Zoek.exe v5.0.0.0 Updated 21-December-2014 Tool run by Susan on ma 22-12-2014 at 15:13:34,29. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Susan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-12-2014 15:15:18 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D5B35B1F-901D-45F9-80FD-148BC245A095} deleted successfully HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD0DD2E3-0E18-44A9-8D7A-020AC304E345} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default user.js not found ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.dfltSrch", true); user_pref("extensions.Softonic.dnsErr", true); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.ffxUnstlRst", false); user_pref("extensions.Softonic.hmpg", true); user_pref("extensions.Softonic.hmpgUrl", "http://search.softonic.com/MOY00054/tb_v1?SearchSource=13&cc="); user_pref("extensions.Softonic.hpOld0", "www.igoogle.com"); user_pref("extensions.Softonic.id", "3c8f4e24000000000000000df087aec5"); user_pref("extensions.Softonic.instlDay", "15800"); user_pref("extensions.Softonic.instlRef", "MOY00054"); user_pref("extensions.Softonic.kw_url", "http://search.softonic.com/MOY00054/tb_v1?SearchSource=2&cc=&q="); user_pref("extensions.Softonic.newTab", true); user_pref("extensions.Softonic.newTabUrl", "http://search.softonic.com/MOY00054/tb_v1?SearchSource=15&cc="); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrt", "false"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MOY00054/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.8.16.10"); user_pref("extensions.Softonic.vrsnTs", "1.8.16.1019:34:17"); user_pref("extensions.Softonic.vrsni", "1.8.16.10"); ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "3c8f4e24000000000000000df087aec5"); user_pref("extensions.delta.instlDay", "15905"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.521:38:23"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4948"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines incredibar removed from prefs.js ---- user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.did", "10643"); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.id", "3c8f4e24000000000000000df087aec5"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.instlDay", "15447"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.ppd", "1"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8qdngwtA&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.upn2", "6R8qdngwtA"); user_pref("extensions.incredibar_i.upn2n", "92824206850076282"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:13:39"); ---- Lines mysearchdial removed from prefs.js ---- user_pref("extensions.mysearchdial.aflt", "irmsd62"); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D0Tzu0SyDtBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1Qy user_pref("extensions.mysearchdial.cr", "1461501130"); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D0Tzu user_pref("extensions.mysearchdial.id", "C80AA9AB79404E24"); user_pref("extensions.mysearchdial.instlDay", "15862"); user_pref("extensions.mysearchdial.instlRef", ""); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D0T user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D user_pref("extensions.mysearchdial.vrsn", ""); user_pref("extensions.mysearchdial.vrsni", ""); user_pref("extensions.mysearchdial_i.hmpg", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial_i.vrsnTs", "19:8:37"); ---- Lines irmysearch removed from prefs.js ---- user_pref("extensions.irmysearch.aflt", "irmsd62"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D0Tzu0SyDtBtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCt user_pref("extensions.irmysearch.cr", "1461501130"); user_pref("extensions.irmysearch.instlRef", ""); ---- Lines search.net removed from prefs.js ---- user_pref("browser.search.order.1", "default-search.net"); user_pref("keyword.URL", "http://www.default-search.net/search?sid=476&aid=134&itype=n&ver=13531&tm=427&src=ds&p="); ---- FireFox user.js and prefs.js backups ---- prefs_22-12-2014_1530_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611091100}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\HD+V1.0 not found C:\Program Files (x86)\globalUpdate not found C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} not found C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} not found C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-1.