Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Marjolein 2 on wo 03-12-2014 at 18:20:23,24. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Marjolein 2\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3-12-2014 18:22:36 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\bigdeal deleted successfully C:\Program Files\Electronic Arts deleted successfully C:\Program Files\Hewlett-Packard deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\MyFree Codec deleted successfully C:\Program Files\PC Connectivity Solution deleted successfully C:\Program Files\quickpick deleted successfully C:\Program Files\TomTom DesktopSuite deleted successfully C:\PROGRA~2\Roxio deleted successfully C:\Users\Marjolein 2\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Marjolein 2\AppData\Roaming\tmp deleted successfully C:\Users\Marjolein 2\AppData\Local\PokerStars.EU deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3290698457-3798265000-3269586619-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe} deleted successfully HKEY_USERS\S-1-5-21-3290698457-3798265000-3269586619-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe} deleted successfully HKEY_CLASSES_ROOT\CLSID\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update service deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d749adf-8f07-436e-9cc0-5e19c45a7dbe}] ==== Deleting Files \ Folders ====================== C:\Program Files\bigdeal not found C:\Program Files\bigdeal not found C:\ProgramData\bigdeal deleted C:\Program Files\Popcorn Time deleted C:\ProgramData\takeitcheap deleted C:\Windows\CheckSur deleted C:\ProgramData\f0bc5da444a3cf8 deleted C:\Program Files\VideoCnv deleted C:\Windows\WININIT.INI deleted "C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job" deleted "C:\Users\Marjolein 2\AppData\Roaming\SingleFiles" deleted "C:\Users\Marjolein 2\AppData\Roaming\Smooth Strings" deleted "C:\Users\Marjolein 2\AppData\Roaming\Solid Colors" deleted "C:\Users\Marjolein 2\AppData\Roaming\Sound Effects" deleted "C:\ProgramData\Sounds" deleted "C:\ProgramData\Soundtrack" deleted "C:\ProgramData\Space Choir" deleted "C:\ProgramData\Spacious" deleted "C:\ProgramData\String Comparison" deleted "C:\ProgramData\Strings" deleted "C:\ProgramData\SupportPrinters" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-19 14:09:57 670BAD40D232FBAA6D29A5FF6DF26E56 132 ----a-w- C:\Windows\hpntwksetup.ini ====== C:\Users\MARJOL~1\AppData\Local\Temp ==== ====== Java Cache ===== 2014-12-03 17:16:47 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-2e31b854 2014-12-03 17:16:36 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-56e8f6de 2014-12-03 17:16:36 4BB43C416F6803DA18AC3AD0CEA3752D 424 ----a-w- C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-12-03 17:16:35 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-389bd260 2014-12-03 17:16:37 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-76c13d4f ====== C:\Windows\system32 ===== 2014-12-03 17:11:47 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll ====== C:\Windows\system32\drivers ===== 2014-11-17 17:15:18 B9BB8E2093C1615AD6EA55AD96214354 27192 ----a-w- C:\Windows\System32\drivers\revoflt.sys ====== C:\Windows\Tasks ====== 2014-12-01 15:52:59 6B1B9B23CF8B9218187AEB0AC392EDD2 4050 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2014-12-01 15:52:58 AB8AA4087634A3C98CD7ED3F73D3793F 1050 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-01 15:52:58 759580666B7909ABD7AE489EE3584AFB 1054 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-01 15:52:58 3DA7AAA43FB4573AD4E9BBD3C9465603 3798 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-01 13:37:06 -------- d-----w- C:\Program Files\trend micro 2014-11-17 17:15:15 -------- d-----w- C:\Program Files\VS Revo Group ======= C: ===== ====== C:\Users\Marjolein 2\AppData\Roaming ====== 2014-12-01 11:26:52 -------- d-----w- C:\Users\Marjolein 2\AppData\Local\Deployment 2014-12-01 11:26:52 -------- d-----w- C:\Users\Marjolein 2\AppData\Local\Apps 2014-11-17 17:15:23 -------- d-----w- C:\Users\Marjolein 2\AppData\Local\VS Revo Group ====== C:\Users\Marjolein 2 ====== 2014-12-03 17:11:56 -------- d-----w- C:\ProgramData\Sun 2014-12-03 17:11:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-03 17:10:13 -------- d-----w- C:\ProgramData\Oracle 2014-12-03 17:08:31 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Marjolein 2\Downloads\chromeinstall-8u25.exe 2014-12-01 15:53:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-29 10:25:34 0F50E64617BF49D508332DE4F49A3B62 2188 ----a-w- C:\Users\Marjolein 2\.recently-used.xbel 2014-11-17 17:15:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-11-17 17:15:18 -------- d-----w- C:\ProgramData\VS