Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Lucho on do 24-03-2016 at 16:56:58,71. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Lucho\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 24-3-2016 16:58:09 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Wondershare deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\EZ CD Audio Converter deleted successfully C:\PROGRA~3\IDM deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully C:\Users\le_my\AppData\Local\ActiveSync deleted successfully C:\Users\le_my\AppData\Local\PackageStaging deleted successfully C:\Users\le_my\AppData\Local\VirtualStore deleted successfully C:\Users\Lucho\AppData\Local\ActiveSync deleted successfully C:\Users\Lucho\AppData\Local\EmieSiteList deleted successfully C:\Users\Lucho\AppData\Local\EmieUserList deleted successfully C:\Users\Lucho\AppData\Local\GHISLER deleted successfully C:\Users\Lucho\AppData\Local\PackageStaging deleted successfully C:\Users\Lucho\AppData\Local\PDFDecrypter deleted successfully C:\Users\Lucho\AppData\Local\Skype deleted successfully C:\Users\yegrw\AppData\Local\ActiveSync deleted successfully C:\Users\yegrw\AppData\Local\Room Arranger deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Wondershare not found C:\Users\Lucho\AppData\Local\Wondershare deleted C:\Users\Lucho\AppData\Roaming\calibre deleted C:\PROGRA~2\Big City Adventure - London Premium Edition deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\Package Cache deleted C:\Users\le_my\AppData\Local\Wondershare deleted C:\Users\yegrw\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\u4n69b4p.default\extensions\firefox@mega.co.nz.xpi deleted C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\u4n69b4p.default\jetpack deleted "C:\PROGRA~2\TextAloud\TAContextMenu64.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Users\Lucho\AppData\Roaming\DMCache" deleted "C:\PROGRA~2\TextAloud" not deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Lucho\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-03-09 10:19:06 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-03-09 10:19:02 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-03-09 10:18:56 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-03-09 10:18:51 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2016-03-04 14:24:00 DE7FCC77F4A503AF4CA6A47D49B3713D 36600 ----a-w- C:\WINDOWS\Sysnative\drivers\npf.sys 2016-03-01 21:32:49 58BFFEF692A47FCE3FAAEDBC8F3DCBBB 2152288 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2016-03-01 21:32:33 70165A0A2653FB8AFDE3D85000727F29 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2016-03-01 21:32:31 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys 2016-03-01 21:32:30 F871CE85AF64D81A9CB6C361CF797144 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2016-03-01 21:32:30 DBACD4E4FE191D0CE7C624ACA389535E 29696 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys 2016-03-01 21:32:29 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2016-03-01 21:32:28 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys 2016-03-01 21:32:28 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\WINDOWS\Sysnative\drivers\appid.sys 2016-03-01 21:32:28 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys 2016-03-01 21:32:25 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2016-03-01 21:32:23 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys 2016-03-01 21:32:23 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-03-23 22:40:12 -------- d-----w- C:\Program Files\trend micro 2016-03-04 15:21:29 -------- d-----w- C:\Program Files\DVDVideoMedia ======= C:\PROGRA~2 ===== 2016-03-21 09:19:12 -------- d-----w- C:\PROGRA~2\NFOPad 2016-03-04 16:03:59 -------- d---a-w- C:\PROGRA~2\Free Audio Editor 2016 2016-03-04 15:56:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Freemake Shared 2016-03-04 15:56:22 -------- d---a-w- C:\PROGRA~2\Freemake 2016-02-29 13:17:44 -------- d---a-w- C:\PROGRA~2\COMMON~1\Skype ======= C: ===== ====== C:\Users\Lucho\AppData\Roaming ====== 2016-03-21 09:19:12 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFOPad 2016-03-17 23:25:39 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Dropbox 2016-03-11 00:54:47 -------- d-----w- C:\Users\le_my\AppData\Local\Dropbox 2016-03-04 15:56:33 -------- d-----w- C:\Users\Lucho\AppData\Local\FreemakeVideoConverter 2016-03-04 15:56:26 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall 2016-03-04 15:56:26 -------- d-----w- C:\Users\Lucho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2016-03-04 14:31:42 -------- d-----w- C:\Users\Lucho\AppData\Local\Movavi 2016-03-04 14:31:42 -------- d-----w- C:\Users\Lucho\AppData\Local\converter ====== C:\Users\Lucho ====== 2016-03-24 10:28:03 086799C07332F3E3C1D29D7B7D6FD114 1530368 ----a-w- C:\Users\Lucho\Downloads\adwcleaner_5.105.exe 2016-03-23 23:27:36 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Lucho\Downloads\mbam-setup-neuber.2005-2.2.0.1024.exe 2016-03-23 22:39:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Lucho\Downloads\RSITx64.exe 2016-03-17 