Zoek.exe v5.0.0.0 Updated 23-February-2015 Tool run by Myrthe on di 24-02-2015 at 19:23:13,02. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Myrthe\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24-2-2015 19:26:37 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\LiveSupport deleted successfully C:\PROGRA~3\systemk deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{903C78EF-1BCD-C119-84EB-8D7316F702CD} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{903C78EF-1BCD-C119-84EB-8D7316F702CD} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1CF09C4-D151-C20A-3767-DD2781295AC1} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E1CF09C4-D151-C20A-3767-DD2781295AC1} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{903C78EF-1BCD-C119-84EB-8D7316F702CD} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{903C78EF-1BCD-C119-84EB-8D7316F702CD} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{903C78EF-1BCD-C119-84EB-8D7316F702CD} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1CF09C4-D151-C20A-3767-DD2781295AC1} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E1CF09C4-D151-C20A-3767-DD2781295AC1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1CF09C4-D151-C20A-3767-DD2781295AC1} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsProtectManger deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{903C78EF-1BCD-C119-84EB-8D7316F702CD}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1CF09C4-D151-C20A-3767-DD2781295AC1}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "vProt"=- "ApnTBMon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ==== Deleting Files \ Folders ====================== C:\PROGRA~2\LiveSupport not found C:\PROGRA~2\Temp deleted C:\ProgramData\Vaudix deleted C:\ProgramData\SearchNewTab deleted C:\Program Files (x86)\SupTab deleted C:\ProgramData\IePluginServices deleted C:\ProgramData\WindowsProtectManger deleted C:\ProgramData\BetterSoft\OptimizerPro deleted C:\Program Files (x86)\Linkey deleted C:\PROGRA~3\SummerSoft deleted C:\PROGRA~2\VidPlaya deleted C:\PROGRA~2\Optimizer Pro deleted C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\337 GAMES.lnk deleted C:\Users\Myrthe\AppData\Roaming\SupTab deleted C:\Users\Myrthe\AppData\Roaming\sweet-page deleted C:\Users\Myrthe\AppData\Roaming\337Games deleted C:\Users\Myrthe\AppData\Roaming\Optimizer Pro deleted C:\PROGRA~3\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\BetterSoft deleted C:\PROGRA~3\AVG Nation toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\InstallMate deleted C:\Users\Myrthe\AppData\Local\AVG Nation toolbar deleted C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VidPlaya deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Myrthe\Downloads\iLividSetup-r400-n-bc (1).exe deleted C:\Users\Myrthe\Downloads\iLividSetup-r400-n-bc (2).exe deleted C:\Users\Myrthe\Downloads\iLividSetup-r400-n-bc.exe deleted C:\Users\Myrthe\Downloads\iLividSetup-r429-n-bc.exe deleted C:\Users\Myrthe\AppData\LocalLow\AVG Nation toolbar deleted C:\Users\Myrthe\AppData\LocalLow\SearchNewTab deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\Users\Public\Desktop\eBay.lnk deleted C:\Users\Public\Desktop\VidPlaya.lnk deleted C:\Users\Myrthe\Desktop\Optimizer Pro.lnk deleted C:\Users\Myrthe\Desktop\337 GAMES.lnk deleted C:\Users\Myrthe\Downloads\Download.exe deleted "C:\WINDOWS\tasks\schedule!3036567561.job" deleted "C:\windows\Installer\62fce.msi" deleted "C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted "C:\PROGRA~3\boost_interprocess\Nobu64AgentService" deleted "C:\PROGRA~3\boost_interprocess\Nobu64TrayIcon" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.0\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll" deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe" deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe" deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll" deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll" deleted "C:\PROGRA~2\Windows Multimedia Platform" deleted "C:\Program Files (x86)\AskPartnerNetwork" deleted "C:\PROGRA~2\AVG Nation toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~3\boost_interprocess" not deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork" not deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.0" deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar" not deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater" not deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Myrthe\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-02-16 12:58:12 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-12 14:35:37 332625D3A96613A7CBC66B04F307F2FA 393728 ----a-w- C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-12 14:35:31 A7AA844B8C4F7A5A13D85201877C84E5 1498360 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-12 14:35:29 F7A9D2E57D357B36C11F1C8269F2B05F 25600 ----a-w- C:\WINDOWS\SysWOW64\setup16.exe 2015-02-12 14:35:29 ACC85159376F84F49F8FE6D860E39A4F 8704 ----a-w- C:\WINDOWS\SysWOW64\instnm.exe 2015-02-12 14:35:29 3C908C70D5876D6B55D742A665DC88C7 14336 ----a-w- C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-12 14:35:29 20FE9408E23EC6486CD995759B0BE02B 5632 ----a-w- C:\WINDOWS\SysWOW64\wow32.dll 2015-02-12 14:35:29 1D4E9DD1CF2B3A280FCF26693FBBD299 4096 ----a-w- C:\WINDOWS\SysWOW64\user.exe 2015-02-12 14:35:23 96750B86DA18725EBAE201989AAD9B98 1489072 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-12 14:35:16 6705E8543E628DE9877F726C6B4A1E39 324096 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2015-02-12 14:35:16 53670AE50F15C82990FCF599B02C6B36 154112 ----a-w- C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-12 14:35:15 FFE2F54DA7DE767C943F18823913EC07 736768 ----a-w- C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-12 14:32:52 C9E243A14893E41E1EF6D3A31BAEF08A 359424 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll 2015-02-12 14:32:35 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-12 14:32:25 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-12 14:32:16 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-12 14:32:13 E4D2BC3DA34348662960E5C2A66DD2F4 664064 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-02-12 14:32:13 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-12 14:32:13 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-12 14:32:12 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-12 14:32:11 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-12 14:32:09 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-12 14:32:04 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-02-12 14:32:04 47893802431547E170D36E033F846882 327168 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-12 14:32:03 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-12 14:32:01 E06ED042936F8D932748FACCB229A52C 128000 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-12 14:32:01 9947D49276026A96D8ACDE9CBAAFC807 230400 ----a-w- C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-12 14:32:01 94BD6172078CFB71B59A7AF56CF77AF9 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-12 14:32:00 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-02-16 12:58:14 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-02-16 12:55:38 BA0ED854110D45E5D4A46BD250BAF4E0 1487976 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll 2015-02-16 12:55:34 642A03FB834B4C4BCA8DFEE2EFD4175B 609280 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2015-02-16 12:55:33 FCEE1C08EA416800FAC891DDEB608627 414208 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2015-02-16 12:55:33 E357B0D37DB9C4B17923C893CCF75A18 894464 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2015-02-16 12:55:33 32DE26000788F35DA344702B44728524 761856 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2015-02-16 12:55:33 12D4142E4EBFDB6F057B615A0547C4CF 1098752 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2015-02-16 12:55:32 EF2C89AEE3D56860F6CCB8D97374402B 227328 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2015-02-12 14:35:37 F8A442ABBAB56529B625DB9D916EA46A 538624 ----a-w- C:\WINDOWS\Sysnative\scesrv.dll 2015-02-12 14:35:32 3A620A263DA883515786E68BE3CE23AA 7472960 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-02-12 14:35:30 7162FD845D142C542C0D041F3B3D525F 1733440 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2015-02-12 14:35:30 57D55B8D3387C51758C785C425922C0E 285184 ----a-w- C:\WINDOWS\Sysnative\wow64.dll 2015-02-12 14:35:29 BC9E947C4B1E166CE2237871CAA4BDC0 16896 ----a-w- C:\WINDOWS\Sysnative\ntvdm64.dll 2015-02-12 14:35:29 63274242700279852B5CFFE4E2E0C6D1 13312 ----a-w- C:\WINDOWS\Sysnative\wow64cpu.dll 2015-02-12 14:35:24 9EC0B4E613DB6002DEF0346208E433E7 1762840 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll 2015-02-12 14:35:17 F5BC103612FE72C176C751721B874FA6 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2015-02-12 14:35:16 A40E52EB03C793735C916FC2C58A015F 154112 ----a-w- C:\WINDOWS\Sysnative\msaudite.dll 2015-02-12 14:35:16 461729186C7F280019E369ECD652D4DB 1441792 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-02-12 14:35:15 8E0AA77F379DEA510D8AC00102C8D509 736768 ----a-w- C:\WINDOWS\Sysnative\adtschema.dll 2015-02-12 14:32:53 3D2E3A5CFCE65310134C11A00D6D32D0 430080 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2015-02-12 14:32:41 CD726C899BD9A398E8420564A957320B 25056256 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-02-12 14:32:27 E0F76B5B904E4F448641B2B506496351 14401024 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-02-12 14:32:18 A7A3775B0014B165D75A00A1F632E4B5 2885632 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-02-12 14:32:15 9DFE41A69DF70AAB75CB5BA8C1109EA2 2358272 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-02-12 14:32:15 