Zoek.exe v5.0.0.0 Updated 31-10-2014 Tool run by Vincent on za 01/11/2014 at 21:00:03,48. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Vincent\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 1/11/2014 21:01:25 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted successfully C:\Users\Vincent\AppData\Roaming\hpqLog deleted successfully C:\Users\Vincent\AppData\Roaming\HpUpdate deleted successfully C:\Users\Vincent\AppData\Roaming\Systweak deleted successfully C:\Users\Vincent\AppData\Local\Adobe deleted successfully C:\Users\Vincent\AppData\Local\PDFC deleted successfully C:\Users\Vincent\AppData\Local\VeriSign deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1661739887-2504066723-3834086141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-1661739887-2504066723-3834086141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-1661739887-2504066723-3834086141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_USERS\S-1-5-21-1661739887-2504066723-3834086141-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCEC433A-5FF0-4E62-8C76-6CE3653CD348} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "vProt"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} not found C:\ProgramData\YTD Video Downloader deleted C:\PROGRA~3\Premium deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\SweetIM deleted C:\PROGRA~3\SPL5097.tmp deleted C:\PROGRA~3\SPLACEB.tmp deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Vincent\AppData\Local\AVG Secure Search deleted C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted C:\Users\Vincent\Downloads\iLividSetup_A-r400-t-bc.exe deleted C:\Users\Vincent\Downloads\iLividSetup_D-r400-t-bc (1).exe deleted C:\Users\Vincent\Downloads\iLividSetup_D-r400-t-bc.exe deleted C:\Users\Vincent\Downloads\avg_free_stb_all_2013_2805_cnet.exe deleted C:\Users\Vincent\Downloads\avg_free_stb_all_2015_5557_cnet.exe deleted C:\Users\Vincent\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\WinInit.Ini deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Vincent\Desktop\YTD Video Downloader.lnk deleted "C:\Program Files (x86)\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Vincent\AppData\Local\Temp ==== 2014-11-01 13:48:41 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Vincent\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbwrzp2.dll 2014-10-27 15:51:43 795B3078A7EAC416BA8254CAE2428586 21888 ----a-w- C:\Users\Vincent\AppData\Local\Temp\ochelper.exe 2014-10-23 17:06:14 EFE3A4D5DCD79577F4BB5ABC24B16477 104296 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws_1100_helpmainfix.exe 2014-10-23 17:05:42 7214289A259EFD6FB3175E4A91756CFD 10962432 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\14\VideoMaskMaker_Release_x86.msi 2014-10-23 17:00:53 D21284A1A355BB8C8C41971D625FEE17 5990224 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws_923_lws_sharedbin_installer_32.exe 2014-10-23 17:00:06 8B1B10682C190F7BA4FDCF594510229A 734720 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\9\CameraHelperMsi_Release_x86.msi 2014-10-23 16:59:54 6BD4F47FB6C05753A29432BA94F57DF1 4088360 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws_24_youku_32.exe 2014-10-23 16:59:52 E5B88BEDB15EFA1DE3A295C2A3F73875 468992 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\19\twitter_Release_x86.msi 2014-10-23 16:59:51 A273D9D2C1BBB6ABCF10364331ACD926 379904 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\8\YouTube_Release_x86.msi 2014-10-23 16:59:49 7FF38CF9D5CC70E556BB45F21588B9C8 487936 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\7\Facebook_Release_x86.msi 2014-10-23 16:59:47 DB6D9A29F62D7608B7BF24E0D627D4C2 1406464 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\5\Gallery_Release_x86.msi 2014-10-23 16:59:38 B36629FA7252BCB9552DC3E3A1F873F6 4807680 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\4\PicVid_Release_x86.msi 2014-10-23 16:59:35 89A41A592F104F164587D065196ADF08 1691648 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\3\Help_main_Release_x86.msi 2014-10-23 16:59:20 4D94E05763E9F2DACA9C45A8FB1AD17E 12637184 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\2\LauncherMain_Release_x86.msi 2014-10-23 16:59:05 7214289A259EFD6FB3175E4A91756CFD 10962432 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\914\VideoMaskMaker_Release_x86.msi 2014-10-23 16:58:58 F7E906BAA30BBC5C7E044976B0973B7B 6149632 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\910\VideoEffects_Release_x64.msi 2014-10-23 16:58:52 0676EC6ACB2605F4F04469703DDE173A 4774400 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\6\MotionDetection_Release_x86.msi 2014-10-23 16:58:49 D2CB8C540DA292C783EFB03512CFF004 1686528 ----a-w- C:\Users\Vincent\AppData\Local\Temp\lu\lws\1\Launcher_Release_x86.msi ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-21 08:15:49 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-10-20 18:53:20 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2014-10-20 18:53:20 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2014-10-20 18:53:20 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-10-20 18:53:20 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-10-20 18:53:19 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll 2014-10-20 18:52:41 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-28 09:39:46 1E6438D4EA6E1174A3B3B1EDC4DE660B 33856 ---ha-w- C:\Windows\Sysnative\hamachi.sys 2014-10-21 08:15:52 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2014-10-21 08:15:52 2147C5330F983D76A36B73F4A804F778 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2014-10-21 08:15:48 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-10-20 18:53:22 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2014-10-20 18:53:20 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2014-10-20 18:53:20 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-10-20 18:53:20 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2014-10-20 18:53:20 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe 2014-10-20 18:53:20 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2014-10-20 18:53:20 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2014-10-20 18:53:20 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2014-10-20 18:53:20 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2014-10-20 18:53:19 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll 2014-10-20 18:52:41 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll 2014-10-20 18:52:41 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-20 18:53:20 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2014-10-20 18:52:42 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys 2014-10-20 18:52:42 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2014-10-15 17:20:42 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-15 17:20:28 