Zoek.exe v5.0.0.0 Updated 28-06-2014 Tool run by Louis on zo 29/06/2014 at 11:08:34,77. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Louis\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 29/06/2014 11:16:19 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\1ClickDownload deleted successfully C:\PROGRA~2\AddLyrics deleted successfully C:\PROGRA~2\epson deleted successfully C:\PROGRA~2\McAfee deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\SABnzbd deleted successfully C:\PROGRA~2\SubSync deleted successfully C:\PROGRA~2\Xenocode deleted successfully C:\PROGRA~2\zonealarm_extreme_security deleted successfully C:\Program Files\Babylon deleted successfully C:\Program Files\SonicWallES deleted successfully C:\PROGRA~3\DSearchLink deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Louis\AppData\Roaming\AdobeUM deleted successfully C:\Users\Louis\AppData\Roaming\Advanced System Protector deleted successfully C:\Users\Louis\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Louis\AppData\Roaming\QuickScan deleted successfully C:\Users\Louis\AppData\Roaming\Systweak deleted successfully C:\Users\Louis\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Louis\AppData\Local\Conduit deleted successfully C:\Users\Louis\AppData\Local\LogMeIn Rescue Applet deleted successfully C:\Users\Louis\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2077823618-319772882-39306883-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_USERS\S-1-5-21-2077823618-319772882-39306883-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Users\Louis\AppData\Local\Linkey deleted C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\zzzln67s.default-1403734342446\extensions\support@lastpass.com deleted C:\Users\Louis\AppData\Roaming\Settings Manager deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted C:\PROGRA~2\PrivitizeVPN deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\Conduit deleted C:\Users\Louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url deleted C:\Users\Louis\AppData\Roaming\Wondershare deleted C:\Users\Louis\AppData\Roaming\iPumper deleted C:\PROGRA~3\eSafe deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Premium deleted C:\PROGRA~3\Package Cache deleted C:\Users\Louis\AppData\Local\SevereWeatherAlerts deleted C:\Users\Louis\AppData\Local\Wondershare deleted C:\Users\Louis\AppData\Local\Weather_Notifications,_LL deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Lollipop deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Babylon deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up deleted C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN deleted C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Louis\Searches deleted C:\Users\Louis\Downloads\SoftonicDownloader_voor_subtitle-edit.exe deleted C:\Users\Louis\AppData\LocalLow\Conduit deleted C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar deleted C:\windows\SysNative\Tasks\Advanced System Protector deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\ConduitEngine.tmp deleted C:\Users\Louis\AppData\Roaming\mozilla\firefox\Profiles\zzzln67s.default-1403734342446\Invalidprefs.js deleted C:\Users\Louis\AppData\Roaming\mozilla\firefox\Profiles\zzzln67s.default-1403734342446\jetpack deleted "C:\Users\Louis\AppData\Local\{F3B4C4D6-13C5-49D9-9284-DA14FA17BC3D}" deleted "C:\ProgramData\systemk\coordinator.cfg" not deleted "C:\ProgramData\systemk\general.cfg" not deleted "C:\ProgramData\systemk\S-1-5-21-2077823618-319772882-39306883-1003.cfg" not deleted "C:\Program Files (x86)\Settings Manager\systemk\favicon.ico" not deleted "C:\Program Files (x86)\Settings Manager\systemk\Helper.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\systemk.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\systemkmgrc2.cfg" not deleted "C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\systemku.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg" not deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Program Files (x86)\Settings Manager" not deleted "C:\ProgramData\systemk" not deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\Program Files (x86)\Settings Manager\systemk" not deleted "C:\Program Files (x86)\Settings Manager\systemk\x64" not deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Louis\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-29 05:47:57 E80EB5DD91B3E0DD670CC939B04A4A5E 640 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD ====== C:\Windows\Sysnative\drivers ===== 2014-06-11 06:45:28 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-06-11 06:45:27 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-28 22:17:09 -------- d-----w- C:\Program Files\trend micro 2014-06-04 15:57:12 -------- d-----w- C:\Program Files\Common Files\BullGuard Ltd 2014-06-04 15:57:11 -------- d-----w- C:\Program Files\BullGuard Ltd ======= C:\PROGRA~2 ===== 2014-06-24 11:45:56 -------- d-----w- C:\PROGRA~2\Settings Manager ======= C: ===== ====== C:\Users\Louis\AppData\Roaming ====== 2014-06-17 09:51:55 -------- d-----w- C:\Users\Louis\AppData\Local\Adobe 2014-06-04 16:01:18 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\BullGuard 2014-06-04 15:58:42 -------- d-----w- C:\Users\Louis\AppData\Roaming\BullGuard ====== C:\Users\Louis ====== 2014-06-28 22:13:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Louis\Desktop\RSITx64.exe 2014-06-27 15:35:56 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Louis\Downloads\MicrosoftFixit.maintenance.RNP.1327314109224603.1.1.Run.exe 2014-06-25 22:23:31 241BBC73E1DD60A36EF456B7F2F1D138 30343608 ----a-w- C:\Users\Louis\Downloads\Firefox Setup 30.0.exe 2014-06-24 11:45:55 -------- d-----w- C:\ProgramData\systemk 2014-06-04 15:58:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard 2014-06-04 15:55:32 -------- d-----w- C:\ProgramData\BullGuard ====== C: exe-files == 2014-06-28 22:17:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Louis.exe 2014-06-25 13:54:18 