
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Vinny on za 23/01/2016 at 13:04:04,82.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode No Internet Access Detected
Launched: G:\Kenneth\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

23/01/2016 13:05:18 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\FindRight deleted successfully
C:\PROGRA~2\Kingsoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Surftastic deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\Program Files\trend micro deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\xml_param deleted successfully
C:\Users\Vinny\AppData\Local\Dxtory Software deleted successfully
C:\Users\Vinny\AppData\Local\genienext deleted successfully
C:\Users\Vinny\AppData\Local\Skype deleted successfully
C:\Users\Vinny\AppData\Local\StormFall deleted successfully
C:\Users\Vinny\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully
HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully
HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default

user.js not found
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.claro-search.com/?affID=120129&babsrc=NT_ss&mntrId=8cbd664400000000000050465da362e9");
---- Lines claro removed from prefs.js ----
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.autoRvrt", "false");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "8cbd664400000000000050465da362e9");
user_pref("extensions.claro.instlDay", "15748");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.rvrt", "false");
user_pref("extensions.claro.tlbrId", "base");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.8.5");
user_pref("extensions.claro.vrsni", "1.8.8.5");
user_pref("extensions.claro_i.excTlbr", false);
user_pref("extensions.claro_i.newTab", false);
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.8.523:04:42");
---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "8cbd664400000000000050465da362e9");
user_pref("extensions.delta.instlDay", "15748");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.022:10:04");
---- Lines quick_start removed from prefs.js ----
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("extensions.quick_start.enable_search1", false);
user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
---- Lines istart removed from prefs.js ----
user_pref("browser.search.defaultenginename", "istartsurf");
user_pref("browser.search.selectedEngine", "istartsurf");
---- Lines extensions.kMRT removed from prefs.js ----
user_pref("extensions.kMRT.epoch", "1411668294");
user_pref("extensions.kMRT.url", "http://getitjpi.info/sync2/?q=hfZ9ofDSC6gMCyVUojw8rHUMg708BNmGWj8cmihGheDUojw9rdrErjwHrdnFqihIC7n0rjnEpjs9rjYEqdn4tN
---- FireFox user.js and prefs.js backups ---- 

prefs_20162301_1316_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLivid] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Astonsoft not found
C:\PROGRA~2\FindRight not found
C:\PROGRA~2\Kingsoft not found
C:\PROGRA~2\Surftastic not found
C:\Users\Vinny\AppData\Local\iLivid not found
C:\Program Files (x86)\Mobogenie not found
C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer not found
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not found
"C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\delta.xml" not found
C:\PROGRA~2\VstPlugins deleted
C:\Users\Vinny\AppData\Roaming\.technic deleted
C:\Users\Vinny\AppData\Roaming\Slack deleted
C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\extensions\nc6vwipxek@eeef-fhml.com deleted
C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\extensions\quick_searchff@gmail.com deleted
C:\Program Files (x86)\Common Files\Wondershare deleted
C:\PROGRA~3\SafeSoft deleted
C:\Users\Vinny\.android deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\RegClean deleted
C:\PROGRA~3\IHProtectUpDate deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Vinny\AppData\Local\CRE deleted