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-11.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-3.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-4.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-5.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-5_user.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-6.job" not found "C:\Windows\tasks\69292938-2d26-4bd9-a091-99576ab8366a-7.job" not found "C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job" not found "C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job" not found "C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\searchplugins\default-search.xml" not found "C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\searchplugins\MyStart Search.xml" not found "C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\searchplugins\softonic.xml" not found C:\PROGRA~3\DivX deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted C:\PROGRA~2\Microsoft Touch Pack for Windows 7 deleted C:\PROGRA~2\BitLord 1.2 deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\Orbitdownloader deleted C:\Users\Susan\AppData\Roaming\FirefoxToolbar deleted C:\Users\Susan\AppData\Roaming\BitLord deleted C:\Users\Susan\AppData\Roaming\mysearchdial deleted C:\Users\Susan\AppData\Roaming\Babylon deleted C:\Users\Susan\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\PROGRA~3\Package Cache deleted C:\Users\Susan\AppData\Local\Ilivid Player deleted C:\Users\Susan\AppData\Local\globalUpdate deleted C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Susan\AppData\LocalLow\Softonic deleted C:\Users\Susan\AppData\LocalLow\DataMngr deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Susan\Documents\BitLord deleted C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\Invalidprefs.js deleted C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\extensions\staged deleted "C:\Windows\Installer\23febc5.msi" deleted "C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default\searchplugins\Vosteran.xml" deleted "C:\PROGRA~3\boost_interprocess\598AF1DFD61DD001\BACKUP_FP_MUTEX" deleted "C:\PROGRA~3\boost_interprocess" not deleted "C:\PROGRA~3\boost_interprocess\598AF1DFD61DD001" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Susan\AppData\Local\Temp ==== 2014-12-21 21:40:04 15BBCDB456EDD67CE8918D1E135E0EFF 62890496 ----a-w- C:\Users\Susan\AppData\Local\Temp\is360511915\32DE6A67_stp.MSI 2014-12-21 20:36:28 9332F704DD433031C68F3C9BE63715D5 291880 ----a-w- C:\Users\Susan\AppData\Local\Temp\smt_mystartsearch.exe 2014-12-21 20:35:47 C0157AD57D34D1D608ADEA523B228266 59904 ----a-w- C:\Users\Susan\AppData\Local\Temp\bitool.dll 2014-12-21 18:48:05 800681D661F0073C5936419180841680 1173528 ----a-w- C:\Users\Susan\AppData\Local\Temp\uninstall.exe 2014-12-21 12:19:52 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\Susan\AppData\Local\Temp\sfamcc00001.dll 2014-12-21 12:19:52 51151D3AD8DA0DFA0E7A681AA2FF8870 158720 ----a-w- C:\Users\Susan\AppData\Local\Temp\sfareca00001.dll 2014-12-20 16:03:17 FAED966036811608ED22B6976A44C2E1 1202976 ----a-w- C:\Users\Susan\AppData\Local\Temp\com.nvidia\NVIDIA GPU_Reader\1.3.7\GPU_Reader.dll 2014-12-20 12:05:33 B9F9541171DEB1C17F00D7BFBBDBB94F 71024 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\RegKey64Bit.dll 2014-12-20 12:05:33 B77D9912B2AEBDCB70339C7C63EA4DAA 103720 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\TaskScheduler.exe 2014-12-20 12:05:33 B45E9FE017F400F32DDDF07AD97C7DBF 77824 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\Helper.dll 2014-12-20 12:05:33 A1EA9600AA75531F502414BC208E32C8 867080 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\UNO.dll 2014-12-20 12:05:33 7C438F64F2E10AA42DCBB448BBF9E842 118272 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\Rpc2.dll 2014-12-20 12:05:33 79D1C55BB14737E7AF6D9ACC4CA51118 167688 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\CLScan.dll 2014-12-20 12:05:33 6AD27A8648DB6D2CB9646E3AC20C34A1 38184 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\GetSTime.dll 2014-12-20 12:05:33 405AD0E91FCD7CDEFE9ADBD72C0CDD78 71024 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\GetDXVer.dll 2014-12-20 12:05:33 2A1A38303FAE0559E3885DA8487F8918 1565960 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\HwCtrlMgr.dll 2014-12-20 12:05:33 27D4BCC325306B1415A89DE550528E04 94720 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\MsiZap.exe 