Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Albers on za 19-04-2014 at 9:46:37,64. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Albers\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 19-4-2014 9:49:27 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\GUM6E2D.tmp deleted successfully C:\PROGRA~2\GUMCBD7.tmp deleted successfully C:\PROGRA~2\GUMF3B1.tmp deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\stinger deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\WinZip deleted successfully C:\Users\Albers\AppData\Roaming\Lite deleted successfully C:\Users\Albers\AppData\Roaming\Media Player Classic deleted successfully C:\Users\Albers\AppData\Roaming\TP deleted successfully C:\Users\Albers\AppData\Local\GHISLER deleted successfully C:\Users\Albers\AppData\Local\MigWiz deleted successfully C:\Users\Balu\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Password.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] ==== Deleting Files \ Folders ====================== "C:\Program Files (x86)\GUMCBD7.tmp" not found C:\found.000 deleted C:\bootsqm.dat deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Albers\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-04-19 00:53:25 CCF19C82F6145E4A467F7CB9AF82026C 17073152 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-19 00:53:24 A45A13AAC7777C096A073FF1F4F5A0D5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-19 00:52:28 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-19 00:52:28 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-19 00:52:28 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-19 00:52:23 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-19 00:52:23 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-19 00:52:23 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-19 00:53:26 C3E3EFD320D0000BE6F9CDB00CD6086F 23134208 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-19 00:53:24 14257E59C8452DCC38B8D55DEDC6EE0D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-19 00:52:29 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-19 00:52:29 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-19 00:52:28 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-19 00:52:28 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-19 00:52:28 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-19 00:52:46 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-19 00:52:46 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-19 00:52:46 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-11 18:27:44 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Albers\AppData\Roaming ====== 2014-04-18 06:26:01 -------- d-----w- C:\Users\Balu\AppData\Local\Apple 2014-04-18 06:22:35 6F0AE87C7E56EBD1A7316A59CD019BCA 153840 ----a-w- C:\Users\Balu\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-18 06:19:14 -------- d-----w- C:\Users\Balu\AppData\Roaming\.oit 2014-04-18 06:18:58 -------- d-----w- C:\Users\Balu\AppData\Local\NewSoft 2014-04-18 06:18:56 -------- d-----w- C:\Users\Balu\AppData\Roaming\Epson 2014-04-18 06:18:49 -------- d-----w- C:\Users\Balu\AppData\Roaming\Apple Computer 2014-04-18 06:18:48 -------- d-----w- C:\Users\Balu\AppData\Roaming\NewSoft 2014-04-18 06:18:31 -------- d-----w- C:\Users\Balu\AppData\Roaming\Adobe 2014-04-18 06:18:18 -------- d-----w- C:\Users\Balu\AppData\Roaming\Identities 2014-04-18 06:18:15 -------- d-----w- C:\Users\Balu\AppData\Locallow\Microsoft 2014-04-18 06:04:44 -------- d-----w- C:\Users\Balu\AppData\Roaming\Media Center Programs 2014-04-18 06:04:44 -------- d-----w- C:\Users\Balu\AppData\Local\Trusteer 2014-04-18 06:04:44 -------- d-----w- C:\Users\Balu\AppData\Local\temp 2014-04-18 06:04:44 -------- d-----w- C:\Users\Balu\AppData\Local\Microsoft Help 2014-04-18 06:04:44 -------- d-----w- C:\Users\Balu\AppData\Local\Microsoft 2014-04-18 06:04:43 -------- d-----w- C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-04-18 06:04:43 -------- d-----w- C:\Users\Balu\AppData\Roaming\Microsoft 2014-03-26 18:54:29 -------- d-----w- C:\Users\Albers\AppData\Roaming\InstallShield ====== C:\Users\Albers ====== 2014-04-18 06:18:30 -------- d-----w- C:\Users\Balu\Searches 2014-04-18 06:18:14 -------- d-----w- C:\Users\Balu\Contacts 2014-04-18 06:04:44 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Balu\ntuser.ini 2014-04-18 06:04:43 -------- d-----w- C:\Users\Balu\Favorites 2014-04-18 06:04:43 -------- d-----w- C:\Users\Balu\Documents 2014-04-18 06:04:43 -------- d-----w- C:\Users\Balu\AppData 2014-04-18 06:04:43 -------- d-----r- C:\Users\Balu\Links 2014-04-18 06:04:43 -------- d-----r- C:\Users\Balu\Desktop ====== C: exe-files == 2014-04-19 05:54:20 5547AB584CA80A42F1A0CFC6405D0EE7 37003992 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\Install\{1077903C-EC39-49AD-9248-5EA404AC5F17}\34.0.1847.116_chrome_installer.exe 2014-04-19 05:54:19 5547AB584CA80A42F1A0CFC6405D0EE7 37003992 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_chrome_installer.exe 2014-04-19 01:23:35 3EC60780067902C122329B7DB791EED7 27654424 ----a-w- C:\ProgramData\Trusteer\Rapport\store\tmp\dn_00000410_00067a7c\RapportSetup-Full_x64.exe 2014-04-19 00:54:41 8FAE9109245E4B4FF42704ECFB86F1B6 8704216 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe 2014-04-19 00:53:45 753ACCDA9C0A62BDF1475DF273376E52 2730312 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\Download\{191B666E-DE99-4C18-993A-35F394473116}\0.0.0.0\gpautobackup_1.0.25.133.exe 2014-04-19 00:53:29 0DE1C4B1585853A8017A2422B745C3E8 836168 ----a-w- C:\Windows\Temp\0068341397868809mcinst.exe 2014-04-19 00:52:28 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-19 00:52:23 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-19 00:52:23 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-19 00:47:23 E093151047BBFFC0CD78D52F36490206 51080 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe 2014-04-19 00:47:23 398F40FAE5ADA9521544393F1F67A17E 51080 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateBroker.exe 2014-04-19 00:47:22 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateSetup.exe 2014-04-19 00:46:50 6EFC5F64258FE0D9DA3CCFA7FF4D84BD 114568 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateComRegisterShell64.exe 2014-04-19 