Revo Group ====== C: exe-files == 2014-12-03 17:11:10 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-12-03 17:11:10 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-12-03 17:11:10 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-12-03 17:10:58 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2014-12-03 17:10:58 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2014-12-03 17:10:57 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2014-12-03 17:10:57 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2014-12-03 17:10:57 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2014-12-03 17:10:57 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2014-12-03 17:10:57 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2014-12-03 17:10:57 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-12-03 17:10:57 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2014-12-03 17:10:56 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2014-12-03 17:10:56 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2014-12-03 17:10:56 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2014-12-03 17:10:56 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-12-03 17:10:56 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2014-12-03 17:10:56 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2014-12-03 17:10:55 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2014-12-03 17:10:55 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2014-12-03 17:10:54 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2014-12-03 17:10:54 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2014-12-03 17:10:53 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2014-12-03 17:10:53 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2014-12-03 17:08:31 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Marjolein 2\Downloads\chromeinstall-8u25.exe 2014-12-01 16:00:25 7877D5EA7EB1994D6E9ABDC583CED9D7 659272 ----a-w- C:\Users\Marjolein 2\AppData\Local\Google\Chrome\User Data\SwReporter\1.4.1\software_reporter_tool.exe 2014-12-01 15:53:18 EB1482D0C28EA78549B936F06ACC4FDE 40749136 ----a-w- C:\Program Files\Google\Update\Install\{60A65332-D708-4990-8AC6-CD0D957057EC}\39.0.2171.71_chrome_installer.exe 2014-12-01 15:53:17 EB1482D0C28EA78549B936F06ACC4FDE 40749136 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.71\39.0.2171.71_chrome_installer.exe 2014-12-01 15:52:57 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-12-01 15:52:57 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-12-01 15:52:57 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-12-01 15:52:56 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2014-12-01 15:52:55 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-12-01 15:52:55 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-12-01 15:52:55 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-12-01 15:52:54 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-12-01 15:52:39 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Marjolein 2\AppData\Local\Apps\2.0\BMZOM255.YCE\25CXV9CJ.HQ7\inst...app_4fe91ede9f9bdca3_0001.0003_42ceeda68833d423\GoogleUpdateSetup.exe 2014-12-01 15:52:39 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Marjolein 2\AppData\Local\Apps\2.0\BMZOM255.YCE\25CXV9CJ.HQ7\clic...exe_4fe91ede9f9bdca3_0001.0003_none_b1328e123920ace1\GoogleUpdateSetup.exe 2014-12-01 15:52:39 0C03930EAEB2C336A067451192677F28 10120 ------w- C:\Users\Marjolein 2\AppData\Local\Apps\2.0\BMZOM255.YCE\25CXV9CJ.HQ7\inst...app_4fe91ede9f9bdca3_0001.0003_42ceeda68833d423\clickonce_bootstrap.exe 2014-12-01 13:37:07 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Marjolein 2.exe === C: other files == 2014-12-03 17:10:59 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-01 11:27:53 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Program Files\Google\Chrome(0)\Application\39.0.2171.71\default_apps\youtube.crx 2014-12-01 11:27:53 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Program Files\Google\Chrome(0)\Application\39.0.2171.71\default_apps\search.crx 2014-12-01 11:27:53 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Program Files\Google\Chrome(0)\Application\39.0.2171.71\default_apps\drive.crx 2014-12-01 11:27:53 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Program Files\Google\Chrome(0)\Application\39.0.2171.71\default_apps\gmail.crx 2014-12-01 11:27:52 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Program Files\Google\Chrome(0)\Application\39.0.2171.71\default_apps\docs.