505815B1967A504B077497D304239B4A 816128 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-02-12 14:32:14 BF57C911895454A8874E9DFA5716C624 584192 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-02-12 14:32:11 15842FB41A3BF2A2F5071518B38C957A 2125824 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2015-02-12 14:32:10 D7922F3AC6BF1EA77240E0061D648174 490496 ----a-w- C:\WINDOWS\Sysnative\dxtmsft.dll 2015-02-12 14:32:10 76DB5845E168173BBA2D3CCC4B363E42 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-02-12 14:32:05 49FABD0144A3BBD59D5DA1A0180DCE6E 374272 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2015-02-12 14:32:04 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2015-02-12 14:32:04 47162151E35EA0B7152B7C841FA21FDB 88064 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll 2015-02-12 14:32:03 907B558B742B1E52E9E37E3CAAF6508E 262144 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll 2015-02-12 14:32:02 CF1488FCA487516DB09E797F3AC49E4A 2865152 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll 2015-02-12 14:32:02 CB2528D522FF1F5A7BF9B27D2FB250FF 1548288 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-02-12 14:32:01 F86097CFDE7624DA2DE246F5B4BE3704 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2015-02-12 14:32:01 A04F0C4A0B80C92F92E854E7157D6466 92160 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2015-02-12 14:32:00 7A388AFC6885D22F4D988EE9B8D1291A 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-02-12 11:32:21 E6905909E7334990033CFDAF56920004 4175872 ----a-w- C:\WINDOWS\Sysnative\win32k.sys ====== C:\WINDOWS\Sysnative\drivers ===== 2015-02-12 14:35:17 3930E508DDA46C1FF68FD963F350AA0A 563504 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2015-02-12 14:35:17 15C8C65CEA018C02EA0F648448C491C5 177984 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-02-12 15:06:11 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Myrthe\AppData\Roaming ====== ====== C:\Users\Myrthe ====== 2015-02-24 17:32:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BakupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -k -h" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "VNT"="C:\Program Files (x86)\VNT\vntldr.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "BtPreLoad"="C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{8E032415-B3D4-42A5-A9B7-7D68C0B745A4}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Chromium Look ====================== Google Chrome Version: 35.0.1916.114 (Possible outdated, latest Stable version: 40.0.2214.115) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaajmgokiecajekipolejjhdgijlefj - C:\ProgramData\AskPartnerNetwork\Toolbar\VDJ-V7\CRX\ToolbarCR.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Nation toolbar\ChromeExt\18.1.0.443\avg.crx[] Quick Sidebar - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd Google Docs - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Vaudix - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjdfbhmgohhdkhpaeidoeiockclgbfb selector is not a valid CSS selector - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AVG Nation Toolbar - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda SearchNewTab - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgfmckigolojhbahkifenpljopiaidk Extended Protection - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo Gmail - Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.sweet-page.com/?type=hp&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX", "startup_urls": [ "http://www.sweet-page.com/?type=hp&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX" ], ==== Chromium Fix ====================== C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchere.info_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.searchere.info_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.2mdn.net_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.2mdn.net_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.addtoany.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.eu.criteo.net_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.eu.criteo.net_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.flxone.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.flxone.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.poptotop00.poptotop.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.poptotop00.poptotop.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static3.hln.be_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static3.hln.be_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.search.ask.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_t.goadservices.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_t.goadservices.