Zoek.exe v5.0.0.0 Updated 07-October-2014 Tool run by zon on vr 10-10-2014 at 9:10:48,73. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\zon\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10-10-2014 9:13:39 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\zon\AppData\Roaming\TP deleted successfully C:\Users\zon\AppData\Roaming\VMware deleted successfully C:\Users\zon\AppData\Local\BlueStacksSetup deleted successfully C:\Users\zon\AppData\Local\cache deleted successfully C:\Users\zon\AppData\Local\StormFall deleted successfully C:\Users\zon\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\edo9iv81.default user.js not found ---- Lines AdvanceElite removed from prefs.js ---- user_pref("extensions.AdvanceElite.aul", "1412004945366"); user_pref("extensions.AdvanceElite.irl", true); user_pref("extensions.AdvanceElite.is", "isgiwhNL"); user_pref("extensions.AdvanceElite.ug", "CA27DBBE-74FD-49DE-8FCB-B01A6ED0C622"); ---- Lines {25dd52dc-89a8-469d-9e8f-8d483095d1e8} removed from prefs.js ---- user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.daysPassed", "{\"t2d\":true}"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.installtime", "1412004927.261"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.is_bundle", "true"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.isFirstRun", "false"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.last_version", ""); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.lastC", "{\"sm\":392224,\"li\":392286,\"mo\":392286}"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.moEnabled", true); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.remEv", "1412263111065"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.server", "https://s7921.webovernet.com"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.src", "7921"); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.toolbarButtonInstalled", true); user_pref("{25dd52dc-89a8-469d-9e8f-8d483095d1e8}.user_id", "FCC437ED-DD62-4F0A-95E2-6BD39217C193"); ---- FireFox user.js and prefs.js backups ---- prefs_10-10-2014_0945_.backup ProfilePath: C:\Users\zon\AppData\Roaming\Thunderbird\Profiles\3c11p2af.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_10-10-2014_0945_.backup ProfilePath: C:\Users\zon\AppData\Roaming\TomTom\HOME\Profiles\1igl8jsr.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_10-10-2014_0945_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] ==== Deleting Files \ Folders ====================== C:\Users\zon\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z deleted C:\Users\zon\.android deleted C:\PROGRA~3\OberonGameConsole deleted C:\windows\SysNative\tasks\RocketTab deleted C:\windows\SysNative\tasks\RocketTab Update Task deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\edo9iv81.default\extensions\abs@avira.com deleted "C:\ProgramData\Pipe Organ" deleted "C:\ProgramData\Planets" deleted "C:\ProgramData\Plants" deleted "C:\PROGRA~2\RocketTab\Client.exe" deleted "C:\PROGRA~2\RocketTab" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\zon\AppData\Local\Temp ==== 2014-10-10 07:23:04 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite24127.dll 2014-10-10 07:06:05 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite63162.dll 2014-10-10 06:57:56 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite33323.dll 2014-10-10 06:35:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite21980.dll 2014-10-10 06:29:05 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite10518.dll 2014-10-09 23:22:11 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite41285.dll 2014-10-09 23:15:57 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite73705.dll 2014-10-09 13:23:02 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite43362.dll 2014-10-09 10:45:45 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite93835.dll 2014-10-09 07:52:23 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite28568.dll 2014-10-09 07:22:56 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite67109.dll 2014-10-09 07:08:11 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite98107.dll 2014-10-09 06:56:04 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite47268.dll 2014-10-09 06:45:13 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite96588.dll 2014-10-09 06:32:46 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite55941.dll 2014-10-09 05:32:05 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite96171.dll 2014-10-09 04:46:52 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite82878.dll 2014-10-09 04:40:18 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite64429.dll 2014-10-08 20:44:08 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite51198.dll 2014-10-08 19:39:30 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite37433.dll 2014-10-08 19:33:04 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite39136.dll 2014-10-08 11:57:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite84486.dll 2014-10-08 11:51:18 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite89994.dll 2014-10-08 05:21:00 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite56063.dll 2014-10-08 04:39:43 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite28607.dll 2014-10-08 04:33:14 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite65573.dll 2014-10-07 20:31:43 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite26229.dll 2014-10-07 20:25:53 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite50790.dll 2014-10-07 13:22:56 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite59134.dll 2014-10-07 12:48:46 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite36816.dll 2014-10-07 12:41:37 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite66079.dll 2014-10-07 04:36:56 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite14981.dll 2014-10-07 04:27:47 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite67084.dll 2014-10-06 19:23:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite85957.dll 2014-10-06 13:23:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite62171.dll 2014-10-06 10:22:39 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite80606.dll 2014-10-06 04:37:50 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite87589.dll 2014-10-06 04:30:59 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite36219.dll 2014-10-05 19:22:58 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite86018.dll 2014-10-05 14:59:47 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite27924.dll 2014-10-05 14:50:06 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite94335.dll 2014-10-04 05:08:57 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite74930.dll 2014-10-03 22:41:40 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite26937.dll 2014-10-03 13:23:11 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite48515.dll 2014-10-03 07:53:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite96680.dll 