Zoek.exe v5.0.0.0 Updated 15-01-2015 Tool run by Rita on do 15/01/2015 at 19:54:11,29. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTURZSFI\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 15/01/2015 19:57:25 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Mega Browse deleted successfully C:\PROGRA~2\melondrea deleted successfully C:\PROGRA~2\predm deleted successfully C:\Program Files\log deleted successfully C:\Program Files\McAfee deleted successfully C:\PROGRA~3\374311380 deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Deadtime Stories deleted successfully C:\PROGRA~3\PhotoStitch deleted successfully C:\Users\Rita\AppData\Roaming\CyberLink deleted successfully C:\Users\Rita\AppData\Roaming\Google deleted successfully C:\Users\Rita\AppData\Roaming\Lite deleted successfully C:\Users\Rita\AppData\Roaming\TP deleted successfully C:\Users\Rita\AppData\Local\Lollipop deleted successfully C:\Users\Rita\AppData\Local\MigWiz deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d} deleted successfully HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe C:\Users\Rita\AppData\Roaming\VOPackage\VOsrv.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\SysWOW64\DllHost.exe C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTURZSFI\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wStLibG64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wStLibG64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servervo deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\servervo deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "mbot_be_4"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\DealPly deleted C:\Users\Rita\AppData\Roaming\VOPackage deleted C:\Users\Rita\AppData\Roaming\Babylon deleted C:\Users\Rita\AppData\Roaming\Systweak deleted C:\Users\Rita\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\DSearchLink deleted C:\PROGRA~3\Package Cache deleted C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Rita\Downloads\SoftonicDownloader_for_photodex-proshow.exe deleted C:\Users\Rita\AppData\LocalLow\searchresultstb deleted C:\Users\Rita\AppData\LocalLow\DataMngr deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\windows\SysNative\drivers\wStLibG64.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\sho28CB.tmp deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Rita\Documents\Optimizer Pro deleted C:\Users\Rita\Documents\Add-in Express deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8079 MB CPU Info: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz CPU Speed: 2262,9 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | NVIDIA GeForce GT 630M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9485 Wireless Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GT70N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 300,4GB | D: 372,9GB | Q: 0,0MB Hard Disks - Free: C: 162,0GB | D: 372,2GB | Q: 0,0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/20/12 | _ASUS_ - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. K75VM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Internet Explorer Version: 11.0.9600.17501 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Rita\AppData\Local\Temp ==== 2015-01-13 19:08:09 E2BAF00967934696C4AA063ECA56B6B8 166792 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\psmachine.dll 2015-01-13 19:08:09 D2377C9458EFEB094E38B8C874AA214C 604040 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\npGoogleUpdate3.dll 2015-01-13 19:08:09 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateSetup.exe 2015-01-13 19:08:09 72888A4512084F0DF9B4D02EA508679F 26112 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateHelper.msi 2015-01-13 19:08:09 665975CF6E511115B931B2E6BB27BA40 189320 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\psuser_64.dll 2015-01-13 19:08:09 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateOnDemand.exe 2015-01-13 19:08:09 41448ABDE73D0FF1898DC6ED7700A66A 189320 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\psmachine_64.dll 2015-01-13 19:08:09 3579D443DF2FC0A9692334B6380FE276 166792 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\psuser.dll 2015-01-13 19:08:09 0562DF97934FC271893BD916A0262E6D 1689480 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\goopdate.dll 2015-01-13 19:08:08 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdate.exe 2015-01-13 19:08:08 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateComRegisterShell64.exe 2015-01-13 19:08:08 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleCrashHandler.exe 2015-01-13 19:08:08 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleCrashHandler64.exe 2015-01-13 19:08:08 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateBroker.exe ====== Java Cache ===== 2015-01-15 18:27:11 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Rita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-645664e3 ====== C:\Windows\SysWOW64 ===== 2015-01-15 18:25:48 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-14 07:12:36 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll 2015-01-14 07:12:35 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 07:12:30 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 07:12:29 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 07:12:28 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-14 07:12:36 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-14 07:12:36 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-14 07:12:34 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-14 07:12:30 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-14 07:12:28 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-14 07:12:28 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-14 07:12:28 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 07:12:35 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-14 08:20:48 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-01-15 18:26:03 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-01-15 18:25:18 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\Rita\AppData\Roaming ====== 2015-01-15 19:13:36 -------- d-----w- C:\Users\Rita\AppData\Roaming\Google 2015-01-05 11:57:39 -------- d-sh--w- C:\Users\Rita\AppData\Local\EmieBrowserModeList 2015-01-05 11:57:36 -------- d-sh--w- C:\Users\Rita\AppData\Locallow\EmieBrowserModeList ====== C:\Users\Rita ====== 2015-01-15 18:25:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-15 18:14:57 92F975B07E65EF3AE67D89A016FDAACC 638888 ----a-w- C:\Users\Rita\Downloads\JavaSetup8u25.com 2015-01-08 18:54:45 4AF75EFBD91A1890BDCB49EF3238CF68 1054400 ----a-w- C:\Users\Rita\Downloads\install_flashplayer16x32ax_mssd_aaa_aih.exe ====== C: exe-files == 2015-01-15 18:25:31 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-01-15 18:25:31 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-01-15 18:25:31 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-01-15 18:25:27 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2015-01-15 18:25:27 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2015-01-15 