C:\Users\Vinny\AppData\Local\com deleted
C:\Users\Vinny\AppData\Local\Wondershare deleted
C:\Users\Vinny\AppData\Local\Mobogenie deleted
C:\Users\Vinny\AppData\Local\cache deleted
C:\Users\Vinny\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Vinny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted
C:\WINDOWS\SysNative\roboot64.exe deleted
C:\Users\Vinny\AppData\LocalLow\Unity deleted
C:\Users\Vinny\AppData\LocalLow\Conduit deleted
C:\AI_RecycleBin deleted
C:\WINDOWS\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\babylon1.xml deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml" deleted
"C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\claro.xml" deleted
"C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\claro.xml" deleted
"C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\claro.xml" deleted
"C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default\searchplugins\claro.xml" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\delta-homes.xml" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\delta-homes.xml" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\delta-homes.xml" deleted
"C:\PROGRA~2\Mozilla Firefox\searchplugins\istartsurf.xml" deleted
"C:\PROGRA~3\dae9c02ecc7134e8\{476D78C4-1DB0-2D88-7FCC-AA6559F59A8D}" deleted
"C:\PROGRA~3\dae9c02ecc7134e8" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Vinny\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-01-13 16:02:19	7E2330319E458B0406F16BF47D0F5FCA	373760	----a-w-	C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 16:02:18	86F1A25E25A85F1809DAD3FC7880ACDF	18802176	----a-w-	C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 16:02:17	091F53D3D8FEDA2AB02018A18795B337	19324928	----a-w-	C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 16:02:16	6A59054B30BBBEF05521921E895D16A4	188032	----a-w-	C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 16:02:15	B0409CEF7BBF488D3F07FBC36DAE34FF	2459096	----a-w-	C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 16:02:15	75D499303F9334780DDC00EEB15AFA99	368776	----a-w-	C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 16:02:15	66014F80D37AFEF646DA614D68407AB2	305776	----a-w-	C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 16:02:15	5BDB3DD749FD6EE9B51FA452AD896545	695752	----a-w-	C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 16:02:14	C662282B95220AD700D9B93A39702A25	409088	----a-w-	C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 16:02:14	98CC3506DFADE0A3C9353E953F0891BD	747008	----a-w-	C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 16:02:14	7A471C2688C5D864A049C4F2074413E7	107952	----a-w-	C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 16:02:14	2813D33FD11FF4E6666A394011D83B3B	2162064	----a-w-	C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 16:02:14	1B9D79C58A2087A7C855559AAAF4BAEF	72808	----a-w-	C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 16:02:13	BE152AA70B19D10253946DBC3A75547C	882208	----a-w-	C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 16:02:13	8D59581B205692ABC762603D7770E7E4	1541632	----a-w-	C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 16:02:13	2AB0D2CB00F9F088705F492F7683907D	563200	----a-w-	C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 16:02:12	8E853D8DDA2BBD4F3A8B7096085E765B	1070080	----a-w-	C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 16:02:12	13FA2626268E7F522B9750CDCB7039D2	696192	----a-w-	C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 16:02:11	CD08AC88BF5133AB5376A519C1F14643	871936	----a-w-	C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 16:02:11	71C33FA1180F55803CC312BE73835AEE	1106872	----a-w-	C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 16:02:11	4BAFAEEFDF9577A1B37EB6F14898F702	890880	----a-w-	C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 16:02:11	4595DE3C22C4B313A21AFB2C0E21688E	714808	