00:46:37 0D5CE0E5AEC3ACC7930AB955334B8533 281480 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler64.exe 2014-04-19 00:46:35 7E6B107120108B3A15BFECE0DE3201DB 228744 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe 2014-04-19 00:46:16 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Albers\AppData\Local\Google\Update\1.3.23.9\GoogleUpdate.exe 2014-04-19 00:46:07 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Users\Albers\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.23.9\GoogleUpdateSetup.exe === C: other files == 2014-04-19 00:52:46 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-19 00:52:46 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-19 00:52:46 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-18 10:27:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Balu\AppData\Local\Trusteer\Rapport\user\store\tmp\20140418-102713-D5C61285340A84B6AFC50D80EAB7B4912769FAC1B78E8C035680D1E9CC148B3C-2831422004.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-810403833-2175209555-396128118-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe /c" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "DriverTurbo"="C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe" "Scan Buttons"="C:\Program Files (x86)\NewSoft\Presto PageManager 9.03\Pmsb.exe /M=HIDE" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT EPLTarget\P0000000000000001 /M WF-3520 Series /EF HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d=60" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "PMSpeed"="C:\Program Files (x86)\NewSoft\Presto PageManager 9.03\PMSpeed.EXE" "FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"" "FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe /c" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "DriverTurbo"="C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe" "Scan Buttons"="C:\Program Files (x86)\NewSoft\Presto PageManager 9.03\Pmsb.exe /M=HIDE" "EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT EPLTarget\P0000000000000001 /M WF-3520 Series /EF HKCU" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "WrtMon.exe"="C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Lenovo\\Power2Go\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Albers\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\jmekey] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jmekey" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\jmesoft\\hotkey.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lenovo Dynamic Brightness System] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Lenovo Dynamic Brightness System" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\Lenovo Brightness System\\Lenovo Dynamic Brightness System.exe 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lenovo Eye Distance System] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Lenovo Eye Distance System" "hkey"="HKLM" "command"="C:\\Program Files\\Lenovo\\Lenovo Eye Distance System\\Lenovo Eye Distance System.exe 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ModeSwitch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ModeSwitch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lenovo\\Power Dial\\LitModeSwitch.exe\" /AutoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RIMBBLaunchAgent.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RIMBBLaunchAgent.exe" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Research In Motion\\USB Drivers\\RIMBBLaunchAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayServer] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrayServer" "hkey"="HKLM" "command"="C:\\Magix\\TrayServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UMonit] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UMonit" "hkey"="HKLM" "command"="C:\\windows\\SysWOW64\\UMonit.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Lenovo\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Lenovo\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePRCShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePRCShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lenovo\\OneKey App\\Lenovo Rescue System\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\Lenovo\\OneKey App\\Lenovo Rescue System\" UpdateWithCreateOnce \"Software\\Lenovo\\OneKey App\\OneKey Recovery\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Albers^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Albers\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~4\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" ==== Startup Folders ====================== 2013-01-25 17:26:09 1059 ----a-w- C:\Users\Albers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 00:03] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810403833-2175209555-396128118-1002Core.job --a------ C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe [27-04-2011 22:25] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810403833-2175209555-396128118-1002UA.job --a------ C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe [27-04-2011 22:25] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-810403833-2175209555-396128118-1002Core" [C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-810403833-2175209555-396128118-1002UA" [C:\Users\Albers\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [19-04-2014 01:34] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[19-03-2014 16:25] YouTube - Albers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Albers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - Albers\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - Albers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Albers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Albers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Albers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Balu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Albers\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=677 folders=256 60362149 bytes) ==== Empty Temp Folders ====================== C:\Users\Albers\AppData\Local\Temp will be emptied at reboot C:\Users\Balu\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Albers\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 19-04-2014 at 11:00:58,08 ======================