2014-12-20 12:05:33 05E7F12C5CC788CE4A3ABB65E174CC47 42280 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\PostBuild.exe 2014-12-20 12:05:23 1D461686B0E32F2DECB587C895A05402 120240 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\ISBEW64.exe 2014-12-20 12:05:22 EDDAD4BC2B7E8C423DEB9F2711FE653B 208304 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\ISRT.dll 2014-12-20 12:05:22 6B53E3D00F976B6FCDE02B33B6592346 311296 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\setup.exe 2014-12-20 12:05:22 1567EE6F246A364BB407BC079C1B78D8 98816 ----a-w- C:\Users\Susan\AppData\Local\Temp\{CCB1FB60-4C9E-4E9E-BC19-4539E24419AC}\_isres.dll 2014-12-20 12:04:56 FFD49C51DDE6FDE37C9949BC6DE0EF46 2584848 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\Setup\Utility\Smartsound\WindowsInstaller-KB893803-x86.exe 2014-12-20 12:04:56 D42D15D37051A5C064AD3C0600173258 1848624 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\Setup\Utility\Smartsound\ISSetup.dll 2014-12-20 12:04:56 C51352F7C87AF30C33C6214F932DEA36 180208 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\SKUtil2008.dll 2014-12-20 12:04:56 6ACE15CAD7D16392648890E8DBA74F5E 1186872 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\Setup\Utility\Smartsound\setup.exe 2014-12-20 12:04:56 661C24C6324F1999A61A9EC434C5E573 6592512 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\Setup\Utility\Smartsound\SmartSound Quicktracks 5.msi 2014-12-20 12:04:56 4903476F8C732134810C08EDB230C858 164848 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\SKUtil.dll 2014-12-20 12:04:56 0F97A8387D755D6A0081210EC8C4AF17 320496 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\Setup.exe 2014-12-20 12:04:44 DE1FC642F4C7B80B4DAA2B0ADD5C0BEC 342412 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\PowerDirector 13 Content Pack Essential.msi 2014-12-20 12:04:24 795DBC9AB3AA0A7041EBD678DF4FFE8B 5093320 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\ISSetup.dll 2014-12-20 11:59:42 7ED8309941FA7CCF969A8D6A4E8C60E9 947712 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\7z.dll 2014-12-20 11:59:42 7717BD4A56D6F86F808E704FA71E163D 187904 ----a-w- C:\Users\Susan\AppData\Local\Temp\RarSFX1\7z.exe ====== Java Cache ===== 2014-12-21 16:21:12 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-73f1a9c2 2014-12-20 16:02:56 3D53D882A1C2C0C6E5492CD1940CBEFB 453 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\197a0b11-f573e69f2388dbadee5e7243329f089645079ea65589e99c30074255f8855ab6-6.0.lap 2014-12-21 16:21:09 65AF56CD1DDAEFA8B0EEDE80B5A4CEBF 424 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-12-21 16:27:56 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-4f0d782c 2014-12-20 16:08:15 92A9A2D4A4A19FCAD211C3E59A8D3D8A 7343 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7e17e25e-23c0cc76 2014-12-21 16:21:09 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-630d3d88 2014-12-20 16:08:15 14B33B2B94DB955990459293FC1C7220 807 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\66c84eb3-6f170900 2014-12-20 16:08:19 6707E6C4520AA530CCFBEF6EE8CC4AA7 414390 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\3bbe1039-79f3d2b3 2014-12-20 16:08:15 C8F40408D73F14765E2953D6B0F64B32 722 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2666ee86-31569711 2014-12-20 16:02:20 C356D66CE6462884835D937E4BCC5757 474 ----a-w- C:\Users\Susan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2666ee86-9741a20189fb94b70bc887793603abe92ed27ae9c22405809d79870e5f9049dd-6.0.lap ====== C:\Windows\SysWOW64 ===== 2014-12-21 16:27:33 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-21 12:19:12 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\Windows\SysWOW64\initdebug.nfo 2014-12-18 15:10:09 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 20:52:12 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-12-10 08:43:55 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 08:43:51 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 08:43:51 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-12-10 08:43:51 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 08:43:50 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 08:43:50 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-12-10 08:43:50 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 08:43:49 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 