C0FE26369B03AB32B5862AE97FB601BF 10848 ----a-w- C:\Users\Louis\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe 2014-06-25 13:54:18 7EEDFE2601BD68899BA19192F638D627 17504 ----a-w- C:\Users\Louis\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe 2014-06-25 13:54:18 3276702667B28A7752C1887B5F919527 928216 ----a-w- C:\Users\Louis\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe 2014-06-25 13:54:17 3276702667B28A7752C1887B5F919527 928216 ----a-w- C:\Users\Louis\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1403704457_1480_3520_866940197\ISL_Light_Client_3_5_5.exe 2014-06-24 20:46:36 05146268A73B43E5FEC1AFDE2F478ECA 1217415 ----a-w- C:\Program Files (x86)\Subtitle Edit\unins000.exe 2014-06-24 11:46:04 0E7AF77A25EC9E5F5A42BD2D0F64CDCC 78352 ----a-w- C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe 2014-06-24 11:45:57 F25E35679CC49741CCCD7746869295DE 3587088 ----a-w- C:\Program Files (x86)\Settings Manager\systemk\systemku.exe 2014-06-24 11:45:57 90F81A1122EB0ACB20B89D7CA7F17EB3 3572240 ----a-w- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe 2014-06-24 11:45:57 4BCEFAF8E624D7DA5B41D75E2937EC64 1198096 ----a-w- C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe 2014-06-24 11:45:56 9CDEC384C7A0F02D8A3D269561AA77C4 1198096 ----a-w- C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe 2014-06-23 07:43:53 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe 2014-06-23 07:43:53 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe 2014-06-23 07:43:52 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe 2014-06-23 07:43:48 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe 2014-06-23 07:43:48 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe 2014-06-23 07:43:48 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe 2014-06-23 07:43:45 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe 2014-06-23 07:43:44 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe === C: other files == 2014-06-27 15:30:50 4347FCD1832F7D2791CB4AE8ABEE9161 215649 ----a-w- C:\Users\Louis\AppData\Roaming\mozilla\firefox\Profiles\zzzln67s.default-1403734342446\extensions\savedpasswordeditor@daniel.dawson.xpi 2014-06-27 15:23:06 97181DF8CB33E4150D754654B38E3B95 384004 ----a-w- C:\Users\Louis\AppData\Roaming\mozilla\firefox\Profiles\zzzln67s.default-1403734342446\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi 2014-06-25 16:48:00 A7BC9D96BEBAECCF98BB2DE4BAECB4C3 287566 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi 2014-06-25 16:48:00 9CF928132E4EBFC2516375067C6688D0 42737 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi 2014-06-25 16:48:00 7A19A9662BB5F5DBFA132E74CD36D244 967387 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi 2014-06-25 16:47:59 D9A48D71C42650500EB5FB5097CEA634 25927 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\jid1-9tZMAIdeuiEjHg@jetpack.xpi 2014-06-25 16:47:59 3A80C7BCB97B237A22389DFB95AC84A4 9917 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\subtitlematcher@mozilla.doslash.org.xpi 2014-06-25 16:47:59 260B37DE3BA7309AED97DFAFAECE17D2 60307 ----a-w- C:\Users\Louis\Desktop\Oude Firefox-gegevens\amjug8yg.default\extensions\translator@zoli.bod.xpi 2014-06-24 16:48:12 22761C18EA21278C9E2EC7C53BEF47C6 4428512 ----a-w- C:\Users\Louis\Downloads\SubtitleEdit-3.3.15-Setup.zip 2014-06-24 16:39:52 2C095225F0548707497EEA966857B097 5345056 ----a-w- C:\Users\Louis\Downloads\SE3315.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2077823618-319772882-39306883-1003\Software\Microsoft\Windows\CurrentVersion\Run] @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart" "ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "Acrobat Assistant 7.0"="C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Users\\Louis\\AppData\\Local\\Linkey\\IEEXTE~1\\iedll.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "OV2_Monitor"="\"C:\\Program Files (x86)\\OLYMPUS\\OLYMPUS Viewer 2\\OV2Monitor.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "SSBkgdUpdate"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "PPort11reminder"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini\"" "ArcSoft Connection Service"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files (x86)\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" "BackupManagerTray"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" "StartCCC"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" "IAStorIcon"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" "IndexSearch"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\IndexSearch.exe\"" "PaperPort PTD"="\"C:\\Program Files (x86)\\ScanSoft\\PaperPort\\pptd40nt.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Photo Downloader" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Air Display Support] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Air Display Support" "hkey"="HKCU" "command"="\"C:\\Program Files\\Avatron\\Air Display\\AirDisplay.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Louis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Louis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Louis\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Louis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk] "path"="C:\\Users\\Louis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Severe Weather Alerts App.lnk" "backup"="C:\\Windows\\pss\\Severe Weather Alerts App.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Louis\\AppData\\Local\\SEVERE~1\\SEVERE~2.EXE " "item"="Severe Weather Alerts App" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Louis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk] "path"="C:\\Users\\Louis\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Severe Weather Alerts.lnk" "backup"="C:\\Windows\\pss\\Severe Weather Alerts.