Zoek.exe v5.0.0.0 Updated 31-07-2014 Tool run by Till on zo 03-08-2014 at 11:02:15,62. Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Till\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3-8-2014 11:07:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Nokia deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\RAF deleted successfully C:\PROGRA~2\RegClean Pro deleted successfully C:\PROGRA~2\SaverProo deleted successfully C:\PROGRA~3\374311380 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\SaverProo deleted successfully C:\Users\Till\AppData\Roaming\PeerNetworking deleted successfully C:\Users\Till\AppData\Local\cache deleted successfully C:\Users\Till\AppData\Local\genienext deleted successfully C:\Users\Till\AppData\Local\WebPlayer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-576860058-1132661054-1124574131-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_USERS\S-1-5-21-576860058-1132661054-1124574131-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_CLASSES_ROOT\CLSID\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{712F4384-16C1-985C-EF13-6F8B68437895} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update SerialTrunc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update SerialTrunc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update SerialTrunc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update SerialTrunc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Surftastic deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Surftastic deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Surftastic deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Surftastic deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginServices deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginServices deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{712F4384-16C1-985C-EF13-6F8B68437895}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{712F4384-16C1-985C-EF13-6F8B68437895}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Mobogenie not found C:\Program Files (x86)\SerialTrunc not found C:\Program Files (x86)\SaverProo not found C:\ProgramData\SaverProo not found C:\Program Files (x86)\RegClean Pro not found C:\ProgramData\Partner deleted C:\ProgramData\YTD Video Downloader deleted C:\ProgramData\650a49d2ab7302ec deleted C:\Users\Till\AppData\LocalLow\{3517C935-50BC-EF0E-F6B0-BFAB8A33972C} deleted C:\Users\Till\AppData\LocalLow\{712F4384-16C1-985C-EF13-6F8B68437895} deleted C:\Users\Till\AppData\LocalLow\{97C44293-EF33-43BF-7187-480D034BB572} deleted C:\Users\Till\AppData\LocalLow\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted C:\Users\Till\AppData\LocalLow\{EBD1C8E2-0600-6C2B-874A-6D609DE01376} deleted C:\Users\Till\AppData\Local\Packages\windows_ie_ac_001\AC\{3517C935-50BC-EF0E-F6B0-BFAB8A33972C} deleted C:\Users\Till\AppData\Local\Packages\windows_ie_ac_001\AC\{712F4384-16C1-985C-EF13-6F8B68437895} deleted C:\Users\Till\AppData\Local\Packages\windows_ie_ac_001\AC\{97C44293-EF33-43BF-7187-480D034BB572} deleted C:\Users\Till\AppData\Local\Packages\windows_ie_ac_001\AC\{A5DCA001-18B8-AA5B-D375-CC4D9E895ED0} deleted C:\Users\Till\AppData\Local\Packages\windows_ie_ac_001\AC\{EBD1C8E2-0600-6C2B-874A-6D609DE01376} deleted C:\Users\Till\daemonprocess.txt deleted C:\Users\Till\.android deleted C:\PROGRA~3\FiNeDealSSofta deleted C:\PROGRA~3\CoupScanner deleted C:\PROGRA~2\WinZipper deleted C:\PROGRA~2\LSHunter.TV deleted C:\PROGRA~2\MyFree Codec deleted C:\Users\Till\AppData\Roaming\GoforFiles deleted C:\Users\Till\AppData\Roaming\WinZipper deleted C:\Users\Till\AppData\Roaming\systweak deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\IePluginService deleted C:\PROGRA~3\IePluginServices deleted C:\PROGRA~3\Allmyapps deleted C:\PROGRA~3\WPM deleted C:\Users\Till\AppData\Local\Mobogenie deleted C:\Users\Till\AppData\Local\SwvUpdater deleted C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx deleted C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper deleted C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Till\Searches deleted C:\Users\Till\Downloads\HDVidCodec.lnk deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\Tasks\GoforFilesUpdate deleted C:\end deleted C:\Users\Till\Documents\Optimizer Pro deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted C:\Users\Till\Desktop\LSHunterTVApp.lnk deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Till\AppData\Local\Temp ==== ====== Java Cache ===== 2014-07-28 22:05:22 B655967AB8192B49DB5A45CE26E99C7C 19601 ----a-w- C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\467bad4d-14acd242 2014-07-07 17:46:03 FBE6B27ED31CCD30CFE32D11DBC8781D 417 ----a-w- C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\470d4656-70245bcedf24aadb164158b262dfb3e7ea9286c7b1c2a1fd36ebe9a34dfbdfbb-6.0.lap 2014-07-07 22:47:44 E1D5E8D037B89386936001F17FABF032 