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3290698457-3798265000-3269586619-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" "GoogleChromeAutoLaunch_7DFE3841C6F28975BB90018004EC468D"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "SigmatelSysTrayApp"="%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe /AUTO" "GoogleChromeAutoLaunch_7DFE3841C6F28975BB90018004EC468D"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\DellTPad\\Apoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Broadcom Wireless Manager UI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Broadcom Wireless Manager UI" "hkey"="HKLM" "command"="C:\\Windows\\system32\\WLTRAY.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dellsupportcenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dellsupportcenter" "hkey"="HKLM" "command"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P dellsupportcenter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpqSRMon" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAAnotif" "hkey"="HKLM" "command"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LDM" "hkey"="HKCU" "command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OEM02Mon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OEM02Mon.exe" "hkey"="HKLM" "command"="C:\\Windows\\OEM02Mon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Digital Line Detect.lnk" "backup"="C:\\Windows\\pss\\Digital Line Detect.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe " "item"="Digital Line Detect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk" "backup"="C:\\Windows\\pss\\Logitech Desktop Messenger.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start" "item"="Logitech Desktop Messenger" ==== Startup Folders ====================== 2008-11-22 00:04:10 1835 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2008-11-22 00:04:10 1835 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2008-12-05 12:41:17 1815 ----a-w- C:\Users\Marjolein 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk 2008-11-21 23:45:04 1929 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28-11-2014 21:14] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [01-12-2014 16:52] C:\Windows\tasks\SystemToolsDailyTest.job --a------ C:\Program Files\Dell Support Center\uaclauncher.exe [21-06-2011 19:08] C:\Windows\tasks\User_Feed_Synchronization-{EF6D1AAB-E7FD-4BD7-B2A2-D469C4EF4089}.job --ah----- C:\Windows\system32\msfeedssync.exe [10-04-2011 12:52] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\PCDEventLauncher" ["C:\Program Files\Dell Support Center\sessionchecker.exe"] "C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask" [C:\Program Files\Dell Support Center\uaclauncher.exe] "C:\Windows\system32\tasks\SystemToolsDailyTest" [C:\Program Files\Dell Support Center\uaclauncher.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{EF6D1AAB-E7FD-4BD7-B2A2-D469C4EF4089}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa" [13-06-2011 11:52] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [06-03-2009 17:41] ==== Firefox Extensions ====================== ProfilePath: C:\Users\MARJOL~1\AppData\Roaming\TomTom\HOME\Profiles\zzwzlte0.default - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[08-02-2011 01:17] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[08-02-2011 01:17] Angry Birds - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj YouTube - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DivX HiQ - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae Cath Kidston - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm Google Wallet - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo> - Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.com/" "Default_Page_URL"="http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=6081122" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://google.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7DANL_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=9KA82H6MQIQVTSUQefdHfxGWZqY?q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{69A0B66D-A269-2650-E17A-94A72DB75929} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{22c5205d} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marjolein 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Marjolein 2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache is not empty, will be cleared at reboot ==== C:\zoek_backup content ====================== C:\zoek_backup (files=951 folders=273 350644850 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Marjolein 2\AppData\Local\Temp will be emptied at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MARJOL~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Marjolein 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Marjolein 2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18" not found ==== EOF on wo 03-12-2014 at 18:50:59,81 ======================