Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Patricia on vr 16/05/2014 at 20:49:30,14. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patricia\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16/05/2014 20:52:25 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\RegClean Pro deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\Users\Patricia\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76577871-04EC-495E-A12B-91F7C3600AFA} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A918C1D-E123-4E36-B562-5C1519E434CE} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Internet Explorer\SearchScopes\{27D7095B-8657-4538-8C14-E2003A4A1520} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Internet Explorer\SearchScopes\{55E289BB-BE7A-4844-8E9A-AFCA222C9427} deleted successfully HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C389A0EA-EDD7-42E4-BF7E-FF2FE09CE97B} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Update Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Util Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Util Laflurla deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Registry Helper Service deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\TNT2 deleted C:\Users\Patricia\AppData\Roaming\CoffeeCup Software deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\Registry Helper deleted C:\Users\Patricia\AppData\Roaming\VOPackage deleted C:\Users\Patricia\AppData\Roaming\UpdaterEX deleted C:\Users\Patricia\AppData\Roaming\ParetoLogic deleted C:\Users\Patricia\AppData\Roaming\DriverCure deleted C:\Users\Patricia\AppData\Roaming\systweak deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\Allmyapps deleted C:\PROGRA~3\BonanzaDealsLive deleted C:\Users\Patricia\AppData\Local\BonanzaDealsLive deleted C:\Users\Patricia\AppData\Local\Mobogenie deleted C:\Users\Patricia\AppData\Local\cache deleted C:\Users\wangzhisong\AppData\Local\Mobogenie deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Patricia\Downloads\avg_free_stb_all_2014_4259_cnet.exe deleted C:\Users\Patricia\Downloads\SoftonicDownloader_voor_avg-antivirus-free-2014.exe deleted C:\Users\Patricia\Downloads\SoftonicDownloader_voor_microsoft-office-visio (1).exe deleted C:\Users\Patricia\Downloads\SoftonicDownloader_voor_microsoft-office-visio.exe deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\UpdaterEX deleted C:\Windows\tasks\UpdaterEX.job deleted C:\Users\wangzhisong deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Users\Patricia\Desktop\Configure VO Package.lnk deleted "C:\Program Files (x86)\Laflurla\updateLaflurla.exe" deleted "C:\PROGRA~2\Laflurla\updateLaflurla.exe" deleted "C:\Program Files (x86)\Laflurla\bin\utilLaflurla.exe" deleted "C:\PROGRA~2\Laflurla\bin\utilLaflurla.exe" deleted "C:\Program Files (x86)\Laflurla" not deleted "C:\PROGRA~2\Laflurla" not deleted "C:\Program Files (x86)\Laflurla\bin" not deleted "C:\PROGRA~2\Laflurla\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-18 06:51:39 1EFABA4B05A3B9E2B196C0A4A0BCB69C 457238 ----a-w- C:\Windows\dd_vcredistMSI5EAB.txt 2014-04-18 06:51:37 0AFEAD4F17B6930BB976DC263954896F 11542 ----a-w- C:\Windows\dd_vcredistUI5EAB.txt ====== C:\Users\Patricia\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-16 15:38:10 41F1636BDCF4D06D716DC77E436677E1 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-05-16 15:38:10 202F1B15130E696EA7F31E0F52BFF621 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-05-16 15:38:07 0E468A0C51460D8DA3DF9B782275F1DB 12347392 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-16 15:33:43 A3D3B5E58099F3EF81BADC42CFB144FD 252480 ----atw- C:\Windows\SysWOW64\crowdinspect64.exe 2014-05-15 06:38:59 8C4836F71F2DB629A99CF5A774594C66 11587584 ----a-w- C:\Windows\SysWOW64\shell32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-16 15:38:10 6E2670180EEBD1507EE0350D32097EEA 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-05-16 15:38:06 01FA6D239237350EC45B4B12727B8E00 17847808 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-16 15:38:05 14B9C349F0DD71A533814BFE93695CC9 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-05-15 06:39:02 578D38BD26B6B226E9F9A941B21515F1 12900864 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-05-15 06:25:20 349EFC85928370DAC7725F3B453327FF 4945704 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT ====== C:\Windows\Sysnative\drivers ===== 2014-05-03 12:29:11 DC4C2BDF0B4764CFFD80F77F2DDAA697 60088 ----a-w- C:\Windows\Sysnative\drivers\{6b320d34-648f-46d8-8353-a4300db1c49c}t64.sys ====== C:\Windows\Tasks ====== 2014-05-14 19:23:11 A3A9F10144CDA70BBFEAAFECBF3BEB28 3494 ----a-w- C:\Windows\Sysnative\Tasks\UpdateVO 2014-04-17 09:04:11 6E4380FC3E800107FA5AFAEFBA8D1193 3428 ----a-w- C:\Windows\Sysnative\Tasks\AdobeAAMUpdater-1.0-Patricia-PC-Patricia ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-16 15:59:28 -------- d-----w- C:\Program Files\trend micro 2014-05-16 15:47:19 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-04-26 14:37:04 -------- d-----w- C:\Program Files\Adobe 2014-04-26 14:36:47 -------- d-----w- C:\Program Files\Common Files\Adobe ======= C:\PROGRA~2 ===== 2014-04-17 09:11:36 -------- d-----w- C:\PROGRA~2\Laflurla 2014-04-17 08:57:38 -------- d-----w- C:\PROGRA~2\Adobe Media Player 2014-04-17 08:56:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe AIR ======= C: ===== ====== C:\Users\Patricia\AppData\Roaming ====== 2014-05-15 12:55:15 -------- d-----w- C:\Users\Patricia\AppData\Local\NPE 2014-05-15 06:27:41 7EFD9EB11A0AEFA5DF01D6799210E26D 102424 ----a-w- C:\Users\Patricia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-14 21:16:25 2A44FD4CD5A3AB0B40066103A9BE1255 2043776 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-05-11 21:24:26 -------- d-----w- C:\Users\Patricia\AppData\Roaming\FileZilla 2014-05-09 09:07:17 -------- d-----w- C:\Users\Patricia\AppData\Roaming\Sublime Text 3 2014-05-09 09:07:17 -------- d-----w- C:\Users\Patricia\AppData\Local\Sublime Text 3 2014-04-29 16:05:39 -------- d-----w- C:\Users\Patricia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2014-04-26 14:42:39 -------- d-----w- C:\Users\Patricia\AppData\Locallow\Adobe 2014-04-17 09:10:37 -------- d-----w- C:\Users\Patricia\AppData\Local\TNT2 2014-04-16 21:58:03 -------- d-----w- C:\Users\Patricia\AppData\Local\CrashRpt 2014-04-16 21:53:18 80F19AC687BF645E74F75D35AFA1603C 432654 ----a-w- C:\Users\Patricia\AppData\Local\dd_vcredistMSI7483.txt 2014-04-16 21:53:17 020AAA9299EEA2A8AD163E19E11BDD22 12096 ----a-w- C:\Users\Patricia\AppData\Local\dd_vcredistUI7483.txt ====== C:\Users\Patricia ====== 2014-05-16 16:44:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (5).exe 2014-05-16 16:44:03 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (4).exe 2014-05-16 16:33:38 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (3).exe 2014-05-16 16:33:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (2).exe 2014-05-16 15:59:11 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (1).exe 2014-05-16 15:56:13 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64.exe 2014-05-15 12:54:52 ED6F7AD7951ECA0E667931761226E1AC 3082224 ------w- C:\Users\Patricia\Downloads\NPE.exe 2014-05-14 19:46:12 16F16B191C01042DAB2CCA8406AC37A8 3671432 ----a-w- C:\Users\Patricia\Downloads\ccsetup413_slim.exe 2014-05-11 21:24:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-05-11 21:20:56 -------- d-----w- C:\ProgramData\374311380 2014-05-11 21:15:00 5B97034EF77ADF8EA25AA29F673A872D 1213200 ----a-w- C:\Users\Patricia\Downloads\filezillaforwindows-setup.exe 