----a-w-	C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 16:02:10	DB5CA5EDC2BE901451DD7C240F69721B	404992	----a-w-	C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 16:02:10	6EF1F91D387CF337E347722738AA6894	497896	----a-w-	C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 16:02:10	683BACDA104CABCCB8852CA24A03A964	573440	----a-w-	C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 16:02:09	A99EE78ACD9BE40C2A4D3097E382643C	82096	----a-w-	C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 16:02:08	A818674D5F9B67BA4BA9B67434AAAF3B	635312	----a-w-	C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 16:02:08	5DEB6066C1F5D2F07002BF59BA57E2A0	556032	----a-w-	C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-13 16:02:07	EB010C82D907969FC3A396EE16DB1A44	2152744	----a-w-	C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 16:02:07	CC3CDF714B78257E6CF2ED45A1EA1CD9	208688	----a-w-	C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 16:02:07	248521A186986B67107808EB4F3E01E7	232896	----a-w-	C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 16:02:06	84F33EA9B82044505ACFCAE15C762628	5454848	----a-w-	C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 16:02:06	7763184B73CB778EE9601555A7C42901	235008	----a-w-	C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 16:02:06	40258BC35D16DFCDC0D7B7E04C75EDFD	278424	----a-w-	C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 16:02:06	0C5FE5EB83BD4C4F3ACF7A08821FC0D5	277400	----a-w-	C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 16:02:05	F2A08BAE593A8270767ABA6BAADC634E	100712	----a-w-	C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 16:02:05	DAF8197B2944323EFDF15ED32A055D72	2445128	----a-w-	C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-13 16:02:05	4B7EC905DF02BBBFDDD725EE98D6535C	658528	----a-w-	C:\WINDOWS\SysWOW64\mfds.dll
2016-01-13 16:02:05	3CABA2E1C6B0F3906F03C97A42359896	645144	----a-w-	C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 16:02:04	9944FF1EDD2D36AEC0DACCC85930A152	1365576	----a-w-	C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 16:02:04	0B3FBB0539891F7177C3B98D6A141214	503296	----a-w-	C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 16:02:03	EFCBA793DF8E9E96528CC8586F7A885C	33280	----a-w-	C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 16:02:03	202A005B44B0E420D02E280F1AADFE71	116728	----a-w-	C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 16:02:02	C9471462610302402FF9BB0B09DB9177	650240	----a-w-	C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 16:02:02	2612D8C0CC6919E29D9239C7D1E96B30	159744	----a-w-	C:\WINDOWS\SysWOW64\UserMgrProxy.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-01-23 12:01:35	C1721B2F59B80E1184F436469850711B	16148	----a-w-	C:\WINDOWS\Sysnative\VINNY-PC_Vinny_HistoryPrediction.bin
2016-01-13 16:02:19	6187FA436627F9F694AFE1B805B21F5C	21873152	----a-w-	C:\WINDOWS\Sysnative\edgehtml.dll
2016-01-13 16:02:19	19C0D0D0960E242E1FE052C3F2CA7EC1	455168	----a-w-	C:\WINDOWS\Sysnative\schannel.dll
2016-01-13 16:02:16	BD962F6BBE51AD778F77260B8036C804	24592896	----a-w-	C:\WINDOWS\Sysnative\mshtml.dll
2016-01-13 16:02:16	50410D6D47B1C0A9BC4A4B1EE4E0027F	83704	----a-w-	C:\WINDOWS\Sysnative\mfvdsp.dll
2016-01-13 16:02:15	FF12AE856ADD9B0AC9F1A5DF323E9130	787720	----a-w-	C:\WINDOWS\Sysnative\WMADMOD.DLL
2016-01-13 16:02:15	F7FC6CB37CBF7C3547B2F8D8D3A1ACCD	377592	----a-w-	C:\WINDOWS\Sysnative\MP4SDECD.DLL
2016-01-13 16:02:15	846FF503D852A7B15FC02A46098EB31D	205072	----a-w-	C:\WINDOWS\Sysnative\COLORCNV.DLL
2016-01-13 16:02:15	32EFE0A14B4323786ACE4E8950210367	2641928	----a-w-	C:\WINDOWS\Sysnative\WMVDECOD.DLL
2016-01-13 16:02:15	0DE4840EB6125C69E46EB9CA908B6D29	345080	----a-w-	C:\WINDOWS\Sysnative\WMVSDECD.DLL
2016-01-13 16:02:14	F70197C9E902336B223A8F43AB627BD7	115704	----a-w-	C:\WINDOWS\Sysnative\VIDRESZR.DLL
