Zoek.exe v5.0.0.0 Updated 11-October-2014 Tool run by Kim on zo 12-10-2014 at 13:12:22,96. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kim\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12-10-2014 13:14:40 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\7-Zip deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF} deleted successfully C:\Users\Kim\AppData\Roaming\HpUpdate deleted successfully C:\Users\Kim\AppData\Roaming\Opera deleted successfully C:\Users\Kim\AppData\Roaming\UpdaterEX deleted successfully C:\Users\Kim\AppData\Local\DriverTuner deleted successfully C:\Users\Kim\AppData\Local\genienext deleted successfully C:\Users\Kim\AppData\Local\Opera deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4173420842-593605772-2718762523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{18AD2C9A-DCCA-4A47-B4C3-D8CDE14AEC67} deleted successfully HKEY_USERS\S-1-5-21-4173420842-593605772-2718762523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{448DBFBD-D8BD-45D1-AC72-7C129AD7D093} deleted successfully HKEY_USERS\S-1-5-21-4173420842-593605772-2718762523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C93A97A9-8AFB-49CB-B533-B2662F02A40B} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF} not found C:\Users\Kim\daemonprocess.txt deleted C:\Users\Kim\.android deleted C:\Program Files\Skillbrains deleted C:\Program Files\AVG Security Toolbar deleted C:\Program Files\globalUpdate deleted C:\Users\Kim\AppData\Roaming\simplitec deleted C:\Users\Kim\AppData\Roaming\337Games deleted C:\Users\Kim\AppData\Roaming\Systweak deleted C:\PROGRA~2\Avg_Update_0814tb deleted C:\PROGRA~2\simplitec deleted C:\PROGRA~2\WPM deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\Package Cache deleted C:\Users\Kim\AppData\Local\globalUpdate deleted C:\Users\Kim\AppData\Local\AVG Secure Search deleted C:\Users\Kim\AppData\Local\Mobogenie deleted C:\Users\Kim\AppData\Local\cache deleted C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com deleted C:\Users\Kim\AppData\LocalLow\AVG Secure Search deleted C:\Users\Kim\AppData\LocalLow\Softonic deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\AI_RecycleBin deleted C:\Windows\System32\SearchProtect deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-21 19:39:05 2A66E81AE941E54A237490FC35D387C8 1945 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\Kim\AppData\Local\Temp ==== 2014-10-05 11:04:35 C95CDDF65F9F8C9433AFF8F0A811375A 189320 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\psmachine_64.dll 2014-10-05 11:04:35 715CCB3F5EDA626198CCADC7AB8CE9A2 189320 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\psuser_64.dll 2014-10-05 11:04:35 3D58798BD1D1F96381C0B47CA859739D 166792 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\psuser.dll 2014-10-05 11:04:34 FB5621842FDABF9F8359775573498FBC 605064 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\npGoogleUpdate3.dll 2014-10-05 11:04:34 84180917AAB55EE4392C54E0E0BD4022 166792 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\psmachine.dll 2014-10-05 11:04:22 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdateSetup.exe 2014-10-05 11:04:22 77E585EDD4C7EB7AB2ACC36BC1DC32A5 1696648 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\goopdate.dll 2014-10-05 11:04:20 DEC1A40D0210FAD3BB67028B97F155A4 26112 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdateHelper.msi 2014-10-05 11:04:20 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdateBroker.exe 2014-10-05 11:04:20 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleCrashHandler64.exe 2014-10-05 11:04:20 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdateOnDemand.exe 2014-10-05 11:04:20 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdateComRegisterShell64.exe 2014-10-05 11:04:20 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleUpdate.exe 2014-10-05 11:04:19 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Users\Kim\AppData\Local\Temp\{D105620F-DB90-4BD3-8B83-675AC538FEFC}\GoogleCrashHandler.exe ====== Java Cache ===== 2014-10-10 14:57:35 F63EC797D36EADA2D19D2AAFF75B0BCF 442 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\53c3a6c0-e707e65714f4af24a75530124ebb36d70a1193ccb99d2c362711d5145c000943-6.0.lap 2014-10-09 10:39:45 9C0F04133D0BC15C4C5F713EDB0E3F56 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7968b140-6827cbe2 2014-10-12 10:19:29 4D3309E3350C7FCEF5755ECCB9130FE6 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3facdecb-6c1f5c6e 2014-10-08 12:57:15 4A058DFF9C921A8A7616D52ED7299217 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5bb9104c-4c76e516 2014-10-09 08:56:43 86D0B5374E24205F89D9B340C3C275B1 85877 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\1eca210d-68b1aa44 