Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by Didier on zo 04/01/2015 at 21:08:09,25. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Didier\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 4/01/2015 21:14:03 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\ProPokerHUDs deleted successfully C:\PROGRA~2\PSQLINSTALL deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Evi\AppData\Roaming\DisplayFusion deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D9E0772-EB57-45A9-9950-928921919279} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FD39CABD-FCA4-4363-9530-BB5D23C5C3FA} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E86BDDD-9038-4f12-8572-4A859C76F21F} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D016E00} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D016E00} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020103} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D020103} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020301} deleted successfully HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D020301} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D016E00} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D016E00} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D020103} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D020103} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D020301} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D020301} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- "Registry Helper"=- ""=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Mobogenie not found C:\Program Files (x86)\Registry Helper not found C:\Users\Evi\AppData\Roaming\Common deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Registry Helper deleted C:\Users\Didier\AppData\Local\cache deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Users\Didier\AppData\Local\TempFullTiltSetup.exe deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Didier\AppData\Local\Temp ==== 2015-01-03 15:09:59 A492B7C2C223C5C6163F45AA5275BE34 302080 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\UnattendProvider.dll 2015-01-03 15:09:59 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\wdscore.dll 2015-01-03 15:09:59 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\TransmogProvider.dll 2015-01-03 15:09:59 711325BFDAC759FA69B9EDAF7EA0319C 471040 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\WimProvider.dll 2015-01-03 15:09:58 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\OSProvider.dll 2015-01-03 15:09:58 CCF6EC908566900E9626DC3360B9E35E 112128 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DismCorePS.dll 2015-01-03 15:09:58 A909643B215FC0587A043C9C15959D41 186368 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DismProv.dll 2015-01-03 15:09:58 A7AFC7D5313C94E1060648609DAFCE64 271360 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\SmiProvider.dll 2015-01-03 15:09:58 85F83E44A77DEA06780FB670CC8A0359 438272 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DmiProvider.dll 2015-01-03 15:09:58 78B4D1F2FE371A6E85C66DD3D40D404A 183296 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\CompatProvider.dll 2015-01-03 15:09:58 6EBC2138A3C9B3B7D1E69E0629B6C815 289792 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DismCore.dll 2015-01-03 15:09:58 64B66A41B61D511E8EBE94625EC0E45A 53760 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\FolderProvider.dll 2015-01-03 15:09:58 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DismHost.exe 2015-01-03 15:09:58 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\MsiProvider.dll 2015-01-03 15:09:58 1C9B5D23AC0CD2E6BF4B29F35FE219AE 1672192 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\CbsProvider.dll 2015-01-03 15:09:58 08C71F57BDFC3DF75A51B12DDF69A33B 312832 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\IntlProvider.dll 2015-01-02 14:45:32 57814E58FF58F118E5B9991D86494DCD 207600 ----a-w- C:\Users\Evi\AppData\Local\Temp\~nsu.tmp\Au_.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-12-11 10:56:32 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-23 18:55:55 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-04 13:04:47 -------- d-----w- C:\Program Files\trend micro 2015-01-04 12:12:37 -------- d-----w- C:\Program Files\Speccy 2015-01-03 10:33:10 -------- d-----w- C:\Program Files\Garmin GPS Plugin ======= C:\PROGRA~2 ===== 2015-01-03 20:46:07 -------- d-----w- C:\PROGRA~2\PokerStrategy.com 2015-01-03 10:33:14 -------- d-----w- C:\PROGRA~2\Garmin GPS Plugin 2014-12-26 12:32:18 -------- d-----w- C:\PROGRA~2\Niko 2014-12-26 12:31:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe AIR ======= C: ===== ====== C:\Users\Didier\AppData\Roaming ====== 2015-01-04 19:59:11 -------- d-s---w- C:\Users\TEMP.Didier-PC.000\AppData\Roaming\Microsoft 2015-01-04 19:59:11 -------- d-----w- C:\Users\TEMP.Didier-PC.000\AppData\Roaming\Media Center Programs 2015-01-04 19:59:11 -------- d-----w- C:\Users\TEMP.Didier-PC.000\AppData\Local\Temp 2015-01-04 19:59:11 -------- d-----w- C:\Users\TEMP.Didier-PC.000\AppData\Local\Microsoft Help 2015-01-04 19:59:11 -------- d-----w- C:\Users\TEMP.Didier-PC.000\AppData\Local\Microsoft 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-03 17:53:05 -------- d-----w- C:\Users\Didier\AppData\Local\Microsoft Games 2015-01-03 10:32:52 -------- d-----w- C:\Users\Didier\AppData\Roaming\Garmin 2015-01-02 20:19:26 -------- d-sh--w- C:\Users\Didier\AppData\Local\EmieBrowserModeList 2015-01-02 19:10:36 -------- d-----w- C:\Users\Evi\AppData\Local\Google 2015-01-02 14:45:15 -------- d-----w- C:\Users\Evi\AppData\Local\DisplayFusion 2015-01-02 14:42:42 3FD4B564E312105AC66002C112D37FB7 117864 ----a-w- C:\Users\Evi\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-02 14:42:41 -------- d-----w- C:\Users\Evi\AppData\Local\AMD 2015-01-02 14:42:38 -------- d-----w- C:\Users\Evi\AppData\Roaming\ATI 2015-01-02 14:42:38 -------- d-----w- C:\Users\Evi\AppData\Local\ATI 2015-01-02 14:42:12 -------- d-----w- C:\Users\Evi\AppData\Roaming\Adobe 2015-01-02 14:42:02 -------- d-----r- C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2015-01-02 14:42:02 -------- d-----r- C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2015-01-02 14:41:44 -------- d-----w- C:\Users\Evi\AppData\Roaming\Identities 2015-01-02 14:41:39 -------- d-s---w- C:\Users\Evi\AppData\Roaming\Microsoft 2015-01-02 14:41:39 -------- d-----w- C:\Users\Evi\AppData\Roaming\Media Center Programs 2015-01-02 14:41:39 -------- d-----w- C:\Users\Evi\AppData\Local\Temp 2015-01-02 14:41:39 -------- d-----w- C:\Users\Evi\AppData\Local\Microsoft Help 2015-01-02 14:41:39 -------- d-----w- C:\Users\Evi\AppData\Local\Microsoft 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-26 12:50:42 -------- d-----w- C:\Users\Didier\AppData\Local\Niko 2014-12-26 12:32:30 -------- d-----w- C:\Users\Didier\AppData\Roaming\be.niko.homecontrol.configurator 2014-12-21 11:22:39 -------- d-----w- C:\Users\Didier\AppData\Local\ElevatedDiagnostics ====== C:\Users\Didier ====== 