Zoek.exe v5.0.0.0 Updated 09-January-2015 Tool run by hp on zo 11/01/2015 at 14:15:02,31. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hp\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-06-110307.log 63462 bytes C:\zoek-results2015-01-11-103551.log 43395 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\hp\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-06 10:26:58 1738AF59D7E2D56078A35CD2D2E1D5F4 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-09 13:05:28 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys ====== C:\Windows\Tasks ====== 2015-01-08 17:29:56 392F2C5C4B5C2F18CC88243BC8E693CB 3506 ----a-w- C:\Windows\Sysnative\Tasks\Patch My PC 2014-12-27 14:33:27 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-11 07:40:10 -------- d-----w- C:\Program Files\Speccy 2015-01-09 13:04:39 -------- d-----w- C:\Program Files\iPod 2015-01-09 13:04:38 -------- d-----w- C:\Program Files\iTunes 2015-01-08 17:28:28 -------- d-----w- C:\Program Files\WinRAR 2015-01-05 21:42:33 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-01-11 10:48:30 -------- d-----w- C:\PROGRA~2\HD Tune 2015-01-09 13:04:38 -------- d-----w- C:\PROGRA~2\iTunes 2015-01-06 09:54:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== 2015-01-08 17:28:28 6C8B7645E65CCBD231D2087D15CF4EF8 2819 ----a-w- C:\HP-PC.rtf 2014-12-18 14:48:57 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{a9ddddbf-867e-11e4-926e-e2d89ad29857}.TMContainer00000000000000000002.regtrans-ms 2014-12-18 14:48:56 BB28D87189CE6ADC8CD4936FE0F34ABC 524288 --sha-w- C:\ntuser.dat{a9ddddbf-867e-11e4-926e-e2d89ad29857}.TMContainer00000000000000000001.regtrans-ms 2014-12-18 14:48:56 8E11DDE4A496D59D96F98F52BEAB2644 65536 --sha-w- C:\ntuser.dat{a9ddddbf-867e-11e4-926e-e2d89ad29857}.TM.blf 2014-12-16 09:08:04 BD61F813593835985AD6025CB38EE073 65536 --sha-w- C:\ntuser.dat{c0a69433-84fd-11e4-acc6-ca16d0c7cc34}.TM.blf 2014-12-16 09:08:04 6DBC65DF61E53931673F099A93D3D9A8 262144 ----a-w- C:\ntuser.dat 2014-12-16 09:08:04 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{c0a69433-84fd-11e4-acc6-ca16d0c7cc34}.TMContainer00000000000000000002.regtrans-ms 2014-12-16 09:08:04 5295E98846F708DA86EEAC180A7CD075 524288 --sha-w- C:\ntuser.dat{c0a69433-84fd-11e4-acc6-ca16d0c7cc34}.TMContainer00000000000000000001.regtrans-ms ====== C:\Users\hp\AppData\Roaming ====== 2015-01-11 10:33:27 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-11 10:33:26 -------- d-----w- C:\Users\hp\AppData\Local\Temp 2015-01-11 10:33:26 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-11 10:33:26 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-06 13:25:17 -------- d-sh--w- C:\Users\hp\AppData\Locallow\EmieBrowserModeList 2015-01-06 10:27:09 -------- d-----w- C:\Users\hp\AppData\Locallow\Oracle 2014-12-16 23:05:05 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun 2014-12-16 23:05:02 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\HpUpdate ====== C:\Users\hp ====== 2015-01-11 10:48:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2015-01-11 10:47:55 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\hp\Downloads\hdtune_255.exe 2015-01-11 07:40:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-01-11 07:39:37 A7DD64E7AB5605665CE68A00814343D7 5122624 ----a-w- C:\Users\hp\Downloads\spsetup127.exe 2015-01-09 13:05:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-09 13:04:38 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-09 13:02:57 D1E6D9BEEF71DA6FC161C7B259448581 122418480 ----a-w- C:\Users\hp\Downloads\iTunes64Setup(2).exe 2015-01-08 17:29:47 A704C22D7B2A1EF20E463F970C24CC17 130048 ----a-w- C:\Users\hp\Downloads\Microsoft.Win32.TaskScheduler.dll 2015-01-08 17:26:03 7FE4D917ACCB497C52D839EA1C22627C 523808 ----a-w- C:\Users\hp\Downloads\patchmypc.exe 2015-01-06 14:04:40 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\hp\Downloads\adwcleaner_4.106.exe 2015-01-06 10:24:40 733F8838A4FA8CF66FE0799A467E5EB5 92658088 ----a-w- C:\Users\hp\Downloads\jre-8u25-windows-x64.exe 2015-01-06 09:53:05 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\hp\Downloads\jxpiinstall.exe 2015-01-05 21:41:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hp\Downloads\RSITx64.exe ====== C: exe-files == 2015-01-11 10:48:30 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files (x86)\HD Tune\HDTune.exe 2015-01-11 10:48:30 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files (x86)\HD Tune\unins000.exe 2015-01-11 10:47:55 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\hp\Downloads\hdtune_255.exe 2015-01-11 07:39:37 A7DD64E7AB5605665CE68A00814343D7 5122624 ----a-w- C:\Users\hp\Downloads\spsetup127.exe 2015-01-09 13:02:57 D1E6D9BEEF71DA6FC161C7B259448581 122418480 ----a-w- C:\Users\hp\Downloads\iTunes64Setup(2).exe 2015-01-08 17:28:28 C0A4343CF9223C4208246E0DE274A846 526424 ----a-w- C:\Program Files\WinRAR\Rar.exe 2015-01-08 17:28:28 9920913721AB74E3F06233D6D2FC0379 1500248 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2015-01-08 17:28:28 7DB2DC8486A55F5D918D910DF6D0F8EE 186456 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2015-01-08 17:28:28 46F520F33ADB6ED622AADE6E866EFA86 331864 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2015-01-08 17:28:28 38D9EB259587F75DC7E2E30ABAB791EF 61528 ----a-w- C:\Program Files\WinRAR\Ace32Loader.exe 2015-01-08 17:27:11 E0E2FE836FD209FBE336DE720032DA99 96768 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2015-01-08 17:27:11 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2015-01-08 