2016-01-13 16:02:14	DD5339D7A02E27CC108897AF56F1BA95	1991120	----a-w-	C:\WINDOWS\Sysnative\WMVENCOD.DLL
2016-01-13 16:02:14	9FE8EF9A4FAE92B1296D4D1AD8A2C6E6	447488	----a-w-	C:\WINDOWS\Sysnative\WMVSENCD.DLL
2016-01-13 16:02:14	903FC05DFE2EA0432113E251DE3A3E51	634368	----a-w-	C:\WINDOWS\Sysnative\WMVXENCD.DLL
2016-01-13 16:02:13	FA78CF03CB18E8EAB07D1B9470508AA7	1270104	----a-w-	C:\WINDOWS\Sysnative\mfnetsrc.dll
2016-01-13 16:02:13	C974AFD04F02EADDE7C1928B3B42AA91	1672192	----a-w-	C:\WINDOWS\Sysnative\quartz.dll
2016-01-13 16:02:13	C62218BAE56459EE10145625762CEF1C	751992	----a-w-	C:\WINDOWS\Sysnative\WMADMOE.DLL
2016-01-13 16:02:13	9F2AB116293D0799BA44E27A810C26F0	1063504	----a-w-	C:\WINDOWS\Sysnative\msmpeg2adec.dll
2016-01-13 16:02:13	3A04CB24453E831CF75C209933DED057	862056	----a-w-	C:\WINDOWS\Sysnative\mfnetcore.dll
2016-01-13 16:02:12	E42DE587D8453E20796A149303DE4691	1255936	----a-w-	C:\WINDOWS\Sysnative\WMSPDMOE.DLL
2016-01-13 16:02:12	92C15AC3119BD5A270D4721D94962E87	205312	----a-w-	C:\WINDOWS\Sysnative\aepic.dll
2016-01-13 16:02:12	085303A3E653D0F1CB7F54A45FB25FAE	1150816	----a-w-	C:\WINDOWS\Sysnative\aeinv.dll
2016-01-13 16:02:11	870F1D282F0F8E7D9A56533A87D0551E	779928	----a-w-	C:\WINDOWS\Sysnative\evr.dll
2016-01-13 16:02:11	705DC0E4337CFDC6CCC035B2C5F9AF94	1009664	----a-w-	C:\WINDOWS\Sysnative\WMSPDMOD.DLL
2016-01-13 16:02:11	02786761624CE45D67A480D992C459AC	931328	----a-w-	C:\WINDOWS\Sysnative\MSMPEG2ENC.DLL
2016-01-13 16:02:10	F90129379A9D912CCF4EADC50F546C8B	463872	----a-w-	C:\WINDOWS\Sysnative\MFWMAAEC.DLL
2016-01-13 16:02:10	EE329CCF9C1E1CF6096E3935943CB3A5	667856	----a-w-	C:\WINDOWS\Sysnative\advapi32.dll
2016-01-13 16:02:10	B539D98D907A8F94DC3B7BB37B014008	678912	----a-w-	C:\WINDOWS\Sysnative\qedit.dll
2016-01-13 16:02:10	7128D19C04882CEEABB5F48ACD05B159	2824248	----a-w-	C:\WINDOWS\Sysnative\msmpeg2vdec.dll
2016-01-13 16:02:10	551C41C9508BF7117A56FC429D5B6534	8022368	----a-w-	C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-01-13 16:02:09	F2F08F34BC90048420D51D6574F29492	7523840	----a-w-	C:\WINDOWS\Sysnative\Chakra.dll
2016-01-13 16:02:09	CCC25D8DC3177759B541752D3C163460	233992	----a-w-	C:\WINDOWS\Sysnative\mftranscode.dll
2016-01-13 16:02:09	65656FF781BDC10127AB223CDC0AC69F	2463704	----a-w-	C:\WINDOWS\Sysnative\mfcore.dll
2016-01-13 16:02:09	628100F7F1F717D6C115051A389CE37E	90912	----a-w-	C:\WINDOWS\Sysnative\devenum.dll
2016-01-13 16:02:08	AF32A0D3E5A07AA50F4012C419E63757	539136	----a-w-	C:\WINDOWS\Sysnative\mfh264enc.dll
2016-01-13 16:02:08	AEE285AC6117625361E6D5F06A58A830	723648	----a-w-	C:\WINDOWS\Sysnative\generaltel.dll
2016-01-13 16:02:08	9C0547B502CFB4F750B883EC4425B30C	441696	----a-w-	C:\WINDOWS\Sysnative\devinv.dll
2016-01-13 16:02:08	4AC4CB97674AB132ACB8309C0615452B	772448	----a-w-	C:\WINDOWS\Sysnative\invagent.dll
2016-01-13 16:02:07	BA77A5B7C3602D0A8DC96CC5ED4AD665	249464	----a-w-	C:\WINDOWS\Sysnative\RESAMPLEDMO.DLL
2016-01-13 16:02:07	69AC1B59A11F3FDBDBEB5B9B09D7E05B	379392	----a-w-	C:\WINDOWS\Sysnative\qdvd.dll
2016-01-13 16:02:07	103CBAC0689FA88081E421E8203BA2F0	305664	----a-w-	C:\WINDOWS\Sysnative\ksproxy.ax
2016-01-13 16:02:06	E19B29DCA6AF0D29E180769FEDD408DD	250520	----a-w-	C:\WINDOWS\Sysnative\MPG4DECD.DLL
2016-01-13 16:02:06	A2FD4588F579F8671E4AB1064633CB46	712704	----a-w-	C:\WINDOWS\Sysnative\usermgr.dll
2016-01-13 16:02:06	A25B124EF04FE23BE96561C1107B9272	781976	----a-w-	C:\WINDOWS\Sysnative\mfds.dll
2016-01-13 16:02:06	76432D2E5504D33B4D2B1F837A057ED4	251544	----a-w-	C:\WINDOWS\Sysnative\MP43DECD.DLL
2016-01-13 16:02:06	0291A553B39D1CE0D108CF2388006B33	42496	----a-w-	C:\WINDOWS\Sysnative\usermgrcli.dll
2016-01-13 16:02:05	DA32F9BFA7851AD4247353EA03755DE6	578560	----a-w-	C:\WINDOWS\Sysnative\winlogon.exe
2016-01-13 16:02:05	CF2D0CD826F0BBC8F1150122720D2A9C	119800	----a-w-	C:\WINDOWS\Sysnative\MP3DMOD.DLL
2016-01-13 16:02:05	B6E5858C57014B0FA4A94F154BBDCC52	784136	----a-w-	C:\WINDOWS\Sysnative\mfsvr.dll
