ECC7352" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search/?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7GPCK_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=s4DKkPh8KNUXH82jnZn92t0AXTc?q={searchTerms}" {EBE5398C-AB5D-4C0C-8BF0-7A9BF92987D6} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=" {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} Winamp Search Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player2.0.25 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Asus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=192 folders=68 77659050 bytes) ==== Empty Temp Folders ====================== C:\Users\Asus\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Asus\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 08-09-2014 at 18:32:35,20 ======================