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-15 17:16:59 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 17:16:58 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2014-10-10 14:14:32 0BB7ECAC81554D83A66A0B9F961BB9D0 274200 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys 2014-10-07 20:43:06 7F6BE4B64811AFECE52FBAD85E31E378 262424 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2014-10-05 20:41:40 B4D589C734D796B5B76E0A0E5DA50397 124184 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys ====== C:\Windows\Tasks ====== 2014-10-20 15:49:55 61551347567908FD312401BBAA9CA6A9 3168 ----a-w- C:\Windows\Sysnative\Tasks\{EC618EE3-3268-4723-9795-8D541F8D5BE0} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-01 14:58:21 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Vincent\AppData\Roaming ====== 2014-11-01 10:30:33 -------- d-----w- C:\Users\Vincent\AppData\Roaming\AVG2015 2014-11-01 10:30:26 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015 2014-11-01 10:28:49 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015 2014-11-01 10:27:53 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015 2014-11-01 10:24:48 -------- d-----w- C:\Users\Vincent\AppData\Local\Avg2015 2014-10-20 20:17:46 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps 2014-10-20 19:58:47 BA8008A78F2F2352AFA7C078E4C7C560 7601 ----a-w- C:\Users\Vincent\AppData\Local\Resmon.ResmonCfg 2014-10-18 11:11:55 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg 2014-10-17 11:26:47 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps ====== C:\Users\Vincent ====== 2014-11-01 14:57:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Vincent\Downloads\RSITx64.exe 2014-11-01 10:28:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-01 10:28:12 -------- d-----w- C:\ProgramData\AVG2015 2014-10-22 16:41:58 38E102B043C35222A5A5632FF7366732 15067808 ----a-w- C:\Users\Vincent\Downloads\aso3setup_30486.exe 2014-10-22 11:43:45 A9B9B18866B6D4062841C43509627513 131 ----a-w- C:\Users\Vincent\DeletePrintJobs.cmd 2014-10-20 15:49:12 008DE55BAED62FBE32A983A54E6F1233 204496 ----a-w- C:\Users\Vincent\Downloads\startuplite-setup-1.07.exe ====== C: exe-files == 2014-11-01 14:58:21 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Vincent.exe 2014-11-01 14:57:38 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Vincent\Downloads\RSITx64.exe 2014-11-01 10:28:07 52B2C1038E4AB6F5647978729B6BBCB3 320528 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgndisa.exe 2014-10-29 10:21:21 DCC534F22A5A4B43E5123A772D3ECF5A 895568 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.111\38.0.2125.111_38.0.2125.104_chrome_updater.exe 2014-10-27 15:51:43 795B3078A7EAC416BA8254CAE2428586 21888 ----a-w- C:\Users\Vincent\AppData\Local\Temp\ochelper.exe 2014-10-27 15:51:42 795B3078A7EAC416BA8254CAE2428586 21888 ----a-w- C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WHV4SZP\ochelper[1].exe === C: other files == 2014-10-28 09:39:46 1E6438D4EA6E1174A3B3B1EDC4DE660B 33856 ---ha-w- C:\Windows\System32\hamachi.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1661739887-2504066723-3834086141-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_CC7830D48765B505BA650E95D0254AC0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_CC7830D48765B505BA650E95D0254AC0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "lxdimon.exe"="C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "LWS"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide" "Norton Online Backup"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" "PDF Complete"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn Hamachi Ui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LXDICATS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LXDICATS" "hkey"="HKLM" "command"="rundll32 C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\LXDItime.dll,RunDLLEntry" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Vincent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Vincent\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Vincent\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "lxdiamon"="\"C:\\Program Files (x86)\\Lexmark 3500-4500 Series\\lxdiamon.exe\"" "Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\"" ==== Startup Folders ====================== 2014-10-25 08:27:38 1057 ----a-w- C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-10-26 08:43:42 1114 ----a-w- C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1661739887-2504066723-3834086141-1000Core.job --a------ C:\Users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [06/11/2012 20:19] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1661739887-2504066723-3834086141-1000UA.job --a------ C:\Users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [06/11/2012 20:19] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2012 19:51] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/10/2012 19:51] C:\Windows\tasks\HPCeeScheduleForVincent.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 13:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1661739887-2504066723-3834086141-1000Core" [C:\Users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1661739887-2504066723-3834086141-1000UA" [C:\Users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForVincent" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{55D3C428-D3EC-4F3D-A241-D7D3FF5FDC82}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "VIP@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [18/09/2013 15:56] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx[] YouTube - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Facebook - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo Aanmelden - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiblidjppnfdjhplkdlkhdpjiecdocfo KHLim | KHLim - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkhcgkmgemmbjdjmbebombbeemjdffe Google Wallet - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Argenta.be - Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlkdohnkbknpajnmgeffdjpfanllggh ==== Chromium Fix ====================== C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/HPCON/15" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/HPCON/15" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-7?mpre=http://www.benl.ebay.be/sch/i.html?_nkw={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WHV4SZP will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=487 folders=227 227578927 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\Vincent\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Vincent\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Secure Search" not found "C:\PROGRA~2\AVG Secure Search" not found "C:\Users\Vincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WHV4SZP" not found ==== EOF on za 01/11/2014 at 21:22:44,24 ======================