
Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by User on 10/11/2014 at 17:38:41,67.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

10/11/2014 17:40:16 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Possible Rootkit Infection ======================

C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L\00000004.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L\00000008.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\00000004.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\00000008.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\000000cb.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000000.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000032.@
C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000064.@

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\PokerStars.BE deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\log deleted successfully
C:\PROGRA~3\IObit deleted successfully
C:\Users\Gast.MONEYR\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Gast\AppData\Local\VirtualStore deleted successfully
C:\Users\Gast.MONEYR\AppData\Local\VirtualStore deleted successfully
C:\Users\MoneyR\AppData\Local\VirtualStore deleted successfully
C:\Users\MPro\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater13.2.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater13.2.0 deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"ROC_ROC_JULY_P1"=- 
"vProt"=- 
""=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AVG\AVG2012 not found
"C:\Program Files (x86)\AVG Secure Search\vprot.exe" not found
C:\PROGRA~2\Photo-Service deleted
C:\PROGRA~2\MyPC Backup deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\prefs.js deleted
C:\Users\User\AppData\Roaming\Complitly deleted
C:\Users\User\AppData\Roaming\Babylon deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\AppData\Local\AVG Secure Search deleted
C:\Users\User\AppData\Local\Babylon deleted
C:\Users\Gast.MONEYR\AppData\LocalLow\facemoods.com deleted
C:\Users\MPro\AppData\LocalLow\BabylonToolbar deleted
C:\Users\MPro\AppData\LocalLow\facemoods.com deleted
C:\Users\User\AppData\LocalLow\AVG Secure Search deleted
C:\Users\User\AppData\LocalLow\BabylonToolbar deleted
C:\Users\User\AppData\LocalLow\facemoods.com deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\User\ngen.exe deleted
"C:\Windows\tasks\Norton Security Scan for User.job" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L\00000004.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L\00000008.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\00000004.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\00000008.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\000000cb.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000000.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000032.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U\80000064.@" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\L" deleted
"C:\Users\User\AppData\Local\{8c567057-a44c-da48-7607-fedcf4bbc43c}\U" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
2014-11-10 16:20:58	4E566FEA83FCEEAF2873702806B55006	43008	----a-w-	C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfdnurv.dll
====== Java Cache =====
2014-11-10 16:38:30	C1BBA7F1278F193AB584FFF460DB5E2A	17878	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-287bb830
2014-11-10 16:38:25	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-2f11d76a
2014-11-10 16:38:25	E6DB97EAA40815C040C8868DB7F57B14	99	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap
2014-11-10 16:38:24	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-1310cc06
2014-10-12 11:45:37	6276EE41F33427E232DB22F467D920DE	403	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2b190760-ccdf09ab7a487e4cd78348b85dcaf008e196e4c2a0365995bfb39463135e7f4f-6.0.lap
2014-10-12 11:45:39	D505164BC75B89822BC360D541D854DA	262734	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\784802a0-792f8544
2014-10-12 11:45:42	C38028FD720443A0873E4372A60D5D92	469	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4de63de6-3335f28b
2014-11-10 16:38:25	34FA8033B50A3F99D3AB8209C72C0ABA	6860	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-4c823417
====== C:\Windows\SysWOW64 =====
2014-11-10 16:37:41	A042349B7208BF8BED858B1E9B48B06D	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-10-15 08:58:34	946010CDFA91469351B22E2620CEBCD8	663552	----a-w-	C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-15 08:58:30	80B9412C4DE09147581FC935FB4C97AB	61440	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2014-10-15 08:57:27	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 08:57:27	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-11-10 16:14:38	023E9886DE018CE2BB5886130EE20451	3110	----a-w-	C:\Windows\Sysnative\Tasks\{41DC2B4F-7C14-4A5C-A07E-050980C5DCA8}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-09 12:33:59	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-11-10 16:37:50	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-11-10 16:04:39	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun
====== C:\Users\User ======
2014-11-10 15:58:19	3A582BF6FD39DC6A52AAF316126B40BA	638888	----a-w-	C:\Users\User\Downloads\chromeinstall-8u25.exe
2014-11-09 12:31:17	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64.exe
2014-11-09 12:13:50	300C7E9F39C11421C0B1BB6933E17EF0	1611	----a-w-	C:\Users\User\Documents\mvps.bat