2015-01-04 19:59:11 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\TEMP.Didier-PC.000\ntuser.ini 2015-01-04 19:59:11 -------- d--h--w- C:\Users\TEMP.Didier-PC.000\AppData 2015-01-04 19:59:11 -------- d-----w- C:\Users\TEMP.Didier-PC.000\Saved Games 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Videos 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Pictures 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Music 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Links 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Favorites 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Downloads 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Documents 2015-01-04 19:59:11 -------- d-----r- C:\Users\TEMP.Didier-PC.000\Desktop 2015-01-04 13:04:27 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Didier\Downloads\RSITx64.exe 2015-01-04 12:12:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-01-04 12:11:41 A7DD64E7AB5605665CE68A00814343D7 5122624 ----a-w- C:\Users\Didier\Downloads\spsetup127 (1).exe 2015-01-04 12:11:40 A7DD64E7AB5605665CE68A00814343D7 5122624 ----a-w- C:\Users\Didier\Downloads\spsetup127.exe 2015-01-03 20:46:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com 2015-01-03 20:31:26 936909327EAA7639639D1EBF29A6EADE 10592148 ----a-w- C:\Users\Didier\Downloads\equilab.exe 2015-01-02 21:17:40 23DEAC9FBE97193CEC07942B6115CE31 28115400 ----a-w- C:\Users\Didier\Downloads\TeamSpeak3-Client-win32-3.0.16.exe 2015-01-02 19:06:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-02 14:41:58 -------- d-----r- C:\Users\Evi\Searches 2015-01-02 14:41:43 -------- d-----r- C:\Users\Evi\Contacts 2015-01-02 14:41:39 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Evi\ntuser.ini 2015-01-02 14:41:39 -------- d--h--w- C:\Users\Evi\AppData 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Videos 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Saved Games 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Pictures 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Music 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Links 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Favorites 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Downloads 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Documents 2015-01-02 14:41:39 -------- d-----r- C:\Users\Evi\Desktop 2015-01-01 16:38:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-26 12:50:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Niko 2014-12-26 12:32:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Niko Home Control ====== C: exe-files == 2015-01-04 13:04:47 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Didier.exe 2015-01-03 15:09:58 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Users\Didier\AppData\Local\Temp\784D3A31-7EE0-4A34-BFB9-4DC56BA18EE8\DismHost.exe 2015-01-02 19:05:44 205E775B4B2C165922203A390B115523 40747600 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.95\39.0.2171.95_chrome_installer.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent" [HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1005\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-3141388735-3342381749-2015183444-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STCAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" "ZyngaGamesAgent"="C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DisplayFusion"="C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Overwolf"="C:\Program Files (x86)\Overwolf\Overwolf.exe -silent" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EADM" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Didier\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kernel and Hardware Abstraction Layer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Kernel and Hardware Abstraction Layer" "hkey"="HKLM" "command"="KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\STCAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="STCAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Splashtop\\Splashtop Connect IE\\STCAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZyngaGamesAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ZyngaGamesAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Splashtop\\Splashtop Connect\\ZyngaGamesAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] "item"="Logitech SetPoint" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk" "backup"="C:\\Windows\\pss\\Logitech SetPoint.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Didier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk] "item"="Logitech . Productregistratie" "path"="C:\\Users\\Didier\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech . Productregistratie.lnk" "backup"="C:\\Windows\\pss\\Logitech . Productregistratie.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\COMMON~1\\LogiShrd\\eReg\\SetPoint\\eReg.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/12/2014 21:35] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/04/2013 18:37] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/04/2013 18:37] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet Pro 8600" ["C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [01/03/2013 14:45] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/11/2011 11:53] ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[21/02/2013 02:59] Google Docs - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Logitech SetPoint - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd IBA Opt-out (by Google) - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb Google Wallet - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Didier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Logitech SetPoint - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd Google Sheets - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Evi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{FD39CABD-FCA4-4363-9530-BB5D23C5C3FA}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD39CABD-FCA4-4363-9530-BB5D23C5C3FA}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {3D18F6DD-DEC1-4D5C-8B73-DD62F60A49B9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {A7959CD0-9A66-44b0-8D08-3993E74E6347} Google Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Didier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Didier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Evi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.Didier-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Didier\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Evi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=133 folders=65 57013870 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Didier\AppData\Local\Temp will be emptied at reboot C:\Users\Evi\AppData\Local\Temp emptied successfully C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Users\TEMP.Didier-PC.000\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Didier\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 04/01/2015 at 21:47:58,82 ======================