436 ----a-w- C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\e3efda5-ed13006d125f011eb9bd3706579046d6c8010ca2a479fc8e79b41d643fcf4c43-6.0.lap 2014-07-16 21:36:35 CEE6E28054BD5CB8500F01A569C8DC59 556 ----a-w- C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\49a2faf-16635184 2014-07-16 21:36:36 204B004E9AA4F989E86FB7C52DC6E88B 38 ----a-w- C:\Users\Till\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\49a2faf-317a6f2272a7797e0d9d675bca4ef460e511a80ef75cef911e9517597cca6b85-6.0.lap ====== C:\Windows\SysWOW64 ===== 2014-07-23 10:11:55 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-07-23 10:11:43 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-07-23 10:11:43 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-07-23 10:11:43 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-07-09 10:02:15 E58A17E945593544C707423F9772EEA0 404992 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== 2014-07-28 16:07:55 6385AEA39D73636A28BA40FCB4833BE1 3028 ----a-w- C:\Windows\Sysnative\Tasks\{A6B30BAC-476E-4E08-BB1C-05476EF579CC} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-01 21:16:48 -------- d-----w- C:\Program Files\trend micro 2014-07-15 12:29:45 -------- d-----w- C:\Program Files\Java ======= C:\PROGRA~2 ===== 2014-07-28 15:59:58 -------- d-----w- C:\PROGRA~2\Morphyre 2014-07-23 10:12:02 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-07-15 12:46:17 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\Till\AppData\Roaming ====== 2014-08-03 08:53:30 -------- d-----r- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2014-07-28 16:00:02 -------- d-----w- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morphyre Visualizer 2014-07-28 15:59:59 -------- d-----w- C:\Users\Till\AppData\Local\Morphyre 2014-07-22 20:08:13 036CFA602D9911EBDEF791BDD93E6ADF 3737 ----a-w- C:\Users\Till\AppData\Locallow\lpm.dat 2014-07-16 14:51:32 -------- d-----w- C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-06 09:05:33 -------- d-----w- C:\Users\Till\AppData\Local\Adobe ====== C:\Users\Till ====== 2014-08-01 21:15:20 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Till\Desktop\RSITx64.exe 2014-07-28 15:58:51 DC2057B4803CA20E5CEB8ECD2F7FF1D4 11980075 ----a-w- C:\Users\Till\Downloads\morphyre_1v57.exe 2014-07-07 18:00:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader ====== C: exe-files == 2014-08-01 21:16:49 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Till.exe 2014-08-01 21:15:20 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Till\Desktop\RSITx64.exe 2014-07-29 12:59:26 7E954B129604C312FB96A6DE4A399F7B 595808 ----a-w- C:\Program Files\Samsung\Samsung Link\ChangeProperty.exe 2014-07-28 16:00:01 F4C4D736A2D15DB15D18FD9F7FB09CF6 102842 ----a-w- C:\Program Files (x86)\Morphyre\uninstall.exe 2014-07-28 15:58:51 DC2057B4803CA20E5CEB8ECD2F7FF1D4 11980075 ----a-w- C:\Users\Till\Downloads\morphyre_1v57.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-576860058-1132661054-1124574131-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exe" "Octoshape Streaming Services"="C:\Users\Till\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun" "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "EPSON8281F2"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S4178.tmp /EF HKCU" "EPSON SX510W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S3D00.tmp /EF HKCU" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S6DB0.tmp /EF HKCU" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "LiveSupport"="C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebStorage"="C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe" "RemoteControl8"="C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "PDVD8LanguageShortcut"="C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" "NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "KMConfig"="C:\Program Files (x86)\Multimedia Keyboard & Mouse Driver\V5\StartAutorun.exe KMConfig.exe" "EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\Program Files (x86)\Packard Bell\SetupMyPC\SmpSys.exe" "Octoshape Streaming Services"="C:\Users\Till\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun" "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "EPSON8281F2"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S4178.tmp /EF HKCU" "EPSON SX510W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S3D00.tmp /EF HKCU" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU C:\Windows\TEMP\E_S6DB0.tmp /EF HKCU" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "LiveSupport"="C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "FijiKeyboard"="c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe" "Samsung Link"="C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Till^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "path"="C:\\Users\\Till\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk" "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" ==== Startup Folders ====================== 2014-03-08 14:40:22 2122 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS AudioFusion.