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgfmckigolojhbahkifenpljopiaidk deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofgfmckigolojhbahkifenpljopiaidk_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofgfmckigolojhbahkifenpljopiaidk_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofgfmckigolojhbahkifenpljopiaidk deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainbkicbloikcngphmjfpjdemblcojdd deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ainbkicbloikcngphmjfpjdemblcojdd_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ainbkicbloikcngphmjfpjdemblcojdd_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjdfbhmgohhdkhpaeidoeiockclgbfb deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnjdfbhmgohhdkhpaeidoeiockclgbfb_0.localstorage deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnjdfbhmgohhdkhpaeidoeiockclgbfb_0.localstorage-journal deleted successfully C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnjdfbhmgohhdkhpaeidoeiockclgbfb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Search Page"="http://www.sweet-page.com/web/?type=ds&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX&q={searchTerms}" "Default_Page_URL"="http://www.sweet-page.com/?type=hp&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.sweet-page.com/web/?type=ds&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{AC57B315-F7A4-4B26-B205-90F97136A4A8}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {4E163221-C876-4700-8939-5558429284EF} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" {890B3252-DBCD-46A9-805D-560D5FF1D4DF} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {AC57B315-F7A4-4B26-B205-90F97136A4A8} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {C3DB59A1-9FDB-458B-A140-A57F93E7E3ED} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-57723610-1675648078-4057403156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C3DB59A1-9FDB-458B-A140-A57F93E7E3ED} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Myrthe\Desktop\Downloads.lnk - C:\Users\Myrthe\Downloads C:\Users\Myrthe\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acer Backup Manager.lnk - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe C:\Users\Public\Desktop\AcerCloud.lnk - C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Users\Public\Desktop\Fotoshow.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX C:\Users\Public\Desktop\Help and Support.lnk - C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe http://go.acer.com/?id=13409 C:\Users\Public\Desktop\Kruidvat fotoservice.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe C:\Users\Public\Desktop\Norton Online Backup.lnk - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe OPEN C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\Picture Collage Maker.lnk - C:\Program Files (x86)\Picture Collage Maker\PictureCollageMaker.exe C:\Users\Public\Desktop\Teach2000.lnk - C:\Program Files (x86)\Teach2000\Teach2000.exe C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktopoem /dp acerlt ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.sweet-page.com/?type=sc&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker.lnk - C:\Program Files (x86)\Picture Collage Maker\PictureCollageMaker.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Device Fast-lane.lnk - C:\Program Files (x86)\Acer\Acer Device Fast-lane\DeviceFastLaneUI.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\clear.fi Media.lnk - C:\Program Files (x86)\Acer\clear.fi Media\ClearfiMedia.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\clear.fi Photo.lnk - C:\Program Files (x86)\Acer\clear.fi Photo\ClearfiPhoto.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Docs.lnk - C:\Program Files (x86)\Acer\AcerCloud Docs\AcerCloud Docs.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1401288266&from=sof&uid=HitachiXHTS545050A7E380_TA95113VJV1DXSJV1DXSX C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Myrthe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5C47E9DC-6D69-FAF8-74BC-C8F69752330C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaajmgokiecajekipolejjhdgijlefj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajmgokiecajekipolejjhdgijlefj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SupTab deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6EB5DB54-4B19-4AC9-9AE3-8514709FFCBA}_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Myrthe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Myrthe\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Myrthe\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Myrthe\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Myrthe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1254 folders=538 422426733 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Myrthe\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Myrthe\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\boost_interprocess" not deleted "C:\Users\Myrthe\AppData\Local\AskPartnerNetwork" not found ==== EOF on di 24-02-2015 at 20:36:40,78 ======================