Zoek.exe v5.0.0.1 Updated 25-October-2015 Tool run by Ann on do 29/10/2015 at 9:27:06,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ann\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 29/10/2015 9:30:58 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\NortonInstaller deleted successfully C:\PROGRA~3\Alwil Software deleted successfully C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\Ann\AppData\Roaming\IrfanView deleted successfully C:\Users\GuestUser\AppData\Roaming\Apple Computer deleted successfully C:\Users\GuestUser\AppData\Roaming\Google deleted successfully C:\Users\GuestUser\AppData\Roaming\iolo deleted successfully C:\Users\Ann\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Ann\AppData\Local\EmieSiteList deleted successfully C:\Users\Ann\AppData\Local\EmieUserList deleted successfully C:\Users\Ann\AppData\Local\MigWiz deleted successfully C:\Users\GuestUser\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CA106454-EC84-40AC-9162-90BA311C19AA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IMFservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\IMFservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IMFservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LiveUpdateSvc deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default ---- Lines surfing removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-profile\":{\"iobitascsurfingprotection@iobit.com\":{\"d\":\"C:\\\\Users\\\\Ann\\\\AppData\\\\Roaming\\\\Mozil ---- Lines mysearch removed from prefs.js ---- user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={718E0CD9-E261-4160-9090-91A48AE0F06B}&mid=2a3c849d707547d6a3ff9128c09ffef1-e2716 user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={718E0CD9-E261-4160-9090-91A48AE0F06B}&mid=2a3c849d707547d6a3ff9128c09ffef1-e2716 ---- FireFox user.js and prefs.js backups ---- user_20152910_1048_.backup prefs_20152910_1048_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\Program Files (x86)\IObit\LiveUpdate deleted C:\found.000 deleted C:\ProgramData\AVG Security Toolbar deleted C:\Users\Ann\AppData\Roaming\IObit deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\Users\Ann\AppData\Roaming\ProductData deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted C:\PROGRA~3\{B12D13C3-76FD-479D-AD99-8C6F18156BC9} deleted C:\Users\Ann\AppData\LocalLow\ADSRemoval deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default\Yahoo Inc deleted "C:\Windows\tasks\PCDRScheduledMaintenance.job" deleted "C:\windows\SysNative\SETF07B.tmp" deleted "C:\windows\SysNative\SETEE67.tmp" deleted "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\datastate.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\FileMonitor.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\IntegrateFilter.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\madbasic_.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\maddisAsm_.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\madexcept_.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\RegFilter.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\rtl120.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\Scan.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\URLFilter.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\vcl120.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\vclx120.bpl" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2015-10-25-09-29 .txt" not deleted "C:\ProgramData\IObit\Advanced SystemCare V8\Homepage Protection\ASCService.log" not deleted "C:\Program Files (x86)\Microsoft\BingBar" not deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter" not deleted "C:\ProgramData\IObit" not deleted "C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default\extensions\iobitascsurfingprotection@iobit.com" deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\log" not deleted "C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime" not deleted "C:\ProgramData\IObit\Advanced SystemCare V8" not deleted "C:\ProgramData\IObit\Advanced SystemCare V8\Homepage Protection" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ann\AppData\Local\Temp ==== 2015-10-28 21:27:48 F5D6252C741CE5A1D8BB53FB76F231D4 987848 ----a-w- C:\Users\Ann\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-10-23 17:31:21 24E487B411B159BC2DE05476DE4C1B44 3210240 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2015-10-19 11:32:18 A77AF0ABA67969E7AC28B34E686ACC5C 315312 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2015-10-14 07:28:39 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-10-14 07:28:37 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-10-14 07:28:37 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-10-14 07:28:37 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-10-14 07:28:37 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-10-14 07:28:01 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2015-10-07 18:55:34 19BEDA57F3E0A06B8D5EB6D619BD5624 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-10-28 11:16:11 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-09-29 17:20:22 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== 2015-10-24 08:24:48 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\asc_rdflag ====== C:\Users\Ann\AppData\Roaming ====== 2015-10-09 01:17:40 8D1B7F52B607C54274F6F927570EC563 241184 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-09-29 17:19:55 -------- d-----w- C:\Users\Ann\AppData\Roaming\Sun ====== C:\Users\Ann ====== 2015-10-28 10:08:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2015-10-28 10:06:44 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ann\Downloads\RSITx64.exe 2015-09-29 17:19:54 -------- d-----w- C:\Users\Ann\.oracle_jre_usage ====== C: exe-files == 2015-10-28 21:27:48 