17:27:11 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2015-01-08 17:27:11 37EBCD76164A25F87E61D2158145FA42 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe 2015-01-08 17:27:10 41094C32DD59E2E56EE7AFCB0AB917B3 130208 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2015-01-08 17:26:03 7FE4D917ACCB497C52D839EA1C22627C 523808 ----a-w- C:\Users\hp\Downloads\patchmypc.exe 2015-01-06 14:04:40 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\hp\Downloads\adwcleaner_4.106.exe 2015-01-06 10:26:44 E512E19ABB0905DDD6966D8A285378F1 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2015-01-06 10:26:44 E4637864454A133F78366F9EE8F13DAE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2015-01-06 10:26:44 D2440F16BB04B2BA00E6B7D3B16386B0 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2015-01-06 10:26:44 C1228BDB2C61E626F8E4F3C1D1AA3169 34216 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2015-01-06 10:26:44 B46B4608D10D2999F09F610E1F3598C1 99240 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2015-01-06 10:26:44 ABE7423B4F03500EE51BCCA239856F75 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2015-01-06 10:26:44 A7812249FF577AE77DC2974C4179C233 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2015-01-06 10:26:44 A18D9444F006007569AE38BA4BC7587D 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2015-01-06 10:26:44 83A17CFF2CF0E9E02B342F52B5F1EF6C 190888 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2015-01-06 10:26:44 74295D477250AD744520D5C0321D6486 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2015-01-06 10:26:44 70CF52440D822C531623014383EB860F 191400 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2015-01-06 10:26:44 689BF70CD2AAFF5F9853F8AAF69847C0 320936 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2015-01-06 10:26:44 2BF5652B3E0ACABE545186725B47BB7B 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2015-01-06 10:26:44 1C95FFFA46178E256C878AC59501303A 66472 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2015-01-06 10:26:44 19FBC4DF38E7813B541AF6056454ABB6 197544 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2015-01-06 10:26:44 15FC3374508FCDBFA9EE6BCEE79516AE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2015-01-06 10:26:44 15F93809B280128FB304AD7F3480A544 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2015-01-06 10:26:44 147355AED2BC7E5E4AD517F8460F70F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2015-01-06 10:26:44 0D1BED637BC1D3B5EE6A66B1A92005D5 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2015-01-06 10:26:44 0181F6F681D28D596D71FAEBAEBFB9CB 77224 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2015-01-06 10:26:44 0111B4B086BC3FC50A6A2A3BB4FF33B6 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2015-01-06 10:24:40 733F8838A4FA8CF66FE0799A467E5EB5 92658088 ----a-w- C:\Users\hp\Downloads\jre-8u25-windows-x64.exe 2015-01-06 10:03:14 83A17CFF2CF0E9E02B342F52B5F1EF6C 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-01-06 10:03:14 70CF52440D822C531623014383EB860F 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-01-06 10:03:14 689BF70CD2AAFF5F9853F8AAF69847C0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-01-06 10:03:08 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2015-01-06 10:03:08 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2015-01-06 10:03:08 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2015-01-06 10:03:08 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2015-01-06 10:03:08 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2015-01-06 10:03:08 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2015-01-06 10:03:08 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2015-01-06 10:03:08 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2015-01-06 10:03:08 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2015-01-06 10:03:07 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2015-01-06 10:03:07 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2015-01-06 10:03:07 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2015-01-06 10:03:07 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2015-01-06 10:03:07 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2015-01-06 10:03:07 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2015-01-06 10:03:07 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2015-01-06 10:03:07 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2015-01-06 10:03:07 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2015-01-06 10:03:07 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2015-01-06 10:03:07 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2015-01-06 10:03:07 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2015-01-06 09:53:05 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\hp\Downloads\jxpiinstall.exe 2015-01-05 21:42:34 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\hp.exe 2015-01-05 21:41:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hp\Downloads\RSITx64.exe === C: other files == 2015-01-09 13:05:28 8E98D21EE06192492A5671A6144D092F 33240 -c--a-w- C:\Windows\System32\DRVSTORE\GEARAspiWD_53DFBC3344EBC2614851E0BF38F60B616DF86778\x64\GEARAspiWDM.sys 2015-01-09 13:05:28 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2015-01-06 10:26:45 E6188BE460746F84D5F3EAEE736FE1CA 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2015-01-06 10:03:08 