2014-10-03 07:22:51 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\zon\AppData\Local\Temp\System.Data.SQLite.dll 2014-09-29 16:25:34 BF375A90FE0B135395E20B0EB9190C11 572739 ----a-w- C:\Users\zon\AppData\Local\Temp\2818610.Uninstall\uninstaller.exe 2014-09-29 16:25:14 BF375A90FE0B135395E20B0EB9190C11 572739 ----a-w- C:\Users\zon\AppData\Local\Temp\2797987.Uninstall\uninstaller.exe 2014-09-29 15:33:24 24BCAF1BBB1F29E0245416B5D2873E46 5777584 ----a-w- C:\Users\zon\AppData\Local\Temp\optprosetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-01 01:28:29 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2014-09-29 16:41:39 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-01 01:28:29 8D46C7BCDF7FBAAC8666D6640ADA930E 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-09 07:02:27 3D17E06D001914B2155AA4BE7E260673 52816 ----a-w- C:\Windows\Sysnative\drivers\hcmon.sys 2014-10-09 07:02:26 415B167695C4B5960A13098622EF3D80 37680 ----a-w- C:\Windows\Sysnative\drivers\vmusb.sys 2014-10-02 10:26:09 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-10-02 10:25:42 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-10-02 10:25:42 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-10-02 10:25:42 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-09 16:09:38 -------- d-----w- C:\Program Files\trend micro 2014-10-09 07:01:57 -------- d-----w- C:\Program Files\VMware ======= C:\PROGRA~2 ===== 2014-10-09 07:01:57 -------- d-----w- C:\PROGRA~2\COMMON~1\VMware 2014-10-03 07:22:55 -------- d-----w- C:\PROGRA~2\RocketTab 2014-09-19 13:35:51 -------- d-----w- C:\PROGRA~2\COMMON~1\AVSMedia 2014-09-19 13:22:15 -------- d-----w- C:\PROGRA~2\Audacity ======= C: ===== ====== C:\Users\zon\AppData\Roaming ====== 2014-09-19 18:27:48 -------- d-----w- C:\Users\zon\AppData\Roaming\dvdcss 2014-09-19 18:24:44 -------- d-----w- C:\Users\zon\AppData\Roaming\CyberLink 2014-09-19 13:37:45 -------- d-----w- C:\Users\zon\AppData\Roaming\AVS4YOU 2014-09-19 13:22:46 -------- d-----w- C:\Users\zon\AppData\Roaming\Audacity ====== C:\Users\zon ====== 2014-10-09 16:08:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\zon\Downloads\RSITx64.exe 2014-10-09 07:02:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2014-10-02 10:24:44 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\zon\Downloads\mbam-setup-2.0.2.1012.exe 2014-10-01 08:29:01 03897B0B8CBEC90F31D1BC1F134914E5 259538401 ----a-w- C:\Users\zon\Downloads\osm_generic_windows(4).exe 2014-09-29 16:39:34 1B151CCE618BE06C22B55FD4B502B75E 1373475 ----a-w- C:\Users\zon\Downloads\adwcleaner_3.310.exe 2014-09-29 15:33:34 64CB169BB7CFAC115805B686CB1B2141 76880312 ----a-w- C:\Users\zon\Downloads\Gimp_Setup [1].exe 2014-09-29 15:32:29 2468EB0713797928F83B307F11C4FE09 786224 ----a-w- C:\Users\zon\Downloads\Gimp_Setup.exe 2014-09-19 18:24:44 -------- d-----w- C:\Users\Public\CyberLink 2014-09-19 13:37:55 -------- d-----w- C:\ProgramData\AVS4YOU ====== C: exe-files == 2014-10-09 16:09:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\zon.exe 2014-10-09 16:08:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\zon\Downloads\RSITx64.exe === C: other files == 2014-10-09 07:02:27 3D17E06D001914B2155AA4BE7E260673 52816 ----a-w- C:\Windows\System32\drivers\hcmon.sys 2014-10-09 07:02:26 415B167695C4B5960A13098622EF3D80 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Windows\CurrentVersion\Run] "VoipDiscount"="C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe -nosplash -minimized" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "VoipDiscount"="C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe -nosplash -minimized" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS WebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSMTray] "command"="C:\\Program Files (x86)\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe" "hkey"="HKLM" "item"="ADSMTray" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Camera ScreenSaver] "command"="C:\\Windows\\AsScrProlog.exe" "hkey"="HKLM" "item"="ASUS Camera ScreenSaver" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2010-08-05 23:25:36 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk 2010-08-05 23:21:01 2855 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06-08-2010 01:05] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06-08-2010 01:05] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe] "C:\Windows\SysNative\tasks\aviraSWU" [cscript.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\edo9iv81.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\zon\AppData\Roaming\Thunderbird\Profiles\3c11p2af.default - Wortliste von http:tkltrans.sf.net alte und neue deutsche Rechtschreibung - %ProfilePath%\extensions\de-DE-comb@dictionaries.addons.mozilla.org - Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - Diccionario de EspaolEspaa - %ProfilePath%\extensions\es-es@dictionaries.addons.mozilla.org - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - WebMail - %ProfilePath%\extensions\{3c8e8390-2cf6-11d9-9669-0800200c9a66}.xpi - WebMail - %ProfilePath%\extensions\{a6a33690-2c6a-11d9-9669-0800200c9a66}.xpi - Stationery - %ProfilePath%\extensions\{d0e38b3a-0d60-46bf-bf01-83d4ba041015}.xpi ProfilePath: C:\Users\zon\AppData\Roaming\TomTom\HOME\Profiles\1igl8jsr.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.7.903.9183@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\zon\AppData\Roaming\Mozilla\Firefox\Profiles\edo9iv81.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cojnmaaohncijldefpkpkkakjonfmgeb - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx[] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] Google Docs - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - zon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/" ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A18A516C-AA41-46A9-92DB-60208917E442} deleted successfully HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A18A516C-AA41-46A9-92DB-60208917E442} deleted successfully HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully HKEY_USERS\S-1-5-21-648035464-3342752320-20647198-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A18A516C-AA41-46A9-92DB-60208917E442} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A18A516C-AA41-46A9-92DB-60208917E442} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:49236;https=127.0.0.1:49236" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\zon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\zon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\zon\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\zon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=750 folders=92 26607354 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\zon\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\zon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\PROGRA~2\RocketTab" not found ==== EOF on vr 10-10-2014 at 10:28:27,24 ======================