F5D6252C741CE5A1D8BB53FB76F231D4 987848 ----a-w- C:\Users\Ann\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe 2015-10-28 11:16:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ann.exe 2015-10-28 10:08:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ann\Desktop\RSITx64.exe 2015-10-28 10:06:44 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ann\Downloads\RSITx64.exe 2015-10-23 07:32:58 CB49115481D5CDE6F5B44FA424A7C3BF 24488 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-10-23 07:32:58 BB04EE204FBB5F925F408B0857994DAF 25512 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-10-23 07:32:58 922C08C5DFDE261049CEB8189F1EE3BA 6922928 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe 2015-10-23 07:32:58 357FD727079C5F0E1C7DC11B4DB9D3DB 71592 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe === C: other files == 2015-10-23 17:31:21 24E487B411B159BC2DE05476DE4C1B44 3210240 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2372668859-1852268327-715560521-1000\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" "CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\Users\Ann\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" "CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\Users\Ann\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "PC-Doctor for Windows localizer"="C:\Program Files\PC-Doctor for Windows\localizer.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google+ Auto Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google+ Auto Backup" "hkey"="HKCU" "command"="\"C:\\Users\\Ann\\AppData\\Local\\Programs\\Google\\Google+ Auto Backup\\Google+ Auto Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iolo Startup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iolo Startup" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iolo\\Common\\Lib\\ioloLManager.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Startup Folders ====================== 2010-09-26 15:10:10 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2012-04-25 20:59:00 806 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sweex snapshot button monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16/10/2015 20:33] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 00:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 00:13] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2372668859-1852268327-715560521-1000Core.job --a------ C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe [24/09/2015 07:45] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2372668859-1852268327-715560521-1000UA.job --a------ C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe [24/09/2015 07:45] C:\Windows\tasks\HPCeeScheduleForAnn.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe] "C:\Windows\SysNative\tasks\ASC8_SkipUac_Ann" ["C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Ann)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2372668859-1852268327-715560521-1000Core" [C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2372668859-1852268327-715560521-1000UA" [C:\Users\Ann\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForAnn" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe] "C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe] "C:\Windows\SysNative\tasks\SmartDefrag_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Ann" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{99F5AF41-4E40-48EA-B42E-6E9AC8AFC184}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{AF280082-0706-4BAE-9F10-6B39AF35888D}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{91215757-E262-4ADB-99A0-AAE177D108B9}" [C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe] "C:\Windows\SysNative\tasks\{A249DB51-3C00-4DFA-8701-20BF2868E914}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={718E0CD9-E261-4160-9090-91A48AE0F06B}&mid=2a3c849d707547d6a3ff9128c09ffef1-e27165e4895c30416ef4d5795164f98330028cc5&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-24 09:02:38&v=4.1.5.143&pid=wtu&sg=&sap=hp"); user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [26/09/2010 16:11] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [26/09/2010 16:11] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\knndb4cl.default 7D127425BBE91DF37448A7F44C1DDA52 - C:\Users\Ann\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/ig" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.nl/ig" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{45122743-6B07-4A96-B139-E4147175131F}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {45122743-6B07-4A96-B139-E4147175131F} Google Url="http://www.google.be/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGLL_nlBE403" {68992DB9-035D-426B-A49D-220238E00BF0} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\GuestUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\GuestUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZIDQ6YV will be deleted at reboot C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJXNDPGX will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4578 folders=1359 283944913 bytes) ==== Empty Temp Folders ====================== C:\Users\Ann\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\GuestUser\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ann\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime\realtime_2015-10-25-09-29 .txt" not found "C:\ProgramData\IObit\Advanced SystemCare V8\Homepage Protection\ASCService.log" not deleted "C:\Program Files (x86)\Microsoft\BingBar" not found "C:\Program Files (x86)\IObit\IObit Malware Fighter" not found "C:\ProgramData\IObit" not deleted "C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZIDQ6YV" not found "C:\Users\Ann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJXNDPGX" not found ==== EOF on do 29/10/2015 at 15:20:12,97 ======================