08:43:49 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 08:43:49 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 08:43:49 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-12-10 08:43:48 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-12-10 08:43:48 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 08:43:47 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 08:43:47 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-12-10 08:43:46 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 08:43:46 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-12-10 08:43:46 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-12-10 08:43:46 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 08:43:46 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 08:43:45 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 08:43:44 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-12-10 08:43:44 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-12-10 08:43:44 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-12-10 08:43:44 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-12-10 08:43:44 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 08:43:19 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 08:43:18 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 08:43:18 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 08:43:18 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-10 08:43:18 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 08:43:18 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 08:43:14 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-21 18:48:05 1BF9F313DEC17AB48C875479BA3418CD 3314 ----a-w- C:\Windows\Sysnative\adorage-protocol.txt 2014-12-20 11:55:58 0225FC6F0D91F84B44CE252487D8D725 607256 ----a-w- C:\Windows\Sysnative\prodad-codec.dll 2014-12-20 11:55:56 2095A7D3E556CB498BCEECFF47E76B23 375832 ----a-w- C:\Windows\Sysnative\proDAD-PA-Support.dll 2014-12-18 15:10:09 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-12-10 20:52:11 6E1DDE0E72FB8268F42F6777CE4C5036 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2014-12-10 08:44:04 F0356290BA3940F31AFF5566501495F7 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-12-10 08:44:04 E00981CF227CEEBE7B5A8D99C76D1116 741376 ----a-w- C:\Windows\Sysnative\invagent.dll 2014-12-10 08:44:04 DAF13A81A5FC895D68B1D9A72F65F4CB 413184 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-12-10 08:44:04 D257AF48934D2167BE15AA4008176381 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-12-10 08:44:04 985558125FEEC89AB4AD142158B066D7 830976 ----a-w- C:\Windows\Sysnative\appraiser.dll 2014-12-10 08:44:04 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2014-12-10 08:44:04 4253086737D81D7C9C160FDE6C037F44 396800 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-12-10 08:44:03 5CD6E919CE938A98AB25A2EA2C8C4EDA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-12-10 08:43:55 A9A0BFD706B3A24C403EEFEB0790D011 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2014-12-10 08:43:51 D471F7A428C21DB04D810445D12D68E0 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-12-10 08:43:51 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-12-10 08:43:51 077AEB068A51B396F25BBCAB0944FC3A 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-12-10 08:43:50 F987718A5CA053DC23E94A531F1754A4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-12-10 08:43:50 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-12-10 08:43:49 9F07E8FC75C5F98A783ABFD3005EFC22 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-12-10 08:43:47 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-12-10 08:43:47 B4E481E9498CE22113628C4E9EA24427 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-12-10 08:43:47 5BF0BAA1E5EF724287565E97C9219254 389296 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-12-10 08:43:46 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-12-10 08:43:46 23AE7A3B44D5C550B81347288CE3230E 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-12-10 08:43:46 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-12-10 08:43:46 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-12-10 08:43:45 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-12-10 08:43:45 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-12-10 08:43:45 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-12-10 