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2777246505-950060968-3702123830-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel File Shell Monitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Corel File Shell Monitor" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Corel\\Corel Paint Shop Pro Photo X2\\CorelIOMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Easybits Recovery" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\hp\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\hp\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPADVISOR" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPCam_Menu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPCam_Menu" "hkey"="HKLM" "command"="\"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\MUITransfer\\MUIStartMenu.exe\" \"c:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\" UpdateWithCreateOnce \"Software\\Hewlett-Packard\\Media\\Webcam\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpqSRMon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\PlayMemories Home\\PMBVolumeWatcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl.exe" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmartMenu" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\Adobe Reader and Acrobat Manager (optimized).job --a------ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [19/12/2014 08:48] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000Core.job --a------ C:\Users\hp\AppData\LoC:al\FaC:ebook\Update\FaC:ebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000UA.job --a------ C:\Users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [24/11/2014 18:36] C:\Windows\tasks\Google Update (optimized).job --a------ C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [28/10/2014 16:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2014 16:34] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2014 16:34] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000Core.job --a------ C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [28/10/2014 16:16] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000UA.job --a------ C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [28/10/2014 16:16] C:\Windows\tasks\Java(TM) Platform SE Auto Updater (optimized).job --a------ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [07/10/2014 15:39] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader and Acrobat Manager (optimized)" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CapSchedInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe] "C:\Windows\SysNative\tasks\CapSvcInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe] "C:\Windows\SysNative\tasks\CapUninst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000Core" [C:\Users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000UA" [C:\Users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Update (optimized)" [C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000Core" [C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2777246505-950060968-3702123830-1000UA" [C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java(TM) Platform SE Auto Updater (optimized)" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Patch My PC" [C:\Users\hp\Downloads\patchmypc.exe] "C:\Windows\SysNative\tasks\TVAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2612A352-8D93-4863-996C-523DEEDE203F}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{51DD8942-309C-4608-B6D1-DD410E310821}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{7CE71281-282A-46FA-BD14-F2F57D2834F7}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events" ["%programfiles(x86)%\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe"] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms" [C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [04/09/2013 16:59] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [10/07/2010 08:33] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\qzqpefwe.default-1420539314336 424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash 1959AF26718C63AA015D7C4F5C1F538B - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director D2377C9458EFEB094E38B8C874AA214C - C:\Users\hp\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update 3CD19649B2C3023D65E67C056457A2BC - C:\Users\hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin BAD62EC082FBC9BF6D54FAB91E53A35A - C:\Program Files\Bitdefender\Bitdefender\Antispam32\npcomm.dll - BitDefender 16 ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[11/04/2014 12:27] ==== Chromium Startpages ====================== C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/" "urls_to_restore_on_startup": [ "http://www.sweet-page.com/?type=hp&ts=1412159492&from=cor&uid=HitachiXHTS725050A9A364_100108PCK400VLGEDKPJX" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_nlBE387" {8CCBFE85-76BA-44A2-A758-DEE12EEEF6E9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" ==== Reset Google Chrome ====================== C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTXVHSCG will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\hp\AppData\Local\Mozilla\Firefox\Profiles\qzqpefwe.default-1420539314336\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=907 folders=84 24046165 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hp\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hp\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTXVHSCG" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 11/01/2015 at 14:42:58,29 ======================