====== C: exe-files ==
2014-11-10 16:37:34	AA3520FB0133A56BEE1DB34D74DBEF64	0	----a-we	C:\ProgramData\Oracle\Java\javapath\java.exe
2014-11-10 16:37:34	75D477E868CA51EC1B09D730570F322B	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-11-10 16:37:34	691D49FB44EDE9788288CABE4F7E0DAF	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-11-10 16:37:26	E3E6B18458FFB07CB24D7A0BA77C9FDF	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-11-10 16:37:26	DC197DCE6325CBAC905DE0D0E3BA3E8E	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-11-10 16:37:26	BB8C890E3E6372F2720709262BD42BF4	30632	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-11-10 16:37:26	B719E0F43166037DF46B5CFBE60A5118	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-11-10 16:37:26	AA3520FB0133A56BEE1DB34D74DBEF64	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-11-10 16:37:26	A458E2535E46151690E53E2A03FAA711	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-11-10 16:37:26	9BFAEF308D50779F6B255CB7BA7DCA5A	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-11-10 16:37:26	7AB1F1B3FB6C3DACA34EA2F988CDF5AC	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-11-10 16:37:26	75EE99C7F0038C746D82C76221ECA4EF	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-11-10 16:37:26	75D477E868CA51EC1B09D730570F322B	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-11-10 16:37:26	74713E9C1B01B152DDD3A1A3519A3647	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-11-10 16:37:26	70E67429D2C011FD0419AF899A8D0D70	68520	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-11-10 16:37:26	691D49FB44EDE9788288CABE4F7E0DAF	272296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-11-10 16:37:26	67F763B09F4BC8689E6FA9761E068D74	159656	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-11-10 16:37:26	57E1F756FAA787623DFCD2C1B2AACC68	51112	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-11-10 16:37:26	4367C05B0CF5553E71B34F51003D0615	76200	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-11-10 16:37:26	4109C4DB4BD48F5BF8115C7523A6B6F8	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-11-10 16:37:26	33D2AF53E209DA3E2BA939EB89801DC0	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-11-10 16:37:26	29E65AC6AFD8A0A9CAA361FF6F7B4886	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-11-10 16:37:26	28FC00F89631B0F6E1E9CA386FADD566	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-11-10 16:37:26	26C7F32186B1F0364CD06EA69227A79D	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-11-10 15:58:19	3A582BF6FD39DC6A52AAF316126B40BA	638888	----a-w-	C:\Users\User\Downloads\chromeinstall-8u25.exe
2014-11-09 12:34:18	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\User.exe
2014-11-09 12:31:17	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64.exe
2014-11-06 09:42:32	3E89777D89CCF9C037CD7EA4127814E9	7141568	----a-w-	C:\Program Files (x86)\AVG\AVG2013\Notification\Launcher.exe
2014-11-04 23:55:59	697D1E5E6452171F0B9FE3849889BC90	1385808	----a-w-	C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe
=== C: other files ==
2014-11-10 16:37:26	CE44A9D4918DCDC7CCCF5503BF4D7A3D	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-11-09 12:13:50	300C7E9F39C11421C0B1BB6933E17EF0	1611	----a-w-	C:\Users\User\Documents\mvps.bat
2014-11-09 12:13:15	300C7E9F39C11421C0B1BB6933E17EF0	1611	----a-w-	C:\Users\User\AppData\Local\Temp\Rar$DIa0.161\mvps.bat
2014-11-09 12:12:05	93047382B2F7EDD6C7F94AF74B145F08	135283	----a-w-	C:\Users\User\Downloads\hosts.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1450834887-916194773-1836209391-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN39G2P94N05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"TWebCamera"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun"
"NBAgent"="c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe /WinStart"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
"WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"MMReminderService"="C:\Program Files (x86)\Mindjet\MindManager 14\MMReminderService.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN39G2P94N05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe"
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HSON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HSON"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\TBS\\HSON.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMReminderService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMReminderService"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Mindjet\\MindManager 9\\MMReminderService.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Teco]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Teco"
"hkey"="HKLM"
"command"="\"%ProgramFiles%\\TOSHIBA\\TECO\\Teco.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPRO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba TEMPRO"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Toshiba TEMPRO\\TemproTray.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth Manager.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth Manager.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Toshiba\\BLUETO~1\\TosBtMng.exe "
"item"="Bluetooth Manager"


==== Startup Folders ======================

2010-05-12 09:37:48	1258	----a-w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2010-05-12 09:37:48	1258	----a-w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-11-07 16:14:38	1258	----a-w-	C:\Users\Gast.MONEYR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-12-01 12:49:02	1258	----a-w-	C:\Users\MPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2012-01-06 10:50:33	1054	----a-w-	C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-09-17 17:23:07	1924	----a-w-	C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP ENVY 4500 series (netwerk).lnk
2013-07-07 15:02:59	1263	----a-w-	C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2014-11-10 16:31:04	1116	----a-w-	C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1000Core.job --a------ C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [20/09/2011 23:38]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1000UA.job --a------ C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [20/09/2011 23:38]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1003Core.job --a------ C:\Users\MPro\AppData\Local\Google\Update\GoogleUpdate.exe [06/12/2011 15:34]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1000Core" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1000UA" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1003Core" [C:\Users\MPro\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1450834887-916194773-1836209391-1003UA" [C:\Users\MPro\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 17:22]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx[]

Google Wallet - MPro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
HLN.be Nieuws sport en showbizz 24/24 7/7 meer dan 350 nieuwsupdates per dag - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladnkjpkgllkjcnajoldahfjjoggjjh
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\MPro\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://bb.kdg.be/",
"startup_urls": [ "http://bb.kdg.be/" ],

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.be/",
"urls_to_restore_on_startup": [ "http://www.google.be/" ]


==== Chromium Fix ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://toshiba.msn.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://toshiba.msn.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{4DD41758-096B-42DB-8AE8-39EBC72E3374} Unknown  Url="Not_Found"
{777FCBAD-8D63-4701-80B8-1A6184200285} Amazon  Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"
{BFED0C2D-2854-42F8-87E1-121717447F9C} eBay  Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1450834887-916194773-1836209391-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1450834887-916194773-1836209391-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1450834887-916194773-1836209391-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4DD41758-096B-42DB-8AE8-39EBC72E3374} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast.MONEYR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MPro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MPro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\4pkptwj3.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\MPro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=982 folders=72 62628397 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast.MONEYR\AppData\Local\Temp emptied successfully
C:\Users\MPro\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 10/11/2014 at 18:17:11,90 ======================