08:43:44 F7CCA58B973FB5EAED8D1F12DD3E51F6 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-12-10 08:43:44 DFECAE6D925FBC9078870E16F98C471F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-12-10 08:43:44 8EF01E2EF21D41A23FF70B28179F9ABE 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-12-10 08:43:43 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-12-10 08:43:43 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-12-10 08:43:43 7AC115968B8856004920057B2271224C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-12-10 08:43:43 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-12-10 08:43:43 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-12-10 08:43:43 021DFF3CB0ADCD19B3AAA00A650FDEE2 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-12-10 08:43:42 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-12-10 08:43:42 89296EF4A3729A049DA25B7D67A04078 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-12-10 08:43:42 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-12-10 08:43:42 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-12-10 08:43:19 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\Windows\Sysnative\WsmSvc.dll 2014-12-10 08:43:19 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll 2014-12-10 08:43:19 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\Sysnative\WSManHTTPConfig.exe 2014-12-10 08:43:18 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\Windows\Sysnative\WSManMigrationPlugin.dll 2014-12-10 08:43:18 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\Windows\Sysnative\WsmAuto.dll 2014-12-10 08:43:18 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\Sysnative\charmap.exe 2014-12-10 08:43:14 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-10 08:43:54 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-21 12:25:15 0359B4D4D104DBCE00745E2626E6CCFB 3264 ----a-w- C:\Windows\Sysnative\Tasks\{71A23BCA-FF4D-41DD-9C23-22E945A34BFA} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-21 19:12:30 -------- d-----w- C:\Program Files\KPN Back-up Online 2014-12-21 14:21:02 -------- d-----w- C:\Program Files\trend micro 2014-12-20 11:55:56 -------- d-----w- C:\Program Files\proDAD 2014-12-20 11:54:53 -------- d-----w- C:\Program Files\Common Files\NewBlue 2014-12-20 11:54:43 -------- d-----w- C:\Program Files\NewBlue ======= C:\PROGRA~2 ===== 2014-12-21 20:36:19 -------- d-----w- C:\PROGRA~2\ExtractNow 2014-12-21 16:27:44 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-12-21 16:27:04 -------- d-----w- C:\PROGRA~2\Java 2014-12-20 11:54:43 -------- d-----w- C:\PROGRA~2\COMMON~1\NewBlue 2014-12-20 11:54:29 -------- d-----w- C:\PROGRA~2\NewBlue 2014-12-20 11:54:19 -------- d-----w- C:\PROGRA~2\NSIS Uninstall Information ======= C: ===== ====== C:\Users\Susan\AppData\Roaming ====== 2014-12-22 11:04:04 -------- d-----r- C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2014-12-20 11:55:59 -------- d-----w- C:\Users\Susan\AppData\Roaming\proDAD 2014-11-29 09:32:00 -------- d-----w- C:\Users\Susan\AppData\Roaming\Pavtube ====== C:\Users\Susan ====== 2014-12-21 21:41:08 -------- d-----w- C:\ProgramData\WinZip 2014-12-21 20:35:40 F767C1391B51961968AEC7DC1E207EB1 2027744 ----a-w- C:\Users\Susan\Downloads\extractnow(1).exe 2014-12-21 20:29:41 FF28BF2B44BD5A2953FB6562A7E6C89D 231920 ----a-w- C:\Users\Susan\Downloads\extractnow.exe 2014-12-21 19:12:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN 2014-12-21 16:27:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-21 12:19:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-12-21 08:42:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-12-20 13:21:26 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 5 2014-12-20 11:58:16 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 2014-12-20 11:55:56 -------- d-----w- C:\ProgramData\proDAD 2014-12-20 11:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue 2014-12-20 11:54:21 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 13 2014-12-20 11:45:32 -------- d-----w- C:\ProgramData\SUPPORTDIR 2014-12-20 11:45:32 -------- d-----w- C:\ProgramData\install_clap 2014-12-06 19:41:16 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Susan\.recently-used.xbel ====== C: exe-files == 2014-12-21 19:12:37 0E930E13F48C99866E4CDC316C519CF0 707664 ----a-w- C:\Program Files\KPN Back-up Online\vddk\mount\vmware-mount.exe 2014-12-21 19:12:37 