Zoek.exe v5.0.0.0 Updated 09-January-2015 Tool run by Henk on za 10-01-2015 at 12:26:47,78. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Henk\Downloads\zoek(1).exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-06-04-181048.log 217742 bytes C:\zoek-results2014-06-05-122028.log 7063 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthCopyHook.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1535193200-1948594691-1747739758-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_USERS\S-1-5-21-1535193200-1948594691-1747739758-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_CLASSES_ROOT\CLSID\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{295387b0-90c1-446c-84ee-479113edb476} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Dynamo Combo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Dynamo Combo deleted successfully ==== FireFox Fix ====================== Deleted from C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\3upd9wm3.default\prefs.js: Added to C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\3upd9wm3.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\prefs.js: user_pref("browser.search.useDBForOrder", "false"); Added to C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\6w62ozqw.default-1401555762839\prefs.js: user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_wnzp01_14_45_ff&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAyB0CtA0C0C0BzzyC0DyEtN0D0Tzu0StCtDyEyEtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0EzyzztCzzzytG0B0DyE0CtGtB0Ezy0DtGzytA0BtDtGyCzz0C0C0AyE0F0EyC0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtDtDtB0D0D0CtGyDzy0DyCtGyEyDtAyEtGzzzyyByBtG0FzytDtAyB0DtBzzyC0D0FtD2Q&cr=652891317&ir="); user_pref("browser.search.selectedEngine", "Astromenda"); Added to C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\6w62ozqw.default-1401555762839\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\suf8puu9.default\prefs.js: user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_wnzp01_14_45_ff&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAyB0CtA0C0C0BzzyC0DyEtN0D0Tzu0StCtDyEyEtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0EzyzztCzzzytG0B0DyE0CtGtB0Ezy0DtGzytA0BtDtGyCzz0C0C0AyE0F0EyC0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtDtDtB0D0D0CtGyDzy0DyCtGyEyDtAyEtGzzzyyByBtG0FzytDtAyB0DtBzzyC0D0FtD2Q&cr=652891317&ir="); user_pref("browser.search.selectedEngine", "Astromenda"); Added to C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\suf8puu9.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\y36bohn4.default-1407176424701\prefs.js: user_pref("browser.startup.homepage", "http://google.nl/"); Added to C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\y36bohn4.default-1407176424701\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Lelaa\AppData\Roaming\Mozilla\Firefox\Profiles\l6aj28mn.default\prefs.js: user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_wnzp01_14_45_ff&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAyB0CtA0C0C0BzzyC0DyEtN0D0Tzu0StCtDyEyEtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0EzyzztCzzzytG0B0DyE0CtGtB0Ezy0DtGzytA0BtDtGyCzz0C0C0AyE0F0EyC0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtDtDtB0D0D0CtGyDzy0DyCtGyEyDtAyEtGzzzyyByBtG0FzytDtAyB0DtBzzyC0D0FtD2Q&cr=652891317&ir="); user_pref("browser.search.selectedEngine", "Astromenda"); Added to C:\Users\Lelaa\AppData\Roaming\Mozilla\Firefox\Profiles\l6aj28mn.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Lusia\AppData\Roaming\Mozilla\Firefox\Profiles\7c61muc8.default\prefs.js: user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_wnzp01_14_45_ff&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAyB0CtA0C0C0BzzyC0DyEtN0D0Tzu0StCtDyEyEtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0EzyzztCzzzytG0B0DyE0CtGtB0Ezy0DtGzytA0BtDtGyCzz0C0C0AyE0F0EyC0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtDtDtB0D0D0CtGyDzy0DyCtGyEyDtAyEtGzzzyyByBtG0FzytDtAyB0DtBzzyC0D0FtD2Q&cr=652891317&ir="); user_pref("browser.search.selectedEngine", "Astromenda"); Added to C:\Users\Lusia\AppData\Roaming\Mozilla\Firefox\Profiles\7c61muc8.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Dynamo Combo not found C:\Program Files (x86)\GoSavee deleted C:\Users\Henk\AppData\Local\6030 deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\extensions\kml8-lso@om-ila.com deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\extensions\oak36@gwbxae.org deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\extensions\sloUa@Jwp3xz.net deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default\searchplugins\Astromenda.xml deleted C:\Program Files (x86)\SupTab deleted C:\Program Files (x86)\pricecchOp deleted "C:\windows\tasks\AmiUpdXp.job" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCall.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla2.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla21.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla31.exe" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla32.