2016-01-13 16:02:05	97EB90D57B84797D01D59E862B1FF9E8	1591848	----a-w-	C:\WINDOWS\Sysnative\gdi32.dll
2016-01-13 16:02:04	38A519B37BAD270D0C65AE3AF7A083F2	1817064	----a-w-	C:\WINDOWS\Sysnative\WMALFXGFXDSP.dll
2016-01-13 16:02:03	D348983828D21D3D05711812A2811DCF	243248	----a-w-	C:\WINDOWS\Sysnative\mfps.dll
2016-01-13 16:02:03	5AB935E396A83A303DEA1FD480A19159	572928	----a-w-	C:\WINDOWS\Sysnative\vbscript.dll
2016-01-13 16:02:03	4717521A872CAE4B6DBC40BA5FE2238A	1083072	----a-w-	C:\WINDOWS\Sysnative\appraiser.dll
2016-01-13 16:02:03	0A2D0D9A0329B9C46F5D793DB51A15C7	1234944	----a-w-	C:\WINDOWS\Sysnative\aitstatic.exe
2016-01-13 16:02:02	BF746516D6DCDF242976A6893D65A778	771072	----a-w-	C:\WINDOWS\Sysnative\Chakradiag.dll
2016-01-13 16:02:02	2B4D03A121996467E53AF02F028FD017	235008	----a-w-	C:\WINDOWS\Sysnative\UserMgrProxy.dll
2016-01-13 16:02:02	0AAA44C103BB9D3BE03398BEF93C52A4	826880	----a-w-	C:\WINDOWS\Sysnative\jscript.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-01-22 18:37:26	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2015-12-25 15:04:10	4FF0FE695EDB2326F268377EBD546957	52208	----a-w-	C:\WINDOWS\Sysnative\drivers\ati2erec.dll
====== C:\WINDOWS\Tasks ======
2016-01-22 20:00:51	8E636C55D30FD12AC965D71396FF7F20	3568	----a-w-	C:\WINDOWS\Sysnative\Tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}
2016-01-22 18:45:38	--------	d-----w-	C:\WINDOWS\Sysnative\Tasks\Safer-Networking
2016-01-02 00:32:42	40718CBD7A480952D38B6787C592D493	2814	----a-w-	C:\WINDOWS\Sysnative\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vinnyrogmans@hotmail.com
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-12-25 15:16:40	--------	d-----w-	C:\Program Files\ATI Technologies
======= C:\PROGRA~2 =====
2015-12-27 17:02:00	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2015-12-27 17:01:59	--------	d-----r-	C:\PROGRA~2\Skype
======= C: =====
====== C:\Users\Vinny\AppData\Roaming ======
====== C:\Users\Vinny ======
2016-01-22 14:28:48	--------	d-----w-	C:\ProgramData\ATI
2016-01-12 11:52:42	--------	d-----w-	C:\Users\Vinny\Tracing
2016-01-02 00:30:55	--------	d-----w-	C:\Users\Public\Documents\AdobeInstalledCodecs
2016-01-02 00:18:03	--------	d-----w-	C:\ProgramData\boost_interprocess
2016-01-02 00:18:02	--------	d--h--r-	C:\Users\Vinny\Creative Cloud Files
2015-12-27 17:02:00	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-25 15:17:08	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

====== C: exe-files ==
2016-01-22 12:23:13	AD60A39A820804E89BC2EAD599ED94E1	8067784	----a-w-	C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\OneDriveSetup.exe
2016-01-22 12:23:13	AD60A39A820804E89BC2EAD599ED94E1	8067784	----a-w-	C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\OneDriveSetup.exe
2016-01-22 12:22:53	EB0965F7AE1394C0A3165A5E9A32C44D	164040	----a-w-	C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncConfig.exe
2016-01-22 12:22:36	2DB7D5B28812523AAF17F71A8EB4832E	171712	----a-w-	C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe
2016-01-20 19:38:41	1B16795D3CB7A9FAA3FC41C56EF2966D	149184	----a-w-	C:\Users\Vinny\AppData\Local\Temp\990F9CC7-D642-485D-AD4E-FA12D3852559\DismHost.exe
2016-01-20 19:17:06	1B16795D3CB7A9FAA3FC41C56EF2966D	149184	----a-w-	C:\Users\Vinny\AppData\Local\Temp\E6154E44-36E4-48FF-BB8B-E243614C372A\DismHost.exe
2016-01-20 11:55:03	8E2B8ADA771B32F596C6AA20187F0E2E	118	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$I1MYJ3T.exe
2016-01-20 11:54:44	54004382545CABABF5FD615BE4A19C70	440832	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$RZQOE5K\binvox.exe
2016-01-20 11:54:08	3BA7126B47876F1D79BF17E43FDBE562	7010584	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$R1MYJ3T.exe
2016-01-19 16:14:23	E82F8D3674BE07CC4F61FC0A2248D879	108	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$IZVFK3W.exe
2016-01-19 16:14:23	23E072CB677DA9B215DA546B7E365C26	108	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$I5F24O7.exe
