Zoek.exe v5.0.0.0 Updated 21-05-2014 Tool run by Brent on wo 21/05/2014 at 14:32:03,56. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Brent\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 21/05/2014 14:39:56 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\PROGRA~3\Symantec deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Brent\AppData\Roaming\Systweak deleted successfully C:\Users\Brent\AppData\Roaming\uTorrent deleted successfully C:\Users\Brent\AppData\Local\cache deleted successfully C:\Users\Brent\AppData\Local\Downloaded Installations deleted successfully C:\Users\Brent\AppData\Local\genienext deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0CE42C9-61F6-4A48-993E-27E4D1A4A848} deleted successfully HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EDF56C0F-1CDC-4E72-8EF6-70C5186B4260} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MgAssistService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MgAssistService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaulttabupdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\defaulttabupdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.5 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Allin1Convert Home Page Guard 64 bit] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Brent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cnsemain.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtlite.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iastorui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobogenie.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mypc backup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sptdinst-x64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\Users\Brent\AppData\Roaming\defaulttab deleted C:\Program Files (x86)\Mobogenie deleted C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted C:\Users\Brent\daemonprocess.txt deleted C:\Users\Brent\.android deleted C:\Users\school\daemonprocess.txt deleted C:\PROGRA~2\GUT6B6E.tmp deleted C:\PROGRA~2\GUTB277.tmp deleted C:\PROGRA~2\GUM6B6D.tmp deleted C:\PROGRA~2\GUMB276.tmp deleted C:\PROGRA~2\DefaultTab deleted C:\Users\Brent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mobogenie.lnk deleted C:\Users\Brent\AppData\Roaming\newnext.me deleted C:\Users\Brent\AppData\Roaming\OpenCandy deleted C:\Users\Brent\.bat deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\AVG SafeGuard toolbar deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\Brent\AppData\Local\Softonic deleted C:\Users\Brent\AppData\Local\AVG Secure Search deleted C:\Users\Brent\AppData\Local\IAC deleted C:\Users\Brent\AppData\Local\Lollipop deleted C:\Users\Brent\AppData\Local\Software deleted C:\Users\Brent\AppData\Local\Mobogenie deleted C:\Users\school\AppData\Local\AVG SafeGuard toolbar deleted C:\Users\school\AppData\Local\MoboGenie deleted C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk deleted C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic deleted C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\LaunchApp deleted C:\Users\Brent\Downloads\avg_free_stb_all_2012_2193_cnet.exe deleted C:\Users\Brent\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Users\Brent\AppData\LocalLow\AVG Secure Search deleted C:\Users\Brent\AppData\LocalLow\IAC deleted C:\Users\school\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\SysNative\tasks\DTReg deleted C:\Windows\Syswow64\avg-015bac06-b3f4-4619-bad9-87070ba8b61c.tmp deleted C:\Users\Brent\Desktop\Softonic.lnk deleted "C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll" deleted "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" deleted "C:\Program Files (x86)\MyPC Backup\AWSSDK.dll" deleted "C:\Program Files (x86)\MyPC Backup\GetText.dll" deleted "C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll" deleted "C:\PROGRA~2\MyPC Backup\AWSSDK.dll" deleted "C:\PROGRA~2\MyPC Backup\GetText.dll" deleted "C:\PROGRA~2\MyPC Backup\LogicNP.EZShellExtensions.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBContextMenu.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBIconOverlays.dll" deleted "C:\PROGRA~2\AVG SafeGuard toolbar\TBAPI.dll" deleted "C:\PROGRA~2\AVG SafeGuard toolbar\vprot.exe" deleted "C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\PROGRA~2\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.5\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll" deleted "C:\Program Files (x86)\AVG SafeGuard toolbar" not deleted "C:\Program Files (x86)\MyPC Backup" not deleted "C:\PROGRA~2\MyPC Backup" not deleted "C:\PROGRA~2\AVG SafeGuard toolbar" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Users\Brent\AppData\Local\AVG SafeGuard toolbar" deleted "C:\Program Files (x86)\MyPC Backup\x64" not deleted "C:\PROGRA~2\MyPC Backup\x64" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.5" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.5" deleted "C:\Users\Brent\AppData\Local\AVG SafeGuard toolbar\Chrome" deleted "C:\Users\Brent\AppData\Local\AVG SafeGuard toolbar\Chrome\Default" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Brent\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-05-14 12:21:53 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 12:21:52 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-05-14 12:21:52 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 12:02:31 E9D88493FBDB36D4B65C6F2F7F122C95 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-05-14 12:01:36 9DE19EA21DF99AF15BA5A947E5317F9E 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-05-14 12:01:36 4D59F470985D08139E42D15842816C47 3969984 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 12:01:36 31FA2485DFC773F1E718A4D19F443FA9 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 