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla33.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla34.dll" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseCustomCalla36.exe" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP\WiseData.ini" deleted "C:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP" deleted ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\Henk\AppData\Local\Temp ==== 2015-01-07 14:59:15 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\Henk\AppData\Local\Temp\ESGScanner.sys 2015-01-03 10:59:48 15BBCDB456EDD67CE8918D1E135E0EFF 62890496 ----a-w- C:\Users\Henk\AppData\Local\Temp\is360511915\32DE6A67_stp.MSI ====== Java Cache ===== 2015-01-10 11:16:03 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Indra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-2138cbd2 2015-01-10 11:15:57 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Indra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-5189a37c 2015-01-10 11:15:57 8F8BBCCEA093B6CA55C09B90691B6BBE 424 ----a-w- C:\Users\Indra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-01-10 11:15:56 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Indra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-400b684f 2015-01-10 11:15:57 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Indra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5a4d37eb ====== C:\windows\SysWOW64 ===== 2015-01-10 11:14:26 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== ====== C:\windows\Sysnative\drivers ===== 2014-12-11 13:44:46 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\windows\Sysnative\drivers\tdx.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-01-03 11:00:46 -------- d-----w- C:\Program Files\WinZip ======= C:\PROGRA~2 ===== 2015-01-10 11:14:51 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-01-05 20:16:33 -------- d-----w- C:\PROGRA~2\COMMON~1\Steam 2015-01-05 20:16:32 -------- d-----w- C:\PROGRA~2\Steam 2015-01-03 12:33:52 -------- d-----w- C:\PROGRA~2\R.G. Mechanics ======= C: ===== ====== C:\Users\Henk\AppData\Roaming ====== 2015-01-10 11:07:32 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Locallow\Sun 2015-01-07 14:40:50 -------- d-sh--w- C:\Users\Henk\AppData\Local\EmieBrowserModeList 2015-01-07 14:40:41 -------- d-sh--w- C:\Users\Henk\AppData\Locallow\EmieBrowserModeList 2015-01-05 20:40:30 -------- d-----w- C:\Users\Indra\AppData\Local\WinZip 2015-01-05 20:38:06 -------- d-----w- C:\Users\Indra\AppData\Roaming\CyberLink 2015-01-05 20:38:06 -------- d-----w- C:\Users\Indra\AppData\Local\Cyberlink 2015-01-04 19:29:58 -------- d-----w- C:\Users\Henk\AppData\Roaming\Call of Duty - Modern Warfare 3 2015-01-04 15:30:49 -------- d-----w- C:\Users\Henk\AppData\Local\StormFall 2015-01-03 12:25:36 -------- d-----w- C:\Users\Indra\AppData\Roaming\PowerISO ====== C:\Users\Henk ====== 2015-01-10 11:02:34 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\Indra\Documents\jxpiinstall.exe 2015-01-09 20:18:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Henk\Downloads\RSITx64.exe 2015-01-09 20:16:32 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Indra\Downloads\RSITx64.exe 2015-01-08 16:22:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-08 16:21:53 539A7EB7675960D81E3FE168FA3E9D45 880784 ----a-w- C:\Users\Henk\Downloads\ChromeSetup.exe 2015-01-05 20:38:02 -------- d-----w- C:\ProgramData\CyberLink 2015-01-05 20:16:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-05 20:16:17 6844B18EACA3D6F90A2A0C6772CF6A99 1142392 ----a-w- C:\Users\Indra\Downloads\SteamSetup.exe 2015-01-04 19:29:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2015-01-04 18:11:06 50AF5F196AB7C5E472672DFDDA346E58 12812600 ----a-w- C:\Users\Indra\Downloads\ApplicationCompatibilityToolkitSetup.exe 2015-01-04 15:28:50 14C2DC5BD75A772E8012943AB0495BAB 27370 ----a-w- C:\Users\Henk\Downloads\call-of-duty-modern-warfare-3-full-version [1].exe 2015-01-03 11:02:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2015-01-03 10:58:51 74FFC792C07E7EA4A288E60DF08D0D0F 906024 ----a-w- C:\Users\Indra\Downloads\winzip19-home.exe ====== C: exe-files == 2015-01-10 11:26:12 7B55294F95246F4A83FC8E633381B33F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1001\$IG1Z164.exe 2015-01-10 11:25:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1001\$RG1Z164.exe 2015-01-08 17:32:08 E8F00D9A3DADB7CDD3B99AF7AB008513 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1001\$I192KME.exe 2015-01-05 20:16:33 CC7ED069C2FC82B5B1555C2044C765CC 833728 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamService.exe 2015-01-04 15:59:14 D8946A2298164B3E3F5A7D2E38E64A9B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$IOWN8YT.exe 2015-01-04 15:59:05 71F96C9E5D9B0AD5D7D4097566F4E73F 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$I30JYEQ.exe 2015-01-04 15:58:34 801FC644C8E01B5A14F4B1DCE3911350 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$IMXS0R9.exe 2015-01-04 15:58:13 15293D4E3BD6A091FF22B7C4E295E79E 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$ISOSFS8.exe 2015-01-04 