18:25:27 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2015-01-15 18:25:27 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2015-01-15 18:25:27 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2015-01-15 18:25:27 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2015-01-15 18:25:27 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2015-01-15 18:25:27 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2015-01-15 18:25:27 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2015-01-15 18:25:27 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2015-01-15 18:25:27 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2015-01-15 18:25:27 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2015-01-15 18:25:27 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2015-01-15 18:25:27 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2015-01-15 18:25:27 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2015-01-15 18:25:27 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2015-01-15 18:25:27 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2015-01-15 18:25:27 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2015-01-15 18:25:27 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2015-01-15 18:25:27 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2015-01-15 18:25:27 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2015-01-14 08:20:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Rita.exe 2015-01-14 07:12:34 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2015-01-14 07:12:30 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 07:12:30 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-01-14 07:12:29 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 07:12:28 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-01-13 19:08:23 1F2AFAB903C0D48480561F3BBD4539C2 739640 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe 2015-01-13 19:08:20 5A6381E0AFB4E0B9FD318C1C76EFE9DC 5030744 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_en_signed.exe 2015-01-13 19:08:09 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateSetup.exe 2015-01-13 19:08:09 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateOnDemand.exe 2015-01-13 19:08:08 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdate.exe 2015-01-13 19:08:08 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateComRegisterShell64.exe 2015-01-13 19:08:08 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleCrashHandler.exe 2015-01-13 19:08:08 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleCrashHandler64.exe 2015-01-13 19:08:08 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Users\Rita\AppData\Local\Temp\{BC243D18-F681-497A-9F3B-DBA61D690D46}\GoogleUpdateBroker.exe === C: other files == 2015-01-15 18:31:13 CDDC6AECB8D92412979185334E88E904 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4055484930-3222637302-2677724163-1001\$IS8XQMS.zip 2015-01-15 18:25:27 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2015-01-15 18:14:57 92F975B07E65EF3AE67D89A016FDAACC 638888 ----a-w- C:\Users\Rita\Downloads\JavaSetup8u25.com 2015-01-14 07:12:35 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys 2015-01-09 08:23:00 4F0E09C33E6C1A2922949DA6338E5712 30903 ----a-w- C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf\1.0.1_0\Photoshop 4U.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll,c:\\windows\\syswow64\\nvinit.dll ,c:\\windows\\syswow64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" C:\\Windows\\system32\\nvinitx.dll " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACMON] "command"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe" "hkey"="HKLM" "item"="ACMON" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Adobe Speed Launcher" "hkey"="HKCU" "command"="1418653836" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Garmin Lifetime Updater] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Garmin Lifetime Updater" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Garmin\\Lifetime Updater\\GarminLifetime.exe /StartMinimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Photosmart 5520 series (NET)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Photosmart 5520 series (NET)" "hkey"="HKCU" "command"="\"C:\\Program Files\\HP\\HP Photosmart 5520 series\\Bin\\ScanToPCActivationApp.exe\" -deviceID \"CN3BP511730602:NW\" -scfn \"HP Photosmart 5520 series (NET)\" -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RTHDVCPL" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer9] ==== Startup Folders ====================== 2014-02-21 18:03:14 1952 ----a-w- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk 2012-02-24 02:50:52 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk 2012-10-03 12:44:09 1161 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/11/2012 14:31] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/11/2012 14:31] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ [Undetermined Task] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - df8f3edb8a9a4efea929913b75d43bbbe0ccacd04913438cbec55a446e5bbf9b" [C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/12/2014 16:25] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/12/2014 16:25] Photoshop 4U - Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf Avast Online Security - Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Rita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?trackid=sp-006" "Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=99ea9a3a-dbf7-4156-8568-5a1eca5a331e&searchtype=ds&q={searchTerms}" "SearchAssistant"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=99ea9a3a-dbf7-4156-8568-5a1eca5a331e&searchtype=ds&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7VASN_nlBE595" {781A4662-F8D3-43FF-AB48-AE6DFEDA12F8} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4055484930-3222637302-2677724163-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - .lnk = ? O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll,c:\windows\syswow64\nvinit.dll ,c:\windows\syswow64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RWY8HU9 will be deleted at reboot C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R3OQX1G will be deleted at reboot C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW6ECGMK will be deleted at reboot C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTURZSFI will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\ep2u2clb.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Rita\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=37 folders=31 63971130 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Rita\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Rita\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RWY8HU9" not found "C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5R3OQX1G" not found "C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW6ECGMK" not found "C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTURZSFI" not found ==== EOF on do 15/01/2015 at 20:27:33,92 ======================