=== C: other files ==
2016-01-22 18:37:26	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-01-22 12:22:20	8CF4163521FDB8E53482003C7EFA7121	5850	----a-w-	C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\CollectOneDriveLogs.bat
2016-01-21 01:18:44	8F01764D691D6B82D7C3061BFD08033D	2567476	----a-w-	C:\Users\Vinny\Downloads\1.8-Models-1.8.zip
2016-01-19 16:14:35	716D655AAA0AA770CD95C582BF1417A7	118	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$I04UZVC.zip
2016-01-19 16:14:34	C3471FD6DBD31A3730924B349D56DD4B	104	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$IAQMLUD.zip
2016-01-19 16:14:34	1B2B55EFF2C0AD5B999636E588E554A8	146	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$I1HXNL2.zip
2016-01-19 16:14:23	EE80C9AC9171A6B356334B188B052214	122	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$ICIYG2W.zip
2016-01-19 16:14:23	68742266EC005350174368C4D344013C	128	----a-w-	C:\$Recycle.Bin\S-1-5-21-2972001057-3138230179-3566334846-1000\$IJDV4J9.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="C:\Users\Vinny\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"OneDrive"="C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Spybot-S&D Cleaning"="G:\Kenneth\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="C:\Users\Vinny\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"OneDrive"="C:\Users\Vinny\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Spybot-S&D Cleaning"="G:\Kenneth\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeBridge"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Bridge CS5\\Bridge.exe\" -stealth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS5ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Vinny\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dropbox Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Vinny\\AppData\\Local\\Dropbox\\Update\\DropboxUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixMyRegistry]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FixMyRegistry"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\SmartTweak\\FixMyRegistry\\FixMyRegistry.exe /ot /as /ss"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LifeCam"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Vinny\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Vinny\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VX1000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VX1000"
"hkey"="HKLM"
"command"="C:\\Windows\\vVX1000.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="XboxStat"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Vinny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Vinny\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Vinny\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/03/2015 17:45]
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2972001057-3138230179-3566334846-1000Core.job --a-------- C:\Users\Vinny\AppData\LoC:al\Dropbox\Update\DropboxUpdate.exe []
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2972001057-3138230179-3566334846-1000UA.job --a-------- C:\Users\Vinny\AppData\LoC:al\Dropbox\Update\DropboxUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2972001057-3138230179-3566334846-1000Core" [C:\Users\Vinny\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2972001057-3138230179-3566334846-1000UA" [C:\Users\Vinny\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Kaspersky_Upgrade_{E7FE8BD6-07C8-4138-AB61-92AA886397EA}" [C:\Program Files\Common Files\AV\Kaspersky Internet Security\upgrade.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default
user_pref("browser.startup.homepage", "http://www.google.com/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\online_banking@kaspersky.com" [17/12/2014 13:49]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Sale Clipper - %ProfilePath%\extensions\{16019b30-3b17-4628-9c7d-d15e79370054}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Vinny\AppData\Roaming\Mozilla\Firefox\Profiles\ek9k2x4i.default
