Zoek.exe v5.0.0.0 Updated 05-July-2014 Tool run by Joseph on di 08/07/2014 at 20:04:42,66. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joseph\Videos\video's youtube\zoek.exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 8/07/2014 20:09:40 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Aimersoft deleted successfully C:\Program Files\Codebox deleted successfully C:\Program Files\Hamster Soft deleted successfully C:\Program Files\Common Files\PDF Architect deleted successfully C:\PROGRA~2\Freemake deleted successfully C:\PROGRA~2\ioloGovernor deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\xml_param deleted successfully C:\PROGRA~2\{0A63553F-CD47-45A0-BC8E-48CB7D13EB53} deleted successfully C:\PROGRA~2\{1EA2C7B4-2EAA-4644-8506-BB70DD984779} deleted successfully C:\PROGRA~2\{1F34AB84-82BF-430B-8958-5A34483DA776} deleted successfully C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\PROGRA~2\{4912538D-53F0-4B18-9DF2-EFBBAAC0DDE6} deleted successfully C:\PROGRA~2\{907A85CA-E023-4161-8F5C-E72C340031D2} deleted successfully C:\PROGRA~2\{A494BE66-E69A-41E9-A2FE-4EDBD6B80570} deleted successfully C:\PROGRA~2\{BDF256EE-292E-4963-84D8-E71715E4D166} deleted successfully C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Joseph\AppData\Roaming\Applian FLV and Media Player deleted successfully C:\Users\Joseph\AppData\Roaming\Audacity deleted successfully C:\Users\Joseph\AppData\Roaming\BitTorrent MP3 deleted successfully C:\Users\Joseph\AppData\Roaming\BSplayer deleted successfully C:\Users\Joseph\AppData\Roaming\FMZilla deleted successfully C:\Users\Joseph\AppData\Roaming\Free Sound Recorder deleted successfully C:\Users\Joseph\AppData\Roaming\FrostWire deleted successfully C:\Users\Joseph\AppData\Roaming\FVZilla deleted successfully C:\Users\Joseph\AppData\Roaming\gnupg deleted successfully C:\Users\Joseph\AppData\Roaming\HandBrake deleted successfully C:\Users\Joseph\AppData\Roaming\LimeWire Music deleted successfully C:\Users\Joseph\AppData\Roaming\MP3Rocket deleted successfully C:\Users\Joseph\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Joseph\AppData\Roaming\oCam deleted successfully C:\Users\Joseph\AppData\Roaming\PDF Architect deleted successfully C:\Users\Joseph\AppData\Roaming\Power Sound Editor Free deleted successfully C:\Users\Joseph\AppData\Roaming\QUAD Backups deleted successfully C:\Users\Joseph\AppData\Roaming\Recordpad deleted successfully C:\Users\Joseph\AppData\Roaming\Software Informer deleted successfully C:\Users\Joseph\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully C:\Users\Joseph\AppData\Roaming\TinyTake by MangoApps deleted successfully C:\Users\Default\AppData\Local\Bulents deleted successfully C:\Users\Joseph\AppData\Local\Bulents deleted successfully C:\Users\Joseph\AppData\Local\Deshaker deleted successfully C:\Users\Joseph\AppData\Local\Downloaded Installations deleted successfully C:\Users\Joseph\AppData\Local\HandBrake deleted successfully C:\Users\Joseph\AppData\Local\MakeDisc deleted successfully C:\Users\Joseph\AppData\Local\Real deleted successfully C:\Users\Joseph\AppData\Local\WMTools Downloaded Files deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{387C8AFE-E66C-480B-B75A-6CF6857FBC66} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{39C96675-29C1-43E4-AA26-35F100FF476B} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9ECE902F-98FD-4CA7-8EE4-8ECFAE271F24} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2C5E510-BE6D-42CC-9F61-E4F939078474} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531182} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bbae7e2b-7313-470c-b56b-51ea622ff1a5} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D68CF987-3234-412F-9213-5D12B7E7AA3E} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater15.3.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Joseph\AppData\Roaming\Profiles\ycqum2lv.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140807_2040_.backup ProfilePath: C:\Users\Joseph\AppData\Roaming\Avant Profiles\.default\gecko\Profiles\qnv9evk3.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140807_2040_.backup ProfilePath: C:\Users\Joseph\AppData\Roaming\Avant Profiles\.default\gecko\Mozilla\Avant\Profiles\l0hidkel.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140807_2040_.backup ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\5uhvmzrq.default user.js not found ---- Lines spigot removed from prefs.js ---- user_pref("startpage.ntsearch_url", "http://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=198484&p={searchTerms}"); ---- FireFox user.js and prefs.js backups ---- prefs_20140807_2040_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\{0A63553F-CD47-45A0-BC8E-48CB7D13EB53} not found C:\PROGRA~2\{1EA2C7B4-2EAA-4644-8506-BB70DD984779} not found C:\PROGRA~2\{1F34AB84-82BF-430B-8958-5A34483DA776} not found C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\PROGRA~2\{4912538D-53F0-4B18-9DF2-EFBBAAC0DDE6} not found C:\PROGRA~2\{907A85CA-E023-4161-8F5C-E72C340031D2} not found C:\PROGRA~2\{A494BE66-E69A-41E9-A2FE-4EDBD6B80570} not found C:\PROGRA~2\{BDF256EE-292E-4963-84D8-E71715E4D166} not found