
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by YpY on ma 22-02-2016 at 15:34:00.38.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\YpY\Favorites\Downloads\zoek(3).exe    [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

22-2-2016 15:48:34 Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4038081757-550974096-142076149-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Avgsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SpyHunter 4 Service deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f074fb0-93af-4bbb-b42a-46c24176d18d}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUi] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"AVG_UI"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AVG Web TuneUp not found
C:\Program Files (x86)\Common Files\AVG Secure Search not found
C:\ProgramData\Avg_Update_0615piz not found
C:\ProgramData\AVG Secure Search not found
"C:\Users\YpY\AppData\Roaming\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\searchplugins\avg-secure-search.xml" not found
C:\PROGRA~2\IObit deleted
C:\Program Files\Enigma Software Group deleted
C:\found.001 deleted
C:\ProgramData\Avg_Update_0116avz deleted
C:\fe94b10f82cffaaeb7d6a97e92e437 deleted
C:\ProgramData\AVG Security Toolbar deleted
C:\windows\SysNative\Tasks\0615pizUpdateInfo deleted
C:\Windows\tasks\0615pizUpdateInfo.job deleted
C:\found.000 deleted
C:\Users\YpY\AppData\Roaming\ARCompanion.log deleted
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Program Files (x86)\AVG\Zen\avgntopenssla.zen.1.dll" deleted
"C:\Program Files (x86)\AVG\Zen\avgreloadablea.dll" deleted
"C:\Program Files (x86)\AVG\Zen\avgrepliba.dll" deleted
"C:\Program Files (x86)\AVG\Zen\avgsysa.zen.1.dll" deleted
"C:\Program Files (x86)\AVG\Zen\zappapia.dll" deleted
"C:\Program Files (x86)\AVG\Zen\zsvcplugina.dll" deleted
"C:\Program Files (x86)\AVG\Zen\zvpnplugina.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgcmla.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgcomma.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgloga.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgmsgdispa.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgnetclia.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgopenssla.fmw.1.dll" deleted
"C:\Program Files (x86)\AVG\Framework\1\avgsvcfmwplga.dll" deleted
"C:\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll" deleted
"C:\Program Files (x86)\AVG\Framework\Common\avgntopenssla.fmw.1.dll" deleted
"C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" deleted
"C:\Program Files (x86)\AVG\Framework\Common\avgsysa.fmw.1.dll" deleted
"C:\Program Files (x86)\AVG" not deleted
"C:\Program Files (x86)\AVG\Framework" not deleted
"C:\Program Files (x86)\AVG\Zen" not deleted
"C:\Program Files (x86)\AVG\Framework\1" not deleted
"C:\Program Files (x86)\AVG\Framework\Common" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\YpY\AppData\Local\Temp ====
2016-02-21 14:44:39	BF2297EEB101701FCB575CC0FFF50BE4	3011144	----a-w-	C:\Users\YpY\AppData\Local\Temp\UNINSTALL.EXE
====== Java Cache =====
2016-02-10 19:04:09	D8850485F3BF8A2C9097E5DAC876A893	88912341	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\6fc5ed02-10f92044
2016-02-10 19:01:35	60156D68B48B019D4F207735E4678F5D	39687	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3d5c8bd6-41af9a94
2016-02-11 08:57:50	8297920811167D6FC9168429428CBA5D	9540605	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\451204c3-540aef1a
2016-02-11 08:56:37	9F07F88B4D5C688607A7EE5E15225790	7097202	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\b993e6-678c5aa0
2016-02-11 08:55:13	EF822082A4829F18D0D218701991AC33	10302133	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4e57de28-49f8cf12
2016-02-10 19:01:31	BA27318B81708A85B5912F766864507B	426	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\5ea49473-d59a2ccac7652bf4c13ff69fbef448237d1e680443aa8c476a8cff146f158147-6.0.lap
2016-02-10 19:04:14	7E8DFD04B6DD3663193CC54DE04762D8	7798300	----a-w-	C:\Users\YpY\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7229dfb8-11bcb6ff
====== C:\Windows\SysWOW64 =====
2016-02-09 20:46:05	2211C51BABE577798343D69F818E25AB	278624	----a-w-	C:\Windows\SysWOW64\javaws.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2016-02-09 20:44:53	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
======= C: =====
2016-02-21 15:45:58	F4E90B598135CD1952C64E5D0446C2FF	3416	------w-	C:\bootsqm.dat
====== C:\Users\YpY\AppData\Roaming ======
2016-02-10 18:43:20	4E93D5D5B5F8320AE8D7BD053BA596F4	7601	----a-w-	C:\Users\YpY\AppData\Local\Resmon.ResmonCfg
2016-02-09 20:44:27	--------	d-----w-	C:\Users\YpY\AppData\Roaming\Sun
====== C:\Users\YpY ======
2016-02-10 19:03:14	--------	d-----w-	C:\Users\YpY\www.apowersoft.com
2016-02-09 20:44:26	--------	d-----w-	C:\Users\YpY\.oracle_jre_usage
2016-02-09 20:43:06	--------	d-----w-	C:\ProgramData\Oracle