C62322C77D1AAB77B1CF1130FCC3673A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -	Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Gast\AppData\Local\Torch deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Vinny\AppData\Local\Torch deleted
Fake profile C:\Users\Vinny\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Vinny\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Vinny\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[21/10/2013 18:49]
fhokfmhpdoppcompklkineedkmhinhdf - C:\Users\Vinny\AppData\Roaming\BaseFlash\Chrome\BaseFlash.crx[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\online_banking_chrome.crx[21/10/2013 18:49]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx[21/10/2013 18:49]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx[17/12/2014 13:48]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\ab.crx[21/10/2013 18:49]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Vinny\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

Kaspersky Protection - Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
uTorrentBar_NL - Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Kaspersky URL Advisor - Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Dangerous Websites Blocker - Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Chrome Web Store Payments - Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
appear.in screen sharing - Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga
AdBlock - Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Kaspersky Protection - Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
uTorrentBar_NL - Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb
Kaspersky URL Advisor - Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Dangerous Websites Blocker - Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Chrome Web Store Payments - Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Fix ======================

C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"Search Page"="http://search.delta-homes.com/web/?type=ds&ts=1434020299&z=ba42db8d200f2d454cf2afbg9zdc2z3e1oee3oct2o&from=ient06110&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U803979739797&q={searchTerms}"
"Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://search.delta-homes.com/web/?type=ds&ts=1434020299&z=ba42db8d200f2d454cf2afbg9zdc2z3e1oee3oct2o&from=ient06110&uid=WDCXWD10EZRX-00A8LB0_WD-WMC1U803979739797&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSE1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b18906df-1dfa-4d50-8a1f-7d076a8c87b7} deleted successfully
HKEY_USERS\S-1-5-21-2972001057-3138230179-3566334846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b18906df-1dfa-4d50-8a1f-7d076a8c87b7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b18906df-1dfa-4d50-8a1f-7d076a8c87b7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b18906df-1dfa-4d50-8a1f-7d076a8c87b7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\BaseFlash@B1a2s3e4F5l6a7s8h9.es deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\quick_searchff@gmail.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\61155412-6ad5-455c-a0e9-99cdb9a0d1fd deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fhokfmhpdoppcompklkineedkmhinhdf deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Vinny\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Vinny\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Vinny\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Vinny\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Vinny\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3130 folders=958 688495002 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Vinny\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied