
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Christel Meeus on wo 16/09/2015 at 20:49:37,82.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: H:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

16/09/2015 21:00:13 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Citrix deleted successfully
C:\PROGRA~2\Conduit deleted successfully
C:\PROGRA~2\GUM4D1F.tmp deleted successfully
C:\PROGRA~2\GUM6883.tmp deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Program Files\trend micro deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Validity deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\QuickScan deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\Solvusoft deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\Systweak deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\TP deleted successfully
C:\Users\Christel Meeus\AppData\Roaming\WinRAR deleted successfully
C:\Users\Administrator\AppData\Local\PDFC deleted successfully
C:\Users\Christel Meeus\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Christel Meeus\AppData\Local\EmieSiteList deleted successfully
C:\Users\Christel Meeus\AppData\Local\EmieUserList deleted successfully
C:\Users\Christel Meeus\AppData\Local\NativeMessaging deleted successfully
C:\Users\Christel Meeus\AppData\Local\PDFC deleted successfully
C:\Users\Christel Meeus\AppData\Local\TBHostSupport deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A883A379-23BC-4067-84E4-4DCFBC4D1833} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\CHRIST~1\AppData\Roaming\Mozilla\Firefox\Profiles\ybg4y9yb.default

user.js not found
---- Lines search.net removed from prefs.js ----
user_pref("browser.search.defaultenginename", "default-search.net");
user_pref("browser.search.order.1", "default-search.net");
user_pref("browser.search.selectedEngine", "default-search.net");
user_pref("browser.startup.homepage", "http://www.default-search.net?sid=476&aid=135&itype=a&ver=13337&tm=383&src=hmp");
user_pref("keyword.URL", "http://www.default-search.net/search?sid=476&aid=135&itype=a&ver=13337&tm=383&src=ds&p=");
---- Lines ffxtbr modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"otis@digitalpersona.com\":{\"descriptor\":\"c:\\\\Program Files (
---- FireFox user.js and prefs.js backups ---- 

prefs_20151609_2110_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Home Page Guard 64 bit] 
Plugin Loader] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""= 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Citrix not found
C:\PROGRA~2\Conduit not found
C:\PROGRA~2\GUM4D1F.tmp not found
C:\PROGRA~2\GUM6883.tmp not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
C:\PROGRA~3\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} not found
C:\Users\Christel Meeus\AppData\Roaming\Sublime Text 2 deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted
C:\PROGRA~2\UtilityChest_49 deleted
C:\Users\Christel Meeus\AppData\Roaming\Settings Manager deleted
C:\Users\Christel Meeus\AppData\Roaming\ParetoLogic deleted
C:\Users\Christel Meeus\AppData\Roaming\DriverCure deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\ParetoLogic deleted
C:\PROGRA~3\Uniblue\DriverScanner deleted
C:\PROGRA~3\Uniblue deleted
C:\PROGRA~3\Package Cache deleted
C:\PROGRA~3\systemk deleted
C:\Users\Christel Meeus\AppData\Local\WhiteListing deleted
C:\windows\SysNative\roboot64.exe deleted
C:\windows\SysNative\Tasks\LaunchApp deleted
C:\Users\Christel Meeus\AppData\LocalLow\TB deleted
C:\Users\Christel Meeus\AppData\LocalLow\IAC deleted
C:\Users\Christel Meeus\AppData\LocalLow\Conduit deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\tasks\DTReg deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\windows\Syswow64\sho5F3E.tmp deleted
C:\windows\Syswow64\sho6CEE.tmp deleted
C:\windows\Syswow64\sho6E36.tmp deleted
C:\windows\Syswow64\sho8F95.tmp deleted
C:\windows\Syswow64\shoBC11.tmp deleted
C:\windows\SysWow64\AI_RecycleBin deleted
C:\Users\CHRIST~1\AppData\Roaming\Mozilla\Firefox\Profiles\ybg4y9yb.default\searchplugins\default-search.xml deleted