15:51:00 C001911DF336BC46BA4799A9203BE601 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$IUC4UG0.exe 2015-01-04 15:27:53 89D047CBF2A5814147B97BA3BBAC95FA 772256 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1535193200-1948594691-1747739758-1005\$RUC4UG0.exe === C: other files == 2015-01-10 11:13:25 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1535193200-1948594691-1747739758-1001\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "RoxWatchTray"="c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" "Dell DataSafe Online"="C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "OfficeScanNT Monitor"="C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe -HideWindow" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "FreeFallProtection"="C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" "DBRMTray"="C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe" "FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray] "command"="\"C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\AthBtTray.exe\"" "hkey"="HKLM" "item"="AthBtTray" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack] "command"="\"C:\\Program Files (x86)\\Dell Wireless\\Bluetooth Suite\\BtvStack.exe\"" "hkey"="HKLM" "item"="AtherosBtStack" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell Webcam Central] "command"="\"C:\\Program Files (x86)\\Dell Webcam\\Dell Webcam Central\\WebcamDell2.exe\" /mode2" "hkey"="HKLM" "item"="Dell Webcam Central" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool] "command"="\"c:\\Program Files (x86)\\Roxio\\OEM\\Roxio Burn\\RoxioBurnLauncher.exe\"" "hkey"="HKLM" "item"="Desktop Disc Tool" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD9LanguageShortcut] "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD9\\Language\\Language.exe\"" "hkey"="HKLM" "item"="PDVD9LanguageShortcut" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" "hkey"="HKLM" "item"="PWRISOVM.EXE" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl9] "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD9\\PDVD9Serv.exe\"" "hkey"="HKLM" "item"="RemoteControl9" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk] "backup"="C:\\windows\\pss\\Virtual Router Manager.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\windows\\Installer\\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\\_118D1A4EFFA6998C3492EB.exe" "item"="Virtual Router Manager" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Virtual Router Manager.lnk" ==== Startup Folders ====================== 2013-08-17 16:09:25 1065 ----a-w- C:\Users\Lusia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk 2014-10-11 17:56:26 1933 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ \C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ :C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-01-2015 17:22] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\AdobeAAMUpdater-1.0-Henk-PC-Indra" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{1A7D0937-169A-4BB7-B4AA-A23F4E540181}" [C:\windows\system32\msfeedssync.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{83EA47DA-D5C4-4C98-B65E-0A01845B0D2A}" [C:\windows\system32\msfeedssync.exe] "C:\windows\SysNative\tasks\{DF79C978-3CAB-4A77-AF93-F91794179BF0}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.1.0.129.272/nl/abandoninstall?page=tsProgressBar] "C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2014-07-15 10:07:43 -------- d-----w- C:\PROGRA~3\4d09ce8d5400296d 2014-07-15 10:07:49 -------- d-----w- C:\PROGRA~3\pricecchOp 2014-07-15 10:07:56 -------- d-----w- C:\PROGRA~3\Adblocker 2014-07-15 10:08:32 -------- d-----w- C:\PROGRA~3\IePluginServices 2014-08-09 17:06:18 -------- d-----w- C:\PROGRA~3\PMB Files 2014-08-09 17:12:30 -------- d-----w- C:\PROGRA~3\Riot Games 2014-08-25 09:48:24 -------- d-----w- C:\PROGRA~3\Oracle 2014-09-09 18:54:16 -------- d-----w- C:\PROGRA~3\Origin 2014-09-11 12:45:54 -------- d-----w- C:\PROGRA~3\Package Cache 2014-10-08 16:25:03 -------- d-----w- C:\PROGRA~3\regid.1991-06.com.microsoft 2014-10-10 15:10:25 -------- d-----w- C:\PROGRA~3\GoSavee 2014-10-11 17:56:29 -------- d-----w- C:\PROGRA~3\McAfee Security Scan 2014-11-09 16:13:36 -------- d-----w- C:\PROGRA~3\WinZip 2014-11-10 17:28:43 -------- d-----w- C:\PROGRA~3\cab4fbb2-1ac7-44d2-9b7d-0c921d8827f4 2015-01-05 20:38:02 -------- d-----w- C:\PROGRA~3\CyberLink ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\3upd9wm3.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\6w62ozqw.default-1401555762839 user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\suf8puu9.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\y36bohn4.default-1407176424701 user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Lelaa\AppData\Roaming\Mozilla\Firefox\Profiles\l6aj28mn.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Lusia\AppData\Roaming\Mozilla\Firefox\Profiles\7c61muc8.