2014-05-11 17:56:17 -------- d-----w- C:\Users\Patricia\Go Ecuador update woensdag 2014-05-09 16:45:47 EFB09EA60896409E4E5BB5839B248FFC 15044 ----a-w- C:\Users\Patricia\Tips& Tricks CSS.docx 2014-05-09 09:01:28 7418B7E60AB91A8A038A9D2CBE684462 7313032 ----a-w- C:\Users\Patricia\Downloads\Sublime Text Build 3059 Setup.exe 2014-05-06 10:39:38 2FCAC827F38DFA810FC08DE950D0C24F 884672 ----a-w- C:\Users\Patricia\Downloads\googledrivesync (1).exe 2014-05-05 20:59:22 77A7C1E485407E63A97373360DCEADC1 918672 ----a-w- C:\Users\Patricia\Downloads\googledrivesync.exe 2014-04-29 20:10:22 C8086F014F89E341C0BA1B034FC8CE78 162 ---ha-w- C:\Users\Patricia\~$alisaties.docx 2014-04-28 21:54:36 7862538F21D979A793DFC57412A46296 21106 ----a-w- C:\Users\Patricia\550464_513603332001835_551967649_n.jpg 2014-04-22 20:22:14 -------- d-----w- C:\Users\dub_cm_auto\Application Data 2014-04-17 09:00:12 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2014-04-17 08:57:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2014-04-17 08:52:53 -------- d-----w- C:\Users\Patricia\Adobe CS5 ====== C: exe-files == 2014-05-16 16:44:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (5).exe 2014-05-16 16:44:03 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (4).exe 2014-05-16 16:33:38 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (3).exe 2014-05-16 16:33:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (2).exe 2014-05-16 15:59:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Patricia.exe 2014-05-16 15:59:11 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64 (1).exe 2014-05-16 15:56:13 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Patricia\Downloads\RSITx64.exe 2014-05-16 15:42:07 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Install\{1C0F0069-BCBA-4063-83B9-91C0FFF512E7}\34.0.1847.137_34.0.1847.131_chrome_updater.exe 2014-05-16 15:42:07 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe 2014-05-16 15:33:43 A3D3B5E58099F3EF81BADC42CFB144FD 252480 ----atw- C:\Windows\SysWOW64\crowdinspect64.exe 2014-05-15 12:54:52 ED6F7AD7951ECA0E667931761226E1AC 3082224 ------w- C:\Users\Patricia\Downloads\NPE.exe 2014-05-14 19:46:12 16F16B191C01042DAB2CCA8406AC37A8 3671432 ----a-w- C:\Users\Patricia\Downloads\ccsetup413_slim.exe 2014-05-11 21:15:00 5B97034EF77ADF8EA25AA29F673A872D 1213200 ----a-w- C:\Users\Patricia\Downloads\filezillaforwindows-setup.exe === C: other files == 2014-05-16 15:33:17 4CF651675E3EAFC0C50A5AC20CEAB235 243263 ----a-w- C:\Users\Patricia\Downloads\CrowdInspect.zip 2014-05-13 21:26:30 023B9891922E24CE18787B0A3CA775F6 3306019 ----a-w- C:\Users\Patricia\Downloads\elegantmediaicons.zip 2014-05-12 12:46:40 597048994D92CDFBE427A0D32940D8FD 21837 ----a-w- C:\Users\Patricia\Downloads\sprites.zip 2014-05-12 12:44:51 CF80E6661B6AC03E8D05B2C10BD8FEB9 331 ----a-w- C:\Users\Patricia\Downloads\maddesign css3.zip 2014-05-12 12:44:18 BD30263BBDE13D2B6810FCEDE5AA0E64 46844 ----a-w- C:\Users\Patricia\Downloads\before.zip 2014-05-12 12:43:22 4BB70BE1DC3F09216F7F6F9E85DFCB8B 25393 ----a-w- C:\Users\Patricia\Downloads\12_layout.zip 2014-05-12 12:42:26 BE3F0EDBED0398E38CBEB520E9D60980 776473 ----a-w- C:\Users\Patricia\Downloads\11_grid.zip 2014-05-12 12:41:00 5FA470B2DB7C6FE31C4A857E7E15BB00 402591 ----a-w- C:\Users\Patricia\Downloads\10_transitions.zip 2014-05-12 12:40:02 2F42132F075DF9F44C1ED1669532E719 201990 ----a-w- C:\Users\Patricia\Downloads\09_fixed.zip 2014-05-12 12:39:10 62023B7276E5721FE73673DF0F55548F 146173 ----a-w- C:\Users\Patricia\Downloads\08_diagonaal.zip 2014-05-12 12:38:28 1FE9F801A4893E2D04A1C5A0556B15D3 443228 ----a-w- C:\Users\Patricia\Downloads\07_portfolio.zip 2014-05-12 12:37:46 6B1C53EE6758438A7C289E015ABB6B3D 128886 ----a-w- C:\Users\Patricia\Downloads\06_custom-font.zip 2014-05-12 12:36:23 3B892D6899E96A87F8C51A0C8A47BE39 2889 ----a-w- C:\Users\Patricia\Downloads\05_screen-res.zip 2014-05-12 12:35:19 CE406876B73E8992B05FC07E801012CB 34351 ----a-w- C:\Users\Patricia\Downloads\04_pseudo-class.zip 2014-05-12 12:34:38 7B9B77523DEB7D1AD4EDFA6B0F5C76B4 366595 ----a-w- C:\Users\Patricia\Downloads\03_menu-imgs.zip 2014-05-12 12:33:37 96E968203DF2B80E15C77062B8E3E01D 178708 ----a-w- C:\Users\Patricia\Downloads\02_menu-block.zip 2014-05-12 12:29:20 FFCEC58946C946D65C90DD104297A16D 288967 ----a-w- C:\Users\Patricia\Downloads\01_accordion-menu.zip 2014-05-09 19:56:14 259B87AB447B1BEEEF60FBA90628AC54 333662 ----a-w- C:\Users\Patricia\Downloads\webfontkit-20140509-155612.zip 2014-05-09 19:55:21 34A22B9495E4BA217A168075DB74BA31 42238 ----a-w- C:\Users\Patricia\Downloads\Calligraffitti.zip 2014-05-09 19:27:14 BBE1FF1B85DF24F6EAB998AFCEEEFE9A 335189 ----a-w- C:\Users\Patricia\Downloads\webfontkit-20140509-152712.zip 2014-05-09 19:25:46 E853C65AD4C6095A3CEEF8646F3B39CE 39974 ----a-w- C:\Users\Patricia\Downloads\Coming_Soon.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-260019514-3902184478-1709924581-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" "SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "NDSTray.exe"="C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" "cfFncEnabler.exe"="C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "TWebCamera"=""%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe " "Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r" "TPCHWMsg"="%ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe " ==== Startup Folders ====================== 2009-06-04 16:15:01 1877 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2009-06-04 16:15:01 1877 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/05/2013 20:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/05/2013 20:19] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Patricia-PC-Patricia" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\WSCStub.exe"] "C:\Windows\SysNative\tasks\UpdateVO" ["C:\Users\Patricia\AppData\Roaming\VOPackage\VOPackage.exe"] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [16/05/2014 20:08] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\exdso84p.default - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\exdso84p.default AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 12:59] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx[11/03/2014 22:44] Skype Click to Call - Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Norton Identity Safe for Google Chromeâ„¢ - Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.us.com/?guid={8308a4b9-6d20-44fa-8b42-1722e83b4b5b}" "Default_Page_URL"="http://search.us.com/?guid={8308A4B9-6D20-44FA-8B42-1722E83B4B5B}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{27D7095B-8657-4538-8C14-E2003A4A1520}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{27D7095B-8657-4538-8C14-E2003A4A1520}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {4833C155-C49D-41AA-AF73-4A45B1561F00} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG_enBE536" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Registry Helper deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0S2X1O0 will be deleted at reboot C:\Users\Patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=415 folders=88 62276490 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Patricia\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patricia\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files (x86)\Laflurla" not found "C:\PROGRA~2\Laflurla" not found "C:\Users\Patricia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0S2X1O0" not found ==== EOF on vr 16/05/2014 at 21:19:48,99 ======================