C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\Windows\system32\appdata deleted C:\Program Files\hosts deleted C:\PROGRA~2\EmailNotifier deleted C:\Program Files\Avant Browser deleted C:\Program Files\FoxTabVideoConverter deleted C:\Program Files\Freecorder deleted C:\Program Files\Wise\Wise Registry Cleaner deleted C:\Program Files\Common Files\Wondershare deleted C:\extensions deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\Users\Joseph\AppData\Roaming\profiles.ini deleted C:\PROGRA~2\UpdaterLog.txt deleted C:\PROGRA~2\qjaxlkio.dss deleted C:\PROGRA~2\boost_interprocess deleted C:\PROGRA~2\ProductData deleted C:\PROGRA~2\InstallMate deleted C:\PROGRA~2\YTD Video Downloader deleted C:\Users\Joseph\AppData\Local\CRE deleted C:\Users\Joseph\AppData\Local\BearShare deleted C:\Users\Joseph\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\Windows\System32\Tasks\SystemSockets deleted C:\Windows\System32\Tasks\Browser Updater deleted C:\Users\Joseph\Searches deleted C:\Users\Joseph\AppData\LocalLow\IObit Apps deleted C:\Users\Joseph\AppData\LocalLow\ADSRemoval deleted C:\Users\Joseph\AppData\LocalLow\bearsharemediabartb deleted C:\Users\Joseph\AppData\LocalLow\PhotoposComtb deleted C:\Users\Joseph\AppData\LocalLow\boost_interprocess deleted C:\Users\Joseph\AppData\LocalLow\Download_Energy deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted C:\Windows\system32\tasks\ProtectedSearch deleted C:\user.js deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\AI_RecycleBin deleted C:\Windows\system32\SafeAppRichList.ocx deleted C:\Windows\system32\CUUpdateComponent.ocx deleted C:\Windows\system32\ComputerUpdaterLM.ocx deleted C:\Users\Joseph\Desktop\Mediaplayers\Softonic (2).lnk deleted "C:\Windows\Installer\1415b74.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joseph\AppData\Local\Temp ==== 2014-07-07 07:40:10 B2994EC6452DBD04E57828EEFEDFB93C 204800 ----a-w- C:\Users\Joseph\AppData\Local\Temp\RtkBtMnt.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-07-07 07:33:56 A0DDC549524EB0E5407464192E17F7F9 421720 ----a-w- C:\Windows\System32\FNTCACHE.DAT ====== C:\Windows\system32\drivers ===== 2014-07-08 11:47:03 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-08 11:46:20 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-08 11:46:20 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-07-08 11:46:19 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-12 09:55:12 A4196D394207369E1431E8681B373312 915392 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-06-12 09:55:12 95389980F70FC4990A4395A0B8BBE1D6 31232 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2014-06-09 15:13:25 291F1EE2DA7955F61C44A16D9356B284 26032 ----a-w- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-08 08:10:21 -------- d-----w- C:\Program Files\trend micro 2014-06-13 09:55:17 -------- d-----w- C:\Program Files\WinRAR ======= C: ===== 2014-07-08 12:47:12 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{752c680b-066c-11e4-9a5b-001eec588047}.TMContainer00000000000000000002.regtrans-ms 2014-07-08 12:47:12 2CAC102775CD1B42216C620F0DFC8E22 65536 --sha-w- C:\ntuser.dat{752c680b-066c-11e4-9a5b-001eec588047}.TM.blf 2014-07-08 12:47:12 0B9D3C7327564A223A67D88CA66BFCBC 524288 --sha-w- C:\ntuser.dat{752c680b-066c-11e4-9a5b-001eec588047}.TMContainer00000000000000000001.regtrans-ms 2014-07-08 12:47:11 F6B417DA2D722CA5DB4DA32CD1361286 262144 ----a-w- C:\ntuser.dat 2014-07-08 12:47:11 A0AE195FEE38E1B73D4FA2B95A5CAEF6 65536 --sha-w- C:\ntuser.dat{752c6807-066c-11e4-9a5b-001eec588047}.TM.blf 2014-07-08 12:47:11 59071590099D21DD439896592338BF95 524288 --sha-w- C:\ntuser.dat{752c6807-066c-11e4-9a5b-001eec588047}.TMContainer00000000000000000002.regtrans-ms 2014-07-08 12:47:11 21AEE3E2C6A310E42BF031CCCDC0D06B 524288 --sha-w- C:\ntuser.dat{752c6807-066c-11e4-9a5b-001eec588047}.TMContainer00000000000000000001.regtrans-ms ====== C:\Users\Joseph\AppData\Roaming ====== 2014-07-06 15:35:23 077167AE329A0765CBAC33425824C5BA 114712 ----a-w- C:\Users\Joseph\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-13 09:55:49 -------- d-----w- C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C:\Users\Joseph ====== 2014-07-05 09:32:12 95FBC382689A8307A455AC4B8AE61FE0 233472 ----a-w- C:\Windows\serviceprofiles\networkservice\ntuser.rhk 2014-07-05 09:32:12 0A2C5579CA00EAE15D98A8F33B210369 225280 ----a-w- C:\Windows\serviceprofiles\Localservice\ntuser.rhk 2014-06-13 09:55:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-06-09 15:13:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft ====== C: exe-files == 2014-07-08 11:44:42 72B9D55396AA42BEC714A81CC55F644A 8781824 ----a-w- C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEM1PXBE\mbam-setup-2.0.0.1000[1].exe 2014-07-08 08:10:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Joseph.exe 2014-07-08 08:10:02 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5VT6SDI\RSIT.