12:01:35 ED195AC76E10F17F6DD60C49666F2A83 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 12:01:35 995B39A08421C7725D1DF8DACEBBFC89 538112 ----a-w- C:\Windows\SysWOW64\objsel.dll 2014-05-14 12:01:34 FBC78B5D12A4F5A62D9C91E0E0E46D46 49664 ----a-w- C:\Windows\SysWOW64\adprovider.dll 2014-05-14 12:01:34 834A859BB331B0B2CCAE25BB1986F80D 47616 ----a-w- C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 12:01:34 828185688FDAAE6C7959B884ABED1766 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-05-14 12:01:34 62C0798CC68EBF42F29C92E6CD6DC3D6 36864 ----a-w- C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 12:01:34 541BB9B4C899ADCC5D3DB89208C1F409 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 12:01:34 461B713DE7F353C6447B744F1A049930 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 12:01:34 3A1ABE045A3E30799576E83A2D012B43 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-05-14 12:01:34 38A30B8E4216BE24D30F766EF3BAC2C7 48128 ----a-w- C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 12:01:34 335FA669FC952BC4888CEDBDB42607E2 51200 ----a-w- C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 12:01:31 5E11C55CC4D9330E55CCB22B1F20BB33 35328 ----a-w- C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 12:01:29 2A86C18CE6869C77FCEB62F3B47D4D5B 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-05-14 12:01:28 C94CE65AE7701E9FDBA889045543E27C 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-05-14 12:01:28 75878492F2B33405EEF900F8C16C6D08 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-14 12:21:53 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-05-14 12:21:53 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-05-14 12:21:52 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-05-14 12:02:33 427015D56DF17241F634611557146C57 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-05-14 12:02:26 4A795989DF0043973711B666D36D2678 477184 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-05-14 12:02:24 485FB1F3792FF7B5D5EBB99AB870E588 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-05-14 12:01:38 9358149234A4F3FE00CF5C2096DC1652 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-05-14 12:01:37 B19C8390A1D641B9AC4490D4828A7B5E 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-05-14 12:01:36 E2A483E796D5FC7E447725FD01D98FA0 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-05-14 12:01:35 B6D8C1202DACA028AD94BDA2795CBBE9 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-05-14 12:01:35 89EF1CE0CE43AB8F55247D746739A321 722944 ----a-w- C:\Windows\Sysnative\objsel.dll 2014-05-14 12:01:35 6B47CF5C27865DDF6680E4D834FBE34F 5550016 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-05-14 12:01:34 CF13522172342AD8196B329C15D68E23 44544 ----a-w- C:\Windows\Sysnative\dimsroam.dll 2014-05-14 12:01:34 BDA8B14AFE99A0C52BFEA64C5AC62171 52736 ----a-w- C:\Windows\Sysnative\dpapiprovider.dll 2014-05-14 12:01:34 9D942180B5B6CE1C882B9CC54EA1F275 57344 ----a-w- C:\Windows\Sysnative\cngprovider.dll 2014-05-14 12:01:34 851BB346CD59D9B3BC8854384C7DD5C3 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2014-05-14 12:01:34 692E9886B2A475684F7E3294BF66E97D 56832 ----a-w- C:\Windows\Sysnative\adprovider.dll 2014-05-14 12:01:34 4959DE74643CBC4B83E5BC99486A4FC9 53760 ----a-w- C:\Windows\Sysnative\capiprovider.dll 2014-05-14 12:01:34 481F70241D4EA038BB02590A30F15A23 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-05-14 12:01:34 26AF184300C0868D854D5A3092234E24 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-05-14 12:01:33 C072064F95579C0D6D86AF5B3DC53192 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2014-05-14 12:01:32 9A3C6D8593F29A9F66744A3D4E6309B2 39936 ----a-w- C:\Windows\Sysnative\wincredprovider.dll 2014-05-14 12:01:32 204F3F58212B3E422C90BD9691A2DF28 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2014-05-14 12:01:29 82A72E99AA1CF0B04D3B9843CBA3AEC1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-05-14 12:01:28 8098627D0AA1706D69C5AF3F74332ABB 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2014-05-14 12:01:28 39312B37C5FE5138F99680A49ACD3AEA 28160 ----a-w- C:\Windows\Sysnative\secur32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 12:01:34 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 12:01:33 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-07 13:07:45 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== 2014-05-10 10:21:04 E9692B0D88522BF42AB2D4A76F4097B6 29 ----a-w- C:\HeartbeatConfig.xml 2014-05-10 10:21:04 9AD980A8FEEA347E1A7092E0D329FCC6 29 ----a-w- C:\OLicenseHeartbeat.exe 2014-05-07 13:18:07 D902DCDBF0DB2BAB0834D82009623D84 4 ----a-w- C:\ScrubRetValFile.txt ====== C:\Users\Brent\AppData\Roaming ====== 2014-05-03 18:27:15 -------- d-sh--w- C:\Users\school\AppData\Locallow\EmieUserList 2014-05-03 18:27:13 -------- d-sh--w- C:\Users\school\AppData\Local\EmieUserList 2014-05-03 18:27:13 -------- d-sh--w- C:\Users\school\AppData\Local\EmieSiteList 2014-05-03 18:25:36 -------- d-sh--w- C:\Users\school\AppData\Locallow\EmieSiteList 2014-05-03 15:47:07 -------- d-sh--w- C:\Users\Brent\AppData\Locallow\EmieUserList 2014-05-03 15:47:04 -------- d-sh--w- C:\Users\Brent\AppData\Local\EmieUserList 2014-05-03 15:47:04 -------- d-sh--w- C:\Users\Brent\AppData\Local\EmieSiteList 2014-05-03 15:27:57 -------- d-sh--w- C:\Users\Brent\AppData\Locallow\EmieSiteList ====== C:\Users\Brent ====== 2014-05-17 18:22:20 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches 2014-05-07 13:05:54 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Brent\Desktop\RSITx64.exe ====== C: exe-files == 2014-05-16 16:55:54 A742CCF738AEFEF3078683BD0E803215 739808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.137\34.0.1847.137_34.0.1847.131_chrome_updater.exe === C: other files == 2014-05-21 12:33:50 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-w- C:\Windows\System32\drivers\NSTx64\7DE07000.02F\ccsetx64.sys 2014-05-20 17:44:00 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\Brent\Desktop\Documents\Nieuw - WinRAR ZIP archive.