020EB5840D6A19B84218D879929CC8D5 1585232 ----a-w- C:\Program Files\KPN Back-up Online\vddk\vmware-vdiskmanager.exe 2014-12-21 19:12:32 EE53F6BFE504D2F7E8B23752BD6B5085 46233904 ----a-w- C:\Program Files\KPN Back-up Online\ClientTool.exe 2014-12-21 19:12:32 05B9CEEE33F86200CB6909E04BF3261B 4869936 ----a-w- C:\Program Files\KPN Back-up Online\xtrabackup.exe 2014-12-21 19:12:31 C11D104B0EF22012A3D531131D2C8DC8 6808368 ----a-w- C:\Program Files\KPN Back-up Online\BackupUP.exe 2014-12-21 19:12:31 9E9A74EA0CD53B0BEBFDCF859786C69F 15114544 ----a-w- C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe 2014-12-21 19:12:31 832FC916A61BCF71E6B39542971049E6 1219888 ----a-w- C:\Program Files\KPN Back-up Online\BackupSC.exe 2014-12-21 19:12:31 647ED847357398AE22B17EC3A2B0D16A 51572528 ----a-w- C:\Program Files\KPN Back-up Online\BackupFP.exe 2014-12-21 19:12:31 3C77D7A7A86273864C151B5FD4805951 1828144 ----a-w- C:\Program Files\KPN Back-up Online\BackupIP.exe 2014-12-21 14:21:09 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Susan.exe 2014-12-20 13:21:09 FEBCD20EFCA4584CC5B51D1D429AE988 107784 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\CLVSTWnd.exe 2014-12-20 13:21:09 F9558D649C6FB5ADD7D1271FE12C943F 106248 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\OLRSubmission\OLRStateCheck.exe 2014-12-20 13:21:09 EE87C329EB75290A9AE99B149A737CB6 405256 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\Presentation\UI\BigBang\Runtime\CLUpdater.exe 2014-12-20 13:21:09 AB627A28475A1B21C501BF6E81955DD0 124680 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\AudioDirector5.exe 2014-12-20 13:21:09 7741DB81D5BA2260889938E62F799B51 2255112 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\Boomerang\x86\Boomerang.exe 2014-12-20 13:21:09 0BFCA89DEFA97E61BEE88A29C820FAB9 179976 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\OLRSubmission\OLRSubmission.exe 2014-12-20 11:58:13 F8BD3738B74341A8E7C904D58A3275E8 1009416 ----a-w- C:\Program Files (x86)\Cyberlink\WaveEditor\WaveEditor.exe 2014-12-20 11:58:13 AA03401A936E3A6FEE373ABD8D799ADA 392456 ----a-w- C:\Program Files (x86)\Cyberlink\WaveEditor\BigBang\CLUpdater.exe 2014-12-20 11:58:13 A01FB0B0C58319FB350A53EDAA947D36 222504 ----a-w- C:\Program Files (x86)\Cyberlink\WaveEditor\MUITransfer\MUIStartMenu.exe 2014-12-20 11:52:49 D924E5867A273A547FBAACC801249221 162568 ----a-w- C:\Program Files\CyberLink\PowerDirector13\UACAgent.exe 2014-12-20 11:52:49 CECC0E356B5CDF3B1DC2A50A41091FE3 155912 ----a-w- C:\Program Files\CyberLink\PowerDirector13\runtime\encoderPack\CLQTKernelClient32.exe 2014-12-20 11:52:49 CA9D8FCAE832DE4877431CF00A01A902 277768 ----a-w- C:\Program Files\CyberLink\PowerDirector13\BigBang\RatingDlg.exe 2014-12-20 11:52:49 BD4BF577D3DA89F29AE61D4265ECFC75 210696 ----a-w- C:\Program Files\CyberLink\PowerDirector13\CES_CacheAgent.exe 2014-12-20 11:52:49 A168B0EC0A8BBD6B337B854598B80547 2255624 ----a-w- C:\Program Files\CyberLink\PowerDirector13\Boomerang\x86\Boomerang.exe 2014-12-20 11:52:49 9E81E4592EFF61D38F0E74D4C8A3D6C6 259544 ----a-w- C:\Program Files\CyberLink\PowerDirector13\PDR32Agent\PDR32Agent.exe 2014-12-20 11:52:49 871026A16AFB707AA9FB3975294C1C1C 210696 ----a-w- C:\Program Files\CyberLink\PowerDirector13\CES_AudioCacheAgent.exe 2014-12-20 11:52:49 7D84510EBB6C2A4A501F2F9CDB612C72 50440 ----a-w- C:\Program Files\CyberLink\PowerDirector13\GPUUtilityEx.exe 2014-12-20 11:52:49 69770E6B74CE3E738C63AF802C55641F 264968 ----a-w- C:\Program Files\CyberLink\PowerDirector13\CES_IPCAgent.exe 2014-12-20 11:52:49 4980B5C7A54F9A3F1A00A4BF1C765BE2 90376 ----a-w- C:\Program Files\CyberLink\PowerDirector13\MotionMenuGenerator.exe 2014-12-20 11:52:49 40475B631EFDAF8B838448A491081CEF 507656 ----a-w- C:\Program Files\CyberLink\PowerDirector13\BigBang\CLUpdater.exe 2014-12-20 11:52:49 3461C93CACE732FA9E5790890819DC80 143624 ----a-w- C:\Program Files\CyberLink\PowerDirector13\PDHanumanSvr.exe 2014-12-20 11:52:49 1A88DD1DB20931AF6E2ECF879D89B696 2869512 ----a-w- C:\Program Files\CyberLink\PowerDirector13\Boomerang\x64\Boomerang.exe 2014-12-20 11:52:49 18FEB56300895F02B82DBDA9B98F0475 4134152 ----a-w- C:\Program Files\CyberLink\PowerDirector13\PDR13.exe 2014-12-20 11:52:30 D1C74680E51CD2A7AFA7D3629222DEE8 106248 ----a-w- C:\Program Files\CyberLink\PowerDirector13\OLRSubmission\OLRStateCheck.exe 2014-12-20 11:52:30 8B2294AA131D859C43C30731E5D1F36A 179976 ----a-w- C:\Program Files\CyberLink\PowerDirector13\OLRSubmission\OLRSubmission.exe 2014-12-20 11:52:30 5F286A947C85B9B740C78598E86C6950 438536 ----a-w- C:\Program Files\CyberLink\PowerDirector13\MUITransfer\MUIStartMenuX64.exe 2014-12-20 11:52:30 0C69B86F3AE681B3CCAC0A38532092D4 225032 ----a-w- C:\Program Files\CyberLink\PowerDirector13\MUITransfer\MUIStartMenu.exe === C: other files == 2014-12-21 21:42:05 F26DFC5E2823742386D81B59E236800B 5034558 ----a-w- C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMKP0TJR\WzProdAdv[1].zip 2014-12-21 20:37:12 0B460630521414CA7D9D9824F61304F5 2894981 ----a-w- C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGP3EBTO\2[1].zip 2014-12-21 20:36:34 004BE7A80AFF2213BEB8269B7E4D283B 2140230 ----a-w- C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JU6MJ06\1[1].zip 2014-12-21 19:12:37 E9018D2E11734CB5C5C63E9573FE7DDE 33872 ----a-w- C:\Program Files\KPN Back-up Online\vddk\AMD64\vstor2-mntapi10-shared.sys 2014-12-21 19:12:37 3653BE8C63942D90F1D0491F9E1B35A8 33872 ----a-w- C:\Program Files\KPN Back-up Online\vddk\AMD64\vstor2-mntapi20-shared.sys 2014-12-21 16:27:20 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-20 13:20:35 0A149AE71D261732728CE08792CF7BDA 3156025 ----a-w- C:\Program Files (x86)\Cyberlink\AudioDirector5\Koan\python27.zip 2014-12-20 11:53:56 0A149AE71D261732728CE08792CF7BDA 3156025 ------w- C:\Program Files (x86)\Cyberlink\Shared files\InteropPalette\3.0\x64\python27.zip 2014-12-20 11:53:53 0A149AE71D261732728CE08792CF7BDA 3156025 ------w- C:\Program Files (x86)\Cyberlink\Shared files\InteropPalette\3.0\x86\python27.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "Google Update"="C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" "PDVD8LanguageShortcut"="C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe /platui /runkey" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "Google Update"="C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KPNBackupOnline"="C:\Program Files\KPN Back-up Online\KPNBackupOnline.exe minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" "TouchORB"="C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3" "TouchPortal"="C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortalLauncher.exe na" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MDS_Menu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MDS_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\Acer Touch Suite\\MediaShow Espresso\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Acer\\Acer Touch Suite\\MediaShow Espresso\" UpdateWithCreateOnce \"Software\\CyberLink\\MediaShow Espresso\\5.6\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "command"="\"C:\\Program Files (x86)\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" "hkey"="HKLM" "item"="NBKeyScan" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder] "command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED" "hkey"="HKLM" "item"="NortonOnlineBackupReminder" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl8] "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD8\\PDVD8Serv.exe\"" "hkey"="HKLM" "item"="RemoteControl8" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TouchMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TouchMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\Acer Touch Suite\\Acer Touch Movie\\TouchMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UCam_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\Acer Touch Suite\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Acer\\Acer Touch Suite\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\3.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe" "item"="Bluetooth" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Susan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Susan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2010 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~4\\Office14\\ONENOTEM.EXE /tsr" "item"="OneNote 2010 Schermopname en Snel starten" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-12-2014 12:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-11-2012 13:03] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328568678-1481798010-3669480837-1000Core.job --a------ C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [04-06-2014 14:08] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3328568678-1481798010-3669480837-1000UA.job --a------ C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [04-06-2014 14:08] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\4703" [wscript.exe C:\Users\Susan\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Susan-PC-Susan" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3328568678-1481798010-3669480837-1000Core" [C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3328568678-1481798010-3669480837-1000UA" [C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\{F63EE983-E33B-43AB-BC37-A2C8554B6E85}" [C:\Program Files (x86)\VideoLAN\VLC\vlc.