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_USERS\S-1-5-21-2998025893-4089601738-2843362376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Spotify Web Helper"="C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "lxduamon"="C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" "Spotify Web Helper"="C:\Users\Joseph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "command"="" "item"="" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 5] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 5" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 6" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 7" "hkey"="HKCU" "command"="\"C:\\Program Files\\IObit\\Advanced SystemCare 7\\ASCTray.exe\" /auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon] "hkey"="HKLM" "item"="ApnTBMon" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="c:\\program files\\common files\\apple\\apple application support\\apsdaemon.exe" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eAudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="eAudio" "hkey"="HKLM" "command"="\"C:\\Acer\\Empowering Technology\\eAudio\\eAudio.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update] "command"="C:\\Program Files\\MyHeritage\\Bin\\FTBCheckUpdates.exe" "hkey"="HKLM" "item"="Family Tree Builder Update" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Freecorder FLV Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Freecorder FLV Service" "hkey"="HKLM" "command"="\"C:\\Program Files\\Freecorder\\FLVSrvc.exe\" /run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gadwin PrintScreen] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Gadwin PrintScreen" "hkey"="HKCU" "command"="\"C:\\Program Files\\Gadwin Systems\\PrintScreen\\PrintScreen.exe\" /nosplash" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Joseph\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IObit Malware Fighter" "hkey"="HKLM" "command"="\"C:\\Program Files\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lxduamon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxduamon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 5600-6600 Series\\lxduamon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lxdumon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxdumon.exe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 5600-6600 Series\\lxdumon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Download Manager{NAV_prod_1.6.18_18.6.0.29}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Download Manager{NAV_prod_1.6.18_18.6.0.29}" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvBackend" "hkey"="HKLM" "command"="\"C:\\Program Files\\NVIDIA Corporation\\Update Core\\NvBackend.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\removeSearchqudatamngr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="removeSearchqudatamngr" "hkey"="HKLM" "command"="cmd.exe /c RD /S /Q \"C:\\Program Files\\Searchqu Toolbar\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\removeSearchqutoolbar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="removeSearchqutoolbar" "hkey"="HKLM" "command"="cmd.exe /c RD /S /Q \"C:\\Program Files\\Searchqu Toolbar\\Datamngr\\ToolBar\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Slick Savings] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Slick Savings" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Softonic for Windows] "command"="\"C:\\Users\\Joseph\\AppData\\Local\\Softonic\\Softonic.exe\" -minimize" "hkey"="HKCU" "item"="Softonic for Windows" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Joseph\\AppData\\Roaming\\Spotify\\spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Joseph\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartMenuX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartMenuX" "hkey"="HKCU" "command"="C:\\Program Files\\Start Menu X\\StartMenuX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TinyTake by MangoApps] "item"="TinyTake by MangoApps" "hkey"="HKCU" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VNT] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VNT" "hkey"="HKLM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vProt" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVG SafeGuard toolbar\\vprot.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "command"="C:\\Program Files\\Xvid\\CheckUpdate.exe" "item"="Xvid" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="{97BAB48E-77F8-E8EE-b85F-A9E89E95EB78}" "hkey"="HKLM" "command"="\"C:\\Program Files\\Philips PhotoFrame Manager\\AvqAutorun.exe\" \"C:\\Program Files\\Philips PhotoFrame Manager\\MMCenter.exe\" /OnPlug=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/06/2014 12:14] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [09/10/2010 18:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:;0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2998025893-4089601738-2843362376-1000Core.job --a------ C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [01/02/2012 22:11] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2998025893-4089601738-2843362376-1000UA.job --a------ C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [01/02/2012 22:11] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4798" [wscript.exe C:\Users\Joseph\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\ASC7_PerformanceMonitor" [C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe] "C:\Windows\system32\tasks\ASC7_SkipUac_Joseph" [C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\system32\tasks\ASC7_SkipUac_SYSTEEM" [C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Driver Booster Scan" [C:\Program Files\IObit\Driver Booster\Scheduler.