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension" [02-03-2014 22:07] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 11:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default - Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Indra\AppData\Roaming\Mozilla\Firefox\Profiles\y36bohn4.default-1407176424701 - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi - Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\3upd9wm3.default B33B016B77560C7832BF4D311EA23328 - C:\Users\Henk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 8FE7BA502945BE735D09D5703BD76FDA - C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll - Shockwave for Director / Shockwave for Director Profilepath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\lbq32xj6.default 9860727E477F17B88E39AF8B69B0407A - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 B33B016B77560C7832BF4D311EA23328 - C:\Users\Henk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 8FE7BA502945BE735D09D5703BD76FDA - C:\windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] pfkfdlcdbajamklbneflfbcmfgddmpae - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions pfkfdlcdbajamklbneflfbcmfgddmpae - No path found[] pricechop - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Administrator\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Gast\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Gast\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Henk\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Henk\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Henk\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Henk\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Google Docs - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia pricechop - Henk\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Henk\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Henk\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Henk\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Indra\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Indra\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Indra\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Indra\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Google Docs - Indra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake pricechop - Indra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg Jack Spade - Indra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfhcemponaaoollhcoebkpajgdamieo GoSavee - Indra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Google Wallet - Indra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda pricechop - Indra\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Indra\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Indra\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Indra\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lelaa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lelaa\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lelaa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lelaa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Docs - Lelaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake pricechop - Lelaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lelaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Google Wallet - Lelaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda pricechop - Lelaa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lelaa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lelaa\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lelaa\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lusia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lusia\AppData\Local\Chromatic Browser\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lusia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lusia\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni Google Wallet - Lusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda pricechop - Lusia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lusia\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni pricechop - Lusia\AppData\Local\Torch\User Data\Default\Extensions\cnbepkilfgbjlpkgblegbhkfphbceicg GoSavee - Lusia\AppData\Local\Torch\User Data\Default\Extensions\jpfjfedncajhjefnmpacbnghfboahlni ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11&q={searchTerms}" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11" "Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11&q={searchTerms}" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11" "Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} webssearches Url="http://istart.webssearches.com/web/?type=ds&ts=1405418895&from=wpc&uid=ST9500423AS_5WR14M11XXXX5WR14M11&q={searchTerms}" {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} Unknown Url="Not_Found" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Astromenda Url="http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_45_ff&cd=2XzuyEtN2Y1L1QzuyB0C0Ezy0DtAyB0CtA0C0C0BzzyC0DyEtN0D0Tzu0StCtDyEyEtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0F0EzyzztCzzzytG0B0DyE0CtGtB0Ezy0DtGzytA0BtDtGyCzz0C0C0AyE0F0EyC0AtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0EtDtDtB0D0D0CtGyDzy0DyCtGyEyDtAyEtGzzzyyByBtG0FzytDtAyB0DtBzzyC0D0FtD2Q&cr=652891317&ir=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {E6315AA0-9C71-4023-9D9F-4A913FA7592C} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== shortcuts