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [24-11-2014 07:01] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 11:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - Undetermined - {0b457cAA-602d-484a-8fe7-c1d894a011ba} - Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - Undetermined - %ProfilePath%\extensions\{35379F86-8CCB-4724-AE33-4278DE266C70} AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\y2yz5r6i.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash D2377C9458EFEB094E38B8C874AA214C - C:\Users\Susan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update B33B016B77560C7832BF4D311EA23328 - C:\Users\Susan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 5C292EE26B255B69B4314909B3FD620C - C:\Users\Susan\AppData\Roaming\Mozilla\plugins\npasperaweb.dll - Aspera Web for Firefox 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[30-10-2014 14:36] oilkkkefbalmbfppgjmgjoefbclebkce - No path found[] pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Susan\AppData\Local\mysearchdial_speedial_v9.0.2.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions oilkkkefbalmbfppgjmgjoefbclebkce - No path found[] pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Susan\AppData\Local\mysearchdial_speedial_v9.0.2.crx[] Google Cast - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd Videostream for Google Chromecast™ - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl Google Cast (Beta) - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm Linkey - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah Plex - Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm ==== Chromium Startpages ====================== C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://Vosteran.com/?f=7&a=vst_wnzp01_14_51_ie&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0A0ByBzyyEtDyE0EtByEtN0D0Tzu0StCtDzzyDtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0ByEtA0CyCyD0CtG0BtAtD0DtGyC0BtDzytGtCyEzzyEtGyDyE0E0E0E0EzytB0DzzzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyB0EtD0BzytG0CyDyBtAtGyEyD0BtBtGzz0FtCyCtG0Dzz0A0B0DyDtD0CyDzyzzyB2Q&cr=647046933&ir=", "http://www.mystartsearch.com/?type=hp&ts=1419194199&from=smt&uid=WDCXWD10EADS-22M2B0_WD-WCAV5D70864208642" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1419194199&from=smt&uid=WDCXWD10EADS-22M2B0_WD-WCAV5D70864208642&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1419194199&from=smt&uid=WDCXWD10EADS-22M2B0_WD-WCAV5D70864208642&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1419194199&from=smt&uid=WDCXWD10EADS-22M2B0_WD-WCAV5D70864208642&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1419194199&from=smt&uid=WDCXWD10EADS-22M2B0_WD-WCAV5D70864208642&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{D5B35B1F-901D-45F9-80FD-148BC245A095}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5B35B1F-901D-45F9-80FD-148BC245A095}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0369EA27-7613-FB0E-9772-2EEA6EBD5B33} Unknown Url="Not_Found" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} (www.google.nl) Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0369EA27-7613-FB0E-9772-2EEA6EBD5B33} deleted successfully HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64116738-53F5-4F30-B785-57F27140D54E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3328568678-1481798010-3669480837-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Susan\AppData\Local\Mozilla\Firefox\Profiles\y2yz5r6i.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4591 folders=728 112774265860 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Susan\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Susan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\boost_interprocess" not deleted ==== EOF on ma 22-12-2014 at 17:23:27,35 ======================