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (SYSTEEM)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2998025893-4089601738-2843362376-1000Core" [C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2998025893-4089601738-2843362376-1000UA" [C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Installation App Launcher" ["C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe" -register] "C:\Windows\system32\tasks\iolo Process Governor" [C:\Program Files\iolo\System Mechanic\iologovernor.exe] "C:\Windows\system32\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2998025893-4089601738-2843362376-1000" [C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe] "C:\Windows\system32\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2998025893-4089601738-2843362376-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\system32\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2998025893-4089601738-2843362376-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2998025893-4089601738-2843362376-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2998025893-4089601738-2843362376-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\SmartDefrag3_Startup" [C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe] "C:\Windows\system32\tasks\SmartDefrag3_Update" [C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe] "C:\Windows\system32\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{1D022310-BE88-48A3-8170-AD0143E9BC2C}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\NCH Software\debutShakeIcon" [C:\Program Files\NCH Software\Debut\Debut.exe] "C:\Windows\system32\tasks\NCH Software\prismShakeIcon" [C:\Program Files\NCH Software\Prism\Prism.exe] "C:\Windows\system32\tasks\NCH Software\videopadShakeIcon" [C:\Program Files\NCH Software\VideoPad\VideoPad.exe] "C:\Windows\system32\tasks\NCH Software\VRSReminder" [C:\Program Files\NCH Software\VRS\VRS.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/04/2014 16:25] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\5uhvmzrq.default - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\5uhvmzrq.default FB5621842FDABF9F8359775573498FBC - C:\Users\Joseph\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash 1E5E8C84DE796A01D1D46E3A660690F1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat F055C91A961601B8D50EF2976145AEE6 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55 290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14 BCB22A1F028E0D140C3A8029CEF08DBF - C:\Program Files\Soda PDF 6\np-previewer.dll - Soda PDF 6 01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - No path found[] Advanced SystemCare Surfing Protection - Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd Ads Removal - Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen Google Wallet - Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen deleted successfully C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com" "Start Page Restore"="http://www.google.be/" "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" "newtab"="about:tabs" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=42348&st=home&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B" "Default_Search_URL"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q=" "Search Bar"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q=" "Search Page"="http://search.certified-toolbar.com?si=42348&st=chrome&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.bing.com" "Start Page Restore"="http://www.bing.com" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Web Search Url="http://search.certified-toolbar.com?si=42348&st=bs&tid=3662&ver=2.9&ts=1368203505519&tguid=42348-3662-1368203505519-FE8A180767EDF2E9FF96624B8EC5868B&q={searchTerms}&rlz=1I7AURU_nlBE499" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Download Manager{NAV_prod_1.6.18_18.6.0.29} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqudatamngr deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqutoolbar deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slick Savings deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softonic for Windows deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TinyTake by MangoApps deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VNT deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joseph\AppData\Local\VirtualStore\Windows\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Joseph\AppData\Local\Mozilla\Firefox\Profiles\5uhvmzrq.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=613 folders=109 290622867 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Joseph\AppData\Local\Temp will be emptied at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joseph\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joseph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on di 08/07/2014 at 23:04:11,44 ======================