23:25:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-03-17 23:25:38 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Documents 2016-03-17 23:25:38 -------- d-----r- C:\WINDOWS\sysWoW64\config\systemprofile\Desktop 2016-03-04 16:04:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Editor 2016 2016-03-04 15:56:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2016-03-04 15:56:25 -------- d-----w- C:\ProgramData\Freemake 2016-03-04 15:21:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia 2016-03-04 15:04:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Public\Gregg Braden - La Verdad Profunda..mp3 2016-03-04 14:55:04 -------- d-----w- C:\ProgramData\Wondershare 2016-03-04 14:54:25 -------- d-----w- C:\Users\Public\Documents\Wondershare 2016-03-04 14:31:53 -------- d-----w- C:\Users\Lucho\.fontconfig 2016-03-04 14:31:16 -------- d-----w- C:\ProgramData\Movavi 2016-03-04 14:30:51 -------- d-----w- C:\ProgramData\Movavi Video Converter 16 2016-03-04 14:23:57 -------- d-----w- C:\ProgramData\Apowersoft 2016-02-29 13:17:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ====== C: exe-files == 2016-03-24 10:28:45 21A9971CFC202A618078B263DCB02144 120 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2980937076-3705342242-4026936015-1001\$IDYGTII.exe 2016-03-24 10:28:03 086799C07332F3E3C1D29D7B7D6FD114 1530368 ----a-w- C:\Users\Lucho\Downloads\adwcleaner_5.105.exe 2016-03-23 23:27:36 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\Lucho\Downloads\mbam-setup-neuber.2005-2.2.0.1024.exe 2016-03-23 22:40:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Lucho.exe 2016-03-23 22:39:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Lucho\Downloads\RSITx64.exe 2016-03-21 09:19:13 0A4A8B60A1D16CBD74BB286ABDED97B2 67932 ----a-w- C:\Program Files (x86)\NFOPad\uninstall.exe 2016-03-17 23:25:45 E43AA745F344781FB6327217A403CE11 173032 ----a-w- C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe 2016-03-17 23:25:45 96929028E3465F942244D65E5CC5E4F2 25577864 ----a-w- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2016-03-17 23:25:45 4FBC7F8467B13B972AA551A7B8C898C8 29992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbxsvc.exe 2016-03-17 23:25:45 11C0FD048F0B27643EAB1EB95C4FB236 29480 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbxsvc.exe 2016-03-17 23:25:22 2D6F0B10D099AB8E4CCD4FF5CA4718A9 70569968 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.16.1\DropboxClient_3.16.1.exe === C: other files == 2016-03-19 11:13:21 A254F8971EA9DBE235696FFA7DB38EF4 40893 ----a-w- C:\Users\Lucho\AppData\Local\Microsoft\Windows\INetCache\IE\BGZKHPJ4\message[1].zip 2016-03-17 23:25:45 99EE4E194F003E3F8A4821ED753DFF42 58992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-stable.sys 2016-03-17 23:25:45 99EE4E194F003E3F8A4821ED753DFF42 58992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-dev.sys 2016-03-17 23:25:45 53D529D2E3555EB95745D32ABCB76775 49264 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-stable.sys 2016-03-17 23:25:45 53D529D2E3555EB95745D32ABCB76775 49264 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-dev.sys 2016-03-17 23:25:45 53D529D2E3555EB95745D32ABCB76775 49264 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_x86\dbx-canary.sys 2016-03-17 23:25:44 99EE4E194F003E3F8A4821ED753DFF42 58992 ----a-w- C:\Program Files (x86)\Dropbox\Client\driver_amd64\dbx-canary.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\S-1-5-21-2980937076-3705342242-4026936015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Bonus.SSR.FR12"="C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe /autorun" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avuirunnerx.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "DelaypluginInstall"="C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe" "ProductUpdater"="C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Lucho\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "FileOpenBroker"="C:\Program Files\FileOpen\Services\FileOpenBroker64.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23-03-2016 22:54] C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [18-02-2016 18:47] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [18-02-2016 18:47] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-08-2015 23:56] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-08-2015 23:56] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AVGPCTuneUp_Task_BkGndMaintenance" [C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\Java Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{F665B83C-082F-4B6F-9B89-DEFE94AD9D18}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Lucho\AppData\Roaming\Mozilla\Firefox\Profiles\u4n69b4p.default user_pref("browser.startup.homepage", "https://www.google.nl/"); ProfilePath: C:\Users\yegrw\AppData\Roaming\Mozilla\Firefox\Profiles\2bvmy8e6.default user_pref("browser.startup.homepage", "https://mail.google.com/mail/u/0/#inbox"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{5e1bc830-4746-11e5-b970-0800200c9a66}"="C:\Program Files (x86)\TextAloud\TAForFirefox" []