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.exe [26-05-2009 12:43] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-07-2014 17:12] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-07-2014 17:12] C:\Windows\tasks\Packard Bell Customer Registration Reminder - Till.job --a------ C:\Program Files (x86)\Packard Bell\Packard Bell Customer Registration\PBCReg.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Epson Printer Software Downloader" [C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Packard Bell Customer Registration Reminder - Till" [C:\Program Files (x86)\Packard Bell\Packard Bell Customer Registration\PBCReg.exe] "C:\Windows\SysNative\tasks\Acer\Burn Notification" [C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [25-12-2013 05:02] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ainbkicbloikcngphmjfpjdemblcojdd - C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx[] ogfjmhfnldnajmfaofeiaepghjenbgjo - C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx[] pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[] HD for YouTubeâ„¢ - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf Google Drive - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Disable Youtubeâ„¢ HTML5 Player - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc AdBlock - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Instant Translate - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke 3D Solar System Simulator - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepfaioimehapnjhmjihcbajchcfjfhk Google Play - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi Naptha - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf Google Wallet - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ImTranslator Google Translate - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh Winter Night in Moonlight - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\offcedjaceddaegkpebcocccakpdjkin Gmail - Till\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symbaloo.com/#" "Search Page"="http://www.qone8.com/web/?type=ds&ts=1398790821&from=ild&uid=3219913727_1789_76AD157B&q={searchTerms}" "Default_Page_URL"="http://www.delta-homes.com/?type=hp&ts=1402662667&from=wpm0612&uid=3219913727_1789_76AD157B" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.delta-homes.com/?type=hp&ts=1402662667&from=wpm0612&uid=3219913727_1789_76AD157B" "Default_Page_URL"="http://www.delta-homes.com/?type=hp&ts=1402662667&from=wpm0612&uid=3219913727_1789_76AD157B" "Default_Search_URL"="http://www.qone8.com/web/?type=ds&ts=1398790821&from=ild&uid=3219913727_1789_76AD157B&q={searchTerms}" "Search Page"="http://www.qone8.com/web/?type=ds&ts=1398790821&from=ild&uid=3219913727_1789_76AD157B&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.delta-homes.com/?type=hp&ts=1402662667&from=wpm0612&uid=3219913727_1789_76AD157B" "Default_Page_URL"="http://www.delta-homes.com/?type=hp&ts=1402662667&from=wpm0612&uid=3219913727_1789_76AD157B" "Default_Search_URL"="http://www.qone8.com/web/?type=ds&ts=1398790821&from=ild&uid=3219913727_1789_76AD157B&q={searchTerms}" "Search Page"="http://www.qone8.com/web/?type=ds&ts=1398790821&from=ild&uid=3219913727_1789_76AD157B&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=d5cefdfa-88f5-55bc-9ba3-8ed4f00b2b43&searchtype=ds&q={searchTerms}&installDate=18/02/2014" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=d5cefdfa-88f5-55bc-9ba3-8ed4f00b2b43&searchtype=ds&q={searchTerms}&installDate=18/02/2014" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=d5cefdfa-88f5-55bc-9ba3-8ed4f00b2b43&searchtype=ds&q={searchTerms}&installDate=18/02/2014" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.symbaloo.com/#" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Unknown Url="Not_Found" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_nlNL568" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-576860058-1132661054-1124574131-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-576860058-1132661054-1124574131-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Till\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Till\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Till\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Till\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Till\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1468 folders=167 147886404 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Till\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Till\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Till\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 03-08-2014 at 11:30:03,19 ======================