2014-10-12 10:34:43 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\416cb34e-7c831870 2014-09-28 09:08:40 3055BA4C1F31CD7E7303E7DA049EED3E 1481027 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\25d8d7cf-1b72c3da 2014-09-27 15:14:45 B846AB7C339712B70F092B89C82358E5 1481027 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\47ccf411-79b2cb02 2014-09-28 09:08:38 C50244170A46CEC8A3DE250BF11FF8E8 442 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\20603493-ebe6fe1fb1ab6f7e326da17e5473c8515474f13a6238b6a20f9737b7cc0b7fe2-6.0.lap 2014-10-06 12:24:57 02E151CC01582DBAE3533DF179A12B17 71113 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\13d9cc42-5eb10360 2014-10-07 14:58:24 C5012B4FE5568B923701B102EE98EE27 443 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\3ea111d4-b7e0eed99bf7fe51ce9c7c65df222a9289cd5b44a3eab05279939f89825add2c-6.0.lap 2014-10-03 19:34:55 C87E5D8FA9B9B746D6562C8C681D5F10 414 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\b4e0294-7a68f926870bbf463cdbe054c9214c7517449bafba50f6630ba71c0b31d6ca54-6.0.lap 2014-09-27 15:16:25 94DA80A070277D225E087E81EF6FD06A 1481027 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2231195-49b043b8 2014-10-07 16:38:31 D0BBDF8BD32DF77174FEB4A851E9C471 92825 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\29d35216-279e1f5c 2014-10-03 19:13:44 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\68a72197-2586184f 2014-09-28 16:38:46 35BEC73335FED016B8348622CEEF66FC 82 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1bf9971a-2e05bb0c803192c27108c1edf2a34197f87f8b811b61ee8fc1315c35e7136af5-6.0.lap 2014-10-03 19:35:05 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\35708a1b-5a44e139 2014-10-01 18:46:32 4DCC0514BD1CFC25214ABCB53353C78A 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7cb9a0db-37c68b67 2014-10-12 10:19:41 03E272F4B20A437A15086C2351FB84E2 3797 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\29a84fdc-66f16481 2014-10-10 17:59:40 D5566EBC2551C2B603759CB0F809D3F3 71978 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2f7ffe1c-67dbab90 2014-09-28 16:38:48 084D91BA3A684A92F5E19A7A0D4F6DCC 1481027 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\79580c9d-43d520ff 2014-09-27 15:28:52 10D6C8AE63CCD0AEB7A9CF5099633F1A 34450 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\244d9703-66df76de 2014-10-01 18:46:31 9D321E188C6AC894A4598EA8E04901C1 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3da6d103-193bdb21 2014-10-01 18:46:30 E4DA257447ED23663833941F5A013C51 456 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\6aad475f-a0c8b2589f569f36f1596fd16ce952c0c85a6579ad8f27c0b59039edde477bd9-6.0.lap 2014-09-29 18:14:32 EB5555C6AB03FB57EC753F1D37B46ECD 1472132 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7a6d46e0-6113052d 2014-10-03 14:04:34 CFE22494794B25D63F1AC1ABFB603555 440 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\401d5022-a957af1e8e9c06ec15250ea77d449b1e30f70c6ffa5b761b36af1610ee0f54d3-6.0.lap 2014-09-27 17:01:09 D487D90C8C219B220BB1E33CF93D75FC 1481027 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\742f7622-13816847 2014-10-02 15:04:10 DAC774D519EB5DAF4E6359085E746E61 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\354f8ca3-6beb6596 2014-09-27 15:14:55 E2304B32386391A42B27B3385D553314 45854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\677f7323-7aefc87f 2014-10-12 09:10:05 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\227f1965-497ed569 2014-10-03 19:58:36 717C28D0997CB6E620ED1AD164C20EE9 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\36f4ade6-66b4f5b6 2014-10-03 13:36:03 89F9D8414AD56C531C5047DC9A47F1A5 413 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\c76ae7-d0e60f484e7c5b37d72cf1e1548c3889d46dc55f45489014a7bf5137bed6b05c-6.0.lap 2014-10-12 10:44:55 03E272F4B20A437A15086C2351FB84E2 3797 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\dd10d27-51a2948c 2014-10-03 14:04:35 FE298F8F47897A9D891BAF44051E2439 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\35953d68-4d895986 2014-10-08 06:51:52 5D4C87610BA38E1E148470DAA7B305B6 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4fa996e8-34f37b83 2014-10-03 13:36:13 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\25e16369-1d88d6c7 2014-10-02 15:04:06 BE6D2A64C5145D2123FF91E4FB690D16 38 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\32c079a9-f58150783845d573f5f092e8244fb76fddb7418b5b75041cb47aea85346724a3-6.0.lap 2014-10-10 14:57:37 01265E4C0B927689E312C893A53AE0B6 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\47042ea9-7c3aee93 2014-10-05 09:09:08 3B4365937BEE56364948BA5D33829E83 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\b918b29-383c2a96 