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\CHRIST~1\AppData\Local\Temp ====
====== Java Cache =====
2015-09-01 15:31:09	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Christel Meeus\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-26d017a8
====== C:\windows\SysWOW64 =====
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
====== C:\windows\Sysnative\drivers =====
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2015-09-09 18:58:34	--------	d-----w-	C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2015-09-12 17:32:39	--------	d-----w-	C:\PROGRA~2\Trend Micro
======= C: =====
====== C:\Users\Christel Meeus\AppData\Roaming ======
2015-09-16 11:20:45	--------	d-----w-	C:\windows\sysWoW64\config\systemprofile\AppData\Local\Hewlett-Packard
2015-09-08 09:27:04	--------	d-----w-	C:\Users\Christel Meeus\AppData\Local\Citrix
2015-08-29 10:50:36	--------	d-----w-	C:\Users\Christel Meeus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-29 09:52:29	--------	d-----w-	C:\Users\Christel Meeus\AppData\Local\ElevatedDiagnostics
====== C:\Users\Christel Meeus ======
2015-09-16 12:45:51	B243C3E46EC4660CF8388FBF913C9DEB	250313	----a-w-	C:\ProgramData\1442404545.bdinstall.bin
2015-09-09 19:23:38	345D3F775B081474BB4C4858F794B35E	7666048	----a-w-	C:\Users\Christel Meeus\HitmanPro.v3.7.0.183.x64\HitmanPro.exe
2015-09-09 19:23:38	--------	d-----w-	C:\Users\Christel Meeus\HitmanPro.v3.7.0.183.x64
2015-09-09 19:03:43	345D3F775B081474BB4C4858F794B35E	7666048	----a-w-	C:\Users\HitmanPro.v3.7.0.183.x64\HitmanPro.exe
2015-09-09 19:03:43	345D3F775B081474BB4C4858F794B35E	7666048	----a-w-	C:\Users\HITMAN~1.X64\HitmanPro.exe
2015-09-09 19:03:43	--------	d-----w-	C:\Users\HitmanPro.v3.7.0.183.x64\Documents and Settings
2015-09-09 19:03:43	--------	d-----w-	C:\Users\HITMAN~1.X64\Documents and Settings
2015-09-09 18:58:34	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-09 18:58:24	--------	d-----w-	C:\ProgramData\HitmanPro

====== C: exe-files ==
2015-09-09 19:23:38	345D3F775B081474BB4C4858F794B35E	7666048	----a-w-	C:\Users\Christel Meeus\HitmanPro.v3.7.0.183.x64\HitmanPro.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
"Bitdefender Agent de l'application Wallet"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
"Bitdefender Agent de l'application Wallet"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"IFXSPMGT"="c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe /NotifyLogon"
"OpwareSE4"="C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"HPPowerAssistant"="C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden"
"InstallerLauncher"="C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"SSBkgdUpdate"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bdagent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Bdagent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Bitdefender\\Bitdefender\\bdagent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Agent de l'application Wallet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Bitdefender Agent de l'application Wallet"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Bitdefender\\Bitdefender\\antispam32\\bdapppassmgr.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Wallet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Bitdefender Wallet"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Bitdefender\\Bitdefender\\pwdmanui.exe\" --hidden --nowizard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bitdefender Wallet Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Bitdefender Wallet Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Bitdefender\\Bitdefender\\pmbxag.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Desktop Disc Tool"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Roxio\\Roxio Burn\\RoxioBurnLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\File Sanitizer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="File Sanitizer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\File Sanitizer\\CoreShredder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP HD Webcam [Fixed]_Monitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP HD Webcam [Fixed]_Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP HD Webcam [Fixed]\\monitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPConnectionManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPConnectionManager"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\Hewlett-Packard\\HP Connection Manager\\HPCMDelayStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPQuickWebProxy]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPQuickWebProxy"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\Hewlett-Packard\\HP QuickWeb\\hpqwutils.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MfeEpePcMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MfeEpePcMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\Drive Encryption\\EpePcMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\NVIDIA Corporation\\nView\\nwiz.exe /installquiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QLBController]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QLBController"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP HotKey Support\\QLBController.exe /start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spybot-S&D Cleaning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spybot-S&D Cleaning"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDCleaner.exe\" /autoclean"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UtilityChest_49 Browser Plugin Loader]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UtilityChest_49 Browser Plugin Loader"
"hkey"="HKLM"
"command"="C:\\PROGRA~2\\UTILIT~2\\bar\\1.bin\\49brmon.exe"


==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/08/2015 20:36]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 04:13]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2015 04:13]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\windows\SysNative\tasks\AutoKMS" [C:\windows\AutoKMS\AutoKMS.exe]
"C:\windows\SysNative\tasks\AutoKMSDaily" [C:\windows\AutoKMS\AutoKMS.exe]
"C:\windows\SysNative\tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8" [C:\Program Files\Bitdefender\Bitdefender\bdproductdata.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"]
"C:\windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\windows\SysNative\tasks\ScanSoft Background Update" [C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe]
"C:\windows\SysNative\tasks\TechSmith Updater" [C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{96874333-C73D-44A9-8ADE-A4BDB5FA548D}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"49ffxtbr@UtilityChest_49.com"="C:\Program Files (x86)\UtilityChest_49\bar\1.bin" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Christel Meeus\AppData\Roaming\Mozilla\Firefox\Profiles\ybg4y9yb.default
EC55112EDB2CE5BC2BFCACDB9C2150F4	- C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll -	Shockwave Flash
3E0EB8CC0526CF152C80628A7EBAD7C3	- C:\Users\Christel Meeus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player