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Louis\\AppData\\Local\\SEVERE~1\\SEVERE~1.EXE /restart" "item"="Severe Weather Alerts" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "RtHDVBg"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 " "IntelTBRunOnce"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\"" "Power Management"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" "RtHDVCpl"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" ==== Startup Folders ====================== 2014-05-09 21:54:03 2453 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/06/2014 09:56] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/10/2011 19:09] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/10/2011 19:09] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ArcSoft Connect Daemon" [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\ScanSoft Background Update" [C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2012" [C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe] "C:\Windows\SysNative\tasks\{06922425-6EA4-405E-AE4A-089EF844A05E}" [C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE] "C:\Windows\SysNative\tasks\{07BF600C-F932-417C-8768-E69FFD17C45E}" [C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe] "C:\Windows\SysNative\tasks\{11338956-0694-4A7D-9F42-D10C6D3AD1C9}" [C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe] "C:\Windows\SysNative\tasks\{2368F85F-5E27-47A1-AC6A-E558DD6D56D4}" [C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe] "C:\Windows\SysNative\tasks\{2745A2BB-574F-4C79-866C-1E83212E73DB}" ["C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://ui.skype.com/ui/0/5.0.0.152.367/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\{485DC417-C1C6-4EA4-980C-34904D248767}" [C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe] "C:\Windows\SysNative\tasks\{6028F7A2-A189-47BF-BDF5-6A99814BDBA2}" [C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe] "C:\Windows\SysNative\tasks\{770E44A9-3DA6-4070-8F6E-9B9A3DB90F85}" [C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe] "C:\Windows\SysNative\tasks\{780D8EAB-FCBA-46E8-A34D-697F66B36D47}" [C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe] "C:\Windows\SysNative\tasks\{B1859089-3423-4F1C-B144-8F700AFAA41E}" [C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe] "C:\Windows\SysNative\tasks\{D835E6BF-0CA5-4AB0-97F9-2E3B3199AD2E}" [C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe] "C:\Windows\SysNative\tasks\{DD2187CD-D0FB-4269-B1A9-79DE3B55C083}" [C:\Program Files (x86)\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe] "C:\Windows\SysNative\tasks\{E84EA1E7-0820-4D36-8F71-3B0908A1A6BE}" [C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe] "C:\Windows\SysNative\tasks\{F7706EF2-1066-4A29-A105-0D7495958220}" [C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard" [04/06/2014 17:57] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Louis\AppData\Roaming\mozilla\firefox\Profiles\zzzln67s.default-1403734342446 - Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi - Undetermined - %ProfilePath%\extensions\savedpasswordeditor@daniel.dawson.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\zzzln67s.default-1403734342446 738C29EAC995029E13333034C1402F56 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[] gloibdidpokhhlcmgaknlpkogbhagfho - C:\Users\Louis\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx[] Google Docs - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.default-search.net?sid=476&aid=135&itype=n&ver=13001&tm=388&src=hmp" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_CLASSES_ROOT\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ocr@babylon.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\OKitSpace@Vittalia.es deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\BullGuard.lnk - C:\Program Files (x86)\BullGuard Ltd\BullGuard\BullGuard.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Neg scanner.lnk - C:\Program Files (x86)\ArcSoft\PhotoImpression 6\PhotoImpression.exe C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard\BullGuard.lnk - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit\Subtitle Edit.lnk - C:\Program Files (x86)\Subtitle Edit\SubtitleEdit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit\Verwijder Subtitle Edit.lnk - C:\Program Files (x86)\Subtitle Edit\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit\Help and Support\Changelog.lnk - C:\Program Files (x86)\Subtitle Edit\Changelog.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer (2).lnk - C:\Windows\explorer.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player (2).lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gloibdidpokhhlcmgaknlpkogbhagfho deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Air Display Support deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Louis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Louis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Louis\AppData\Local\Mozilla\Firefox\Profiles\zzzln67s.default-1403734342446\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1195 folders=202 162983933 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Louis\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Louis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\systemk\coordinator.cfg" deleted "C:\ProgramData\systemk\general.cfg" deleted "C:\ProgramData\systemk\S-1-5-21-2077823618-319772882-39306883-1003.cfg" deleted "C:\Program Files (x86)\Settings Manager\systemk\favicon.ico" not found "C:\Program Files (x86)\Settings Manager\systemk\Helper.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\systemk.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\systemkmgrc2.cfg" not found "C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\systemku.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\Uninstall.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll" not found "C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg" not found "C:\Program Files (x86)\Settings Manager" not found "C:\ProgramData\systemk" deleted ==== EOF on zo 29/06/2014 at 11:44:40,01 ======================