2014-10-03 18:18:42 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\555169aa-338b29d1 2014-10-12 10:44:50 595B70662339A81842B6B499860D4484 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\7256e26c-4952927c 2014-09-30 14:35:56 3940F45EF68DA815730A086C5B224EEB 442 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\339baed-7db333ea03f51debc9c0d7a8e17e91990c5f7332965e3c60a60dc3f4edfda3b2-6.0.lap 2014-09-27 17:01:07 15F6EE91135ECECE3A5652E86F10A435 442 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\58a334ae-4320f4056e38e2b8d21b2849c6e72c9fd1608cb9e9d9e944f80fa90c1845d066-6.0.lap 2014-10-09 07:33:31 5E2387156C540DBDB78CCAE4E4D1D800 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\3d29d130-5bce4b09 2014-10-07 08:54:47 651458EDAFA60377282051433AB7C8E4 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\19cf5c34-56b810d1 2014-09-27 19:15:49 1DC8A76C15DF42021E54B00F48A2F56B 65314 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\19325ab5-3f17daf8 2014-10-02 15:04:08 B6D52A97246CB2D71A623835B6FDE45C 442 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\356acd78-3b8cc133663b44349ba20baeaa2ba375cad892a825e08cebd8a2816ff275e231-6.0.lap 2014-09-27 15:16:24 29189A2EDC0DC54229BFBBE3104ED55B 443 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1b7611b9-107ba44a6dfec33d0fb742cd3106e730fd07e67c27355907d65d478d7cbf4e92-6.0.lap 2014-10-03 13:36:34 0318D3F32678A83FD3BB8F6E2DB7FDF0 67861 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57726079-125478de 2014-10-06 10:01:57 F25FE202612E88077CC3807B673C1108 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\35191ebb-60077d73 2014-10-01 18:46:31 6171039B6CA0134FCA19580983260970 457 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\79f567b-1aa70c7fbb35af5f576bedf2c122007362e660124b842960af31eda529f5a9ff-6.0.lap 2014-09-30 14:35:59 B901D6D84373B81805BD8919CCDE99E6 1458923 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\7916b93c-794293c8 2014-10-03 13:36:13 8D37444834BF4956F64F56BB3217E8D2 1484799 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1e9db587-6af56533 2014-10-07 14:58:25 651458EDAFA60377282051433AB7C8E4 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\254abc07-55696f26 2014-10-02 15:04:10 215F50F8CB678DFA9E837E14B1D637F6 9328 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\33b4a0c7-311f970d 2014-10-02 15:04:10 215F50F8CB678DFA9E837E14B1D637F6 9328 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\33b4a0c7-55a2f9f6 2014-09-27 15:14:43 13E0E48897881A7882038D851C4D44B0 441 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4fa0b8c8-b2aa5386d6ee877a2eee54515c1c539fca6665fe3935a8eef92fe74a24e73ea8-6.0.lap 2014-10-10 15:10:48 E41759DF598982DA7D34AE28F7F77840 1456854 ----a-w- C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\75039388-2e176d95 ====== C:\Windows\system32 ===== 2014-10-05 11:29:50 EAF9C601AF2B9B21E9D8F4F2D0A2B6D6 36152 ----a-w- C:\Windows\System32\TURegOpt.exe 2014-10-05 11:29:43 14B4AC47D6A5450BD07B5DD165DED069 25400 ----a-w- C:\Windows\System32\authuitu.dll 2014-10-03 18:39:36 E9B05DF6E6E8F01AB8EC3036F7770396 692616 ----a-w- C:\Windows\System32\FlashPlayerApp.exe 2014-10-03 18:39:36 733AB625B4398BA223A9664EE6473051 71048 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-10-01 18:37:08 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\System32\qdvd.dll ====== C:\Windows\system32\drivers ===== 2014-09-21 19:32:03 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-09-21 19:29:45 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-09-21 19:29:45 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-09-21 19:29:45 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2014-10-08 12:51:26 7AF288FE0349A1045C5BE98508430BB6 2750 ----a-w- C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-10-05 11:50:47 11CB66AFBA6747006D52DE0ABCBB2EC8 3680 ----a-w- C:\Windows\system32\Tasks\Java(TM) Platform SE Auto Updater 2014-10-05 11:50:44 B0EA0EAEB4E57D0FB56A51150EA773A6 3670 ----a-w- C:\Windows\system32\Tasks\Adobe Reader and Acrobat Manager 2014-10-05 11:14:50 C1E30D70525F4BDAA7D49654E8E2F732 3114 ----a-w- C:\Windows\system32\Tasks\{C855A5BB-095F-488D-B60F-1F1E1CE9FB46} 2014-10-03 18:39:43 A586BD1EE482DD0C98C28750A4D138D8 3768 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater 2014-10-03 18:39:43 73EF5AA9782E3067D0963D35A7F806A9 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-07 09:53:54 -------- d-----w- C:\Program Files\OBS 2014-10-05 11:33:04 -------- d-----w- C:\Program Files\trend micro 2014-10-05 10:59:18 -------- d-----w- C:\Program Files\Common Files\Skype 2014-10-05 10:59:16 -------- d-----r- C:\Program Files\Skype 2014-10-03 13:50:18 -------- d-----w- C:\Program Files\SplitmediaLabs 2014-10-02 15:06:09 -------- d-----w- C:\Program Files\iPod 2014-10-02 15:05:58 -------- d-----w- C:\Program Files\iTunes 2014-09-23 16:54:28 -------- d-----w- C:\Program Files\Mozilla Maintenance Service ======= C: ===== 2014-10-05 18:52:06 DFA53597FF0890DADF6A7812A21E14B5 3664 ------w- C:\bootsqm.dat ====== C:\Users\Kim\AppData\Roaming ====== 2014-10-07 09:58:30 -------- d-----w- C:\Users\Kim\AppData\Roaming\OBS 2014-10-07 09:54:00 -------- d-----w- C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-10-07 08:44:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG 2014-10-05 11:28:40 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg 2014-10-05 11:28:23 -------- d-----w- C:\Users\Kim\AppData\Roaming\AVG 2014-10-05 11:28:22 -------- d-----w- C:\Users\Kim\AppData\Local\Avg 2014-10-03 18:45:51 -------- d-----w- C:\Users\Kim\AppData\Local\SplitMediaLabs 2014-10-03 13:48:27 -------- d-----w- C:\Users\Kim\AppData\Roaming\SplitmediaLabs 2014-09-27 20:11:03 78CF1C7AD167593B828F3193FE26E73D 502672 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-09-23 16:11:50 -------- d-----w- C:\Users\Kim\AppData\Local\ElevatedDiagnostics 2014-09-21 19:19:59 375936E21BBF7EB9B9CB2AA3C68489D3 129816 ----a-w- C:\Users\Kim\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Kim ====== 2014-10-05 11:29:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015 2014-10-05 11:22:56 -------- d-----w- C:\ProgramData\AVG 2014-10-05 10:59:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-03 13:50:19 -------- d-----w- C:\ProgramData\SplitMediaLabs 2014-10-03 13:50:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit 2014-10-02 15:12:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-10-02 15:08:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-02 15:05:58 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-09-27 15:08:50 -------- d-----w- C:\Users\Kim\jagexcache ====== C: exe-files == 2014-10-11 13:56:37 AFE32AFD30464FC59CB8E88DC72F66FA 833728 ----a-w- C:\Program Files\Common Files\Steam\SteamServiceTmp.exe 2014-10-11 13:55:53 65EBB6629060BD6B08BC4B5B013445A7 1523392 ----a-w- C:\Program Files\Steam\bin\steamwebhelper.exe 2014-10-11 09:36:26 FDFE4FF745D92B6F7A23DE301855AD21 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IALVAQE.exe 2014-10-11 09:36:26 F36892F5C70AAF3BB5A9B54BAB3929E4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$I0XA26V.exe 2014-10-11 09:36:26 F0F6505A1DAA6E969CFF30DCF880BA51 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IZP6FVF.exe 2014-10-11 09:36:26 D895F7A77E62C9FB011399F4CA99586E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IPCSFZD.exe 2014-10-11 09:36:26 C8D203B503D73FA61B0C8C248D883CE1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IINXS9I.exe 2014-10-11 09:36:26 A3CEB50000814BF08E0E686C82EE3BD3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$I1WZ7O9.exe 2014-10-11 09:36:26 84A6F44B2B8CDBE2F076C6CEE6A7C52E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$ICMXPKP.exe 2014-10-11 09:36:26 7958F3A83AD2A6953EF91110259F3FA5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IE35OM7.exe 2014-10-11 09:36:26 7125E36224E83DF956FABE64F4EB98D6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IGHFJX4.exe 2014-10-11 09:36:26 629C133CA3A45AAB6D490E8CE17A17D2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$I2NK1MQ.exe 2014-10-11 09:36:26 5D278EAACA22A97DA045B0AB30F835C5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IIH8MTC.exe 2014-10-11 09:36:26 341C6ADC05A0C3A288E59FB8EB7B1EB0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$I9JXHH1.exe 2014-10-11 09:36:26 2C2E4DD2041BBAFC420DE3EBFCD5E073 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$ISR3QYM.exe 2014-10-11 09:36:26 0BD0C030AFEC3FFC730E4DEEC669F624 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$I3WYQTT.exe 2014-10-11 09:36:26 04054A54D072173FB824CC465C0C73CB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IMI5N92.exe 2014-10-08 06:44:10 0DF3D43C5FE1495BEB3B6739379EF2B9 1385808 ----a-w- C:\Users\Kim\AppData\Roaming\uTorrent\updates\3.4.2_34309.exe 2014-10-07 09:53:58 BD1E5AD4AF2B88392F4E983D329CEFC0 57198 ----a-w- C:\Program Files\OBS\uninstall.exe 2014-10-07 09:52:41 72E37B5E5B1BDB62316D5F79691F59EB 7463237 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$RE35OM7.exe 2014-10-05 19:12:19 7AC00327C367B7C346AE9CFF1F56A5A8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4173420842-593605772-2718762523-1000\$IHS6581.exe 2014-10-05 11:33:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kim.exe === C: other files == 2014-10-11 15:01:44 425CC9028A45C310DF897A7A4FB2A14F 257300 ----a-w- C:\Users\Kim\AppData\Local\Sports Interactive\Football Manager 2014\Temporary\web\Temp\scoped_dir_3378\avg.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4173420842-593605772-2718762523-1000\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\Kim\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED " [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vProt"="C:\Program Files\AVG Secure Search\vprot.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "NvSvc"="RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "BingDesktop"="C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey " "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Users\Kim\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED " ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" "hkey"="HKLM" "item"="AdobeCS6ServiceManager" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" "hkey"="HKLM" "item"="BCSSync" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BingDesktop] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BingDesktop" "hkey"="HKLM" "command"="C:\\Program Files\\Microsoft\\BingDesktop\\BingDesktop.exe /fromkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" "hkey"="HKLM" "item"="SwitchBoard" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\Kim\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Kim\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" ==== Startup Folders ====================== 2014-01-11 16:04:41 2140 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03-10-2014 20:39] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10-09-2014 17:07] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [10-09-2014 17:07] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4173420842-593605772-2718762523-1000Core.job --a------ :C:\Users\Kim\AppData\LoC:al\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4173420842-593605772-2718762523-1000UA.job --a------ :C:\Users\Kim\AppData\LoC:al\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-4173420842-593605772-2718762523-1000Core" [C:\Users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-4173420842-593605772-2718762523-1000UA" [C:\Users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java(TM) Platform SE Auto Updater" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\h9ydwsmd.default FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat FB5621842FDABF9F8359775573498FBC - C:\Users\Kim\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 6B34823748BD3C10EB2816858025AFE9 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 233F187A5425045011A0DD51F8B48E0F - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 81CB790A6AD230090086C644DC871FC3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 4AD1613FEDB87B4B18CADE745235A625 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 1FBB6E454767A5B43DD980C7DE5D89F6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dopemniaeocfenlpnoannaefnhfcjcgi - No path found[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx[] ogfjmhfnldnajmfaofeiaepghjenbgjo - No path found[] Google Slides - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap 1Command - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\naojedmfkkciajbfcehknfbcmimcjbhg AVG Security Toolbar - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Tribal Wars Time Extension - Kim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ckolnemglnnaaaeopconbampbdejaika Violentmonkey - Kim\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge ==== Chromium Startpages ====================== C:\Users\Kim\AppData\Roaming\Opera Software\Opera Stable\Preferences "startup_urls": [ "http://www.google.nl/" ], ==== Chromium Fix ====================== C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.aartemis.com/web/?type=ds&ts=1388583253&from=cor&uid=SAMSUNGXHM250JI_S15YJF0P916678&q={searchTerms}" "Search Page"="http://www.aartemis.com/web/?type=ds&ts=1388583253&from=cor&uid=SAMSUNGXHM250JI_S15YJF0P916678&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bingdesktop.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpsf.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninst.exe deleted successfully HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dopemniaeocfenlpnoannaefnhfcjcgi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8VRIV34 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Kim\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2256 folders=322 265077554 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kim\AppData\Local\Temp will be emptied at reboot C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kim\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found "C:\Users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8VRIV34" not found ==== EOF on zo 12-10-2014 at 13:52:52,01 ======================