==== Fake Chromium Profiles Check ======================

Fake profile C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 45.0.2454.85

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cpcidiiiodpbjdkbhldlebfbnidpgaih - C:\Users\Christel Meeus\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07/02/2013 07:47]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cpcidiiiodpbjdkbhldlebfbnidpgaih - C:\Users\Christel Meeus\AppData\Local\CRE\cpcidiiiodpbjdkbhldlebfbnidpgaih.crx[]

Google Drive - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Bitdefender Wallet - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl
Google Search - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Docs Offline - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Hotword Shared Module - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Preferences
A39BB1E2B2C80C3ECE5896918189E9D6AA64D5C40F21B620185","last_username":"DA508C566B8F329F07E8761DBDB19C9775E371113B121BA1A28D59BEA1520411","username":"9BD9F3D70846081F4AA98EC44216EA1A05D11C84B64BB2A94A0143C367C74EAE"}},"homepage":"95D47C262F199811B0DD00067B066EC7EC342F1DBD820E88881B1A5852AA3B99","homepage_is_newtabpage":"04F12D4164F8EF572180CF4A5D067B739110B34ABEBF8263480C994DA6F1CF3A","pinned_tabs":"9E07E15C0EAC55250E432E4C81793B4E7E182467A0173EFECD0E52E8325E3E3F","prefs":{"preference_reset_time":"D0E8B1905DADD969F849087D744B77B98047A0DE6887834E23AC19E589487CF5"},"profile":{"reset_prompt_memento":"F10977F0B6537DFABB104D16E33E820149C41CC71843820E0438352E473A81F1"},"safebrowsing":{"incidents_sent":"94D1CBEE9AAB09979E6D99986941E4222F97D4F71C942093872E4B0935ED570E"},"search_provider_overrides":"8728DD9F25FE5A8460A437CDDDD37BFA0194AE9231F3EF1BBBC4AD4D4FA95B54","session":{"restore_on_startup":"8287528E50EA2DDFBC2A81225EC7AF58F2DC01DEAD2A395C0D9C576141568EFF","startup_urls":"3AB1FA0930DFB37FB24750ACDB85333FAE17B057FAD69B98A0AB66BB61A7C985"},"software_reporter":{"prompt_seed":"B9704310B8118C599AFFB69D1AF8771EBF16165F5AF8462E072281897D628651","prompt_version":"E755F4F9EC9000B1A8893A4CFADC7E352C3A7A7C620A4253899C38E6012B4EC2"},"sync":{"remaining_rollback_tries":"5C2E9651E25832A4A4E0638471AD79D89B4D690E514883E7DD4F4B15C3E119B2"}},"super_mac":"AD11FB21739425103ABBCD32461225A1E37319BE9DBFA54924DE304E24877C7F"},"session":{"restore_on_startup":4,"startup_urls":["http://www.default-search.net?sid=476&aid=135&itype=a&ver=13337&tm=383&src=hmp","http://search.conduit.com/?ctid=CT3297947&SearchSource=48&CUI=UN94094334522452666&UM=1"]},"software_reporter":{"prompt_version":"2.19.1"},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{A883A379-23BC-4067-84E4-4DCFBC4D1833}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A883A379-23BC-4067-84E4-4DCFBC4D1833}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_enBE547"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully
HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1907668243-712515234-2943662146-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CF67755F-9265-449C-87CF-B945519E073B} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\49ffxtbr@UtilityChest_49.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cpcidiiiodpbjdkbhldlebfbnidpgaih deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cpcidiiiodpbjdkbhldlebfbnidpgaih deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdagent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitdefender Agent de l'application Wallet deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitdefender Wallet deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bitdefender Wallet Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UtilityChest_49 Browser Plugin Loader deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Christel Meeus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Christel Meeus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Christel Meeus\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Christel Meeus\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Christel Meeus\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Christel Meeus\AppData\Local\Mozilla\Firefox\Profiles\ybg4y9yb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Christel Meeus\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1773 folders=156 173360177 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Christel Meeus\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\CHRIST~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on wo 16/09/2015 at 21:36:04,30 ======================