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun " "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun " "Facebook Update"="C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon " "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun " "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun " "Facebook Update"="C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\Brent\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "NextLive"="C:\\Windows\\SysWOW64\\rundll32.exe \"C:\\Users\\Brent\\AppData\\Roaming\\newnext.me\\nengine.dll\",EntryPoint -m l" "Softonic for Windows"="\"C:\\Users\\Brent\\AppData\\Local\\Softonic\\Softonic.exe\" -minimize" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "vmware-tray.exe"="\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\"" "LWS"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AVG_UI" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\AVG\\AVG2013\\avgui.exe\" /TRAYONLY" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ETDCtrl" "hkey"="HKLM" "command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Online Backup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Brent\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Brent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Brent\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~4\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AVGIDSAgent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avgwd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Live Updater Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater15.0.0] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 13:46] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3426036969-1757644831-1798119006-1000Core.job --a------ C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe [10/03/2014 21:17] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3426036969-1757644831-1798119006-1000UA.job --a------ C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe [10/03/2014 21:17] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/06/2012 20:46] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/06/2012 20:46] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\0214dUpdateInfo" [C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe] "C:\Windows\SysNative\tasks\4688" [wscript.exe C:\Users\Brent\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3426036969-1757644831-1798119006-1000Core" [C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3426036969-1757644831-1798119006-1000UA" [C:\Users\Brent\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\WSCStub.exe"] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{B360DD40-32CD-40B8-B40D-D52934C41EDB}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.0.0.152.367/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\{E674141B-151D-4904-A1F6-243CA110985E}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.0.0.152.367/nl/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [21/05/2014 14:13] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[] nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx[11/03/2014 22:44] YouTube - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf DefaultTab - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Google Wallet - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Norton Identity Safe for Google Chrome™ - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob Widget context - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp Gmail - Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf DefaultTab - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc {scripts [scripts/common.jsscripts/background.js]}content_scripts:[{all_frames:falsejs:[scripts/content.jsscripts/contentInit.js]matches:[]run_at:document_end}]description:Search the web safely using the AVG SafeGuard toolbar.icons:{128:icons/avg_icon_128.png}key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQABmanifest_version:2name:AVG SafeGuardpermissions:[tabsnativeMessaginghistory]update_url:https://clients2.google.com/service/update2/crxversion:18.1.5.512} - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Norton Identity Protection - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob Gmail - school\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ==== Chrome Fix ====================== C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully C:\Users\school\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp deleted successfully C:\Users\school\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\school\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\school\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3426036969-1757644831-1798119006-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\school\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\school\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\school\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6031 folders=662 910378280 bytes) ==== Empty Temp Folders ====================== C:\Users\Brent\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\school\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Brent\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\AVG SafeGuard toolbar" not found "C:\Program Files (x86)\MyPC Backup" not found "C:\PROGRA~2\MyPC Backup" not found "C:\PROGRA~2\AVG SafeGuard toolbar" not found ==== EOF on wo 21/05/2014 at 15:12:59,21 ======================