on Users Desktops ====================== C:\Users\Henk\Desktop\Call of Duty - Modern Warfare 3.lnk - C:\Program Files (x86)\R.G. Mechanics\Call of Duty - Modern Warfare 3\iw5sp.exe C:\Users\Henk\Desktop\Download Genius.lnk - C:\Download Genius\Download_Genius.exe C:\Users\Henk\Desktop\Microsoft Word 2010.lnk - C:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Henk\Desktop\Secure Download Manager.lnk - C:\Users\Henk\AppData\Roaming\Microsoft\Installer\{01D160AC-132A-4CB7-9565-275DF200AF06}\_1150901C3D7C5042953493.exe C:\Users\Henk\Desktop\SopCast.lnk - C:\Program Files (x86)\SopCast\SopCast.exe C:\Users\Indra\Desktop\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe C:\Users\Indra\Desktop\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe C:\Users\Indra\Desktop\Calculator.lnk - C:\windows\system32\calc.exe C:\Users\Indra\Desktop\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\Users\Indra\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Indra\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Indra\Desktop\Paint.lnk - C:\windows\system32\mspaint.exe C:\Users\Indra\Desktop\Play Call of Duty - Modern Warfare 3.lnk - C:\Program Files (x86)\R.G. Mechanics\Call of Duty - Modern Warfare 3\iw5sp.exe C:\Users\Indra\Desktop\PowerPoint 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\POWERPNT.EXE C:\Users\Indra\Desktop\Snipping Tool.lnk - C:\Users\Indra\Desktop\SopCast.lnk - C:\Program Files (x86)\SopCast\SopCast.exe C:\Users\Indra\Desktop\Sticky Notes.lnk - C:\Users\Indra\Desktop\Unity.lnk - C:\Users\Indra\Editor\Unity.exe C:\Users\Indra\Desktop\Word 2013.lnk - C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE C:\Users\Lelaa\Desktop\Microsoft Word 2010.lnk - C:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Lelaa\Desktop\Microsoft Word Starter 2010.lnk - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604130000" C:\Users\Lelaa\Desktop\SopCast.lnk - C:\Program Files (x86)\SopCast\SopCast.exe C:\Users\Lusia\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Lusia\Desktop\SopCast.lnk - C:\Program Files (x86)\SopCast\SopCast.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Assassin's Creed IV - Black Flag.lnk - C:\Program Files (x86)\Assassin's Creed IV - Black Flag\Launcher.exe C:\Users\Public\Desktop\Blender.lnk - C:\Program Files\Blender Foundation\Blender\blender.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV - Black Flag\Assassin's Creed IV - Black Flag.lnk - C:\Program Files (x86)\Assassin's Creed IV - Black Flag\Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV - Black Flag\Manual.lnk - C:\Program Files (x86)\Assassin's Creed IV - Black Flag\Support\Manual\English\AssassinsCreed.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed IV - Black Flag\Uninstall.lnk - C:\Program Files (x86)\Assassin's Creed IV - Black Flag\Uninstall\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Assassin's Creed IV - Black Flag.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk - C:\Program Files\PowerISO\PowerISO.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk - C:\Program Files\PowerISO\PWRISOVM.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk - C:\Program Files\PowerISO\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Call of Duty - Modern Warfare 3\Play Call of Duty - Modern Warfare 3.lnk - C:\Program Files (x86)\R.G. Mechanics\Call of Duty - Modern Warfare 3\iw5sp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics\Call of Duty - Modern Warfare 3\Uninstall Call of Duty - Modern Warfare 3.lnk - C:\Users\Henk\AppData\Roaming\Call of Duty - Modern Warfare 3\Uninstall\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.0.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\Indra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\Lelaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe C:\Users\Lusia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== C:\zoek_backup content ====================== C:\zoek_backup (files=536 folders=219 29924668 bytes) ==== After Reboot ====================== ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Indra\AppData\Local\Temp\AdobeARM.log" deleted "C:\Users\Indra\AppData\Local\Temp\FXSAPIDebugLogFile.txt" deleted "C:\Users\Indra\AppData\Local\Temp\AdobeARM.log" not found "C:\Users\Indra\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found "C:\Users\Henk\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W2HCQGVK\heias.com" not found "C:\Users\Henk\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W2HCQGVK\www.kruidvat.nl" not found "C:\Users\Lelaa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8SEKPZ8D\static.issuu.com" not found "C:\Users\Indra\AppData\Local\Temp\OICE_B6323198-CC63-4D84-84E9-83EF97FAB562.0" not found ==== EOF on za 10-01-2015 at 12:45:01,01 ======================