====== C: exe-files ==
2016-02-21 14:44:39	BF2297EEB101701FCB575CC0FFF50BE4	3011144	----a-w-	C:\Users\YpY\AppData\Local\Temp\UNINSTALL.EXE
2016-02-21 14:38:53	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\YpY\Favorites\Downloads\RSITx64(2).exe
2016-02-21 14:38:15	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\31088\AdobeARMHelper.exe
2016-02-20 15:59:33	FF70EB133BE86B9F9EB18E274DAA6B6C	5111240	----a-w-	C:\Users\YpY\Favorites\Downloads\spsetup129(1).exe
2016-02-20 15:57:51	FF70EB133BE86B9F9EB18E274DAA6B6C	5111240	----a-w-	C:\Users\YpY\Favorites\Downloads\spsetup129.exe
2016-02-20 15:03:44	45AB0193BCF8693503AF810B1E60D7FE	879512	----a-w-	C:\Users\YpY\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.116\48.0.2564.116_48.0.2564.109_chrome_updater.exe
2016-02-20 14:56:39	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\YpY\Favorites\Downloads\RSITx64(1).exe
2016-02-20 14:56:24	5198A6628971FDB36101D3007FA7976D	4611624	----a-w-	C:\Users\YpY\AppData\Local\AvgSetupLog\(x86)\AVG\Setup\avgntdumpx.exe
2016-02-16 15:25:41	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\5910\AdobeARMHelper.exe
2016-02-16 12:51:28	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\8459\AdobeARMHelper.exe
2016-02-15 19:53:34	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\5625\AdobeARMHelper.exe
2016-02-15 18:40:51	BC158D4F14B7F51BE0ECD30BE43FB5E4	404712	----a-w-	C:\ProgramData\Adobe\ARM\S\24145\AdobeARMHelper.exe
=== C: other files ==

==== Orphaned Tasks deleted from Registry ======================

0615pizUpdateInfo deleted
AdobeAAMUpdater-1.0 Fallback-YpY-PC-YpY deleted
clear.fiMovieService.exe_1532260728 deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4038081757-550974096-142076149-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\YpY\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\YpY\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"vProt"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\""
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Creative Cloud"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeMovieService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]
"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"
"hkey"="HKLM"
"item"="BackupManagerTray"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""
"hkey"="HKLM"
"item"="EgisTecPMMUpdate"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"
"hkey"="HKLM"
"item"="EgisUpdate"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\YpY\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"command"="C:\\Windows\\system32\\hkcmd.exe"
"hkey"="HKLM"
"item"="HotKeysCmds"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeePass 2 PreLoad]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KeePass 2 PreLoad"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\KeePass Password Safe 2\\KeePass.exe\" --preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"command"="C:\\Windows\\system32\\igfxpers.exe"
"hkey"="HKLM"
"item"="Persistence"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Transfer Utility Camera Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Transfer Utility Camera Monitor.lnk"
"backup"="C:\\Windows\\pss\\Transfer Utility Camera Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PIXELA\\TRANSF~1\\CAMERA~1.EXE "
"item"="Transfer Utility Camera Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EvernoteClipper.lnk"
"backup"="C:\\Windows\\pss\\EvernoteClipper.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\Evernote\\Evernote\\EVERNO~2.EXE "
"item"="EvernoteClipper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Password Safe.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Password Safe.lnk"
"backup"="C:\\Windows\\pss\\Password Safe.lnk.Startup"
"backupExtension"=".Startup"
"command"="E:\\Passwordsafe_usb\\Password Safe\\pwsafe.exe -s"
"item"="Password Safe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^YpY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk]
"path"="C:\\Users\\YpY\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\tcbhn.lnk"
"backup"="C:\\Windows\\pss\\tcbhn.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\YpY\\AppData\\Roaming\\BROWSE~1\\tcbhn.exe -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId= -affId="
"item"="tcbhn"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-02-2016 15:31]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 18:52]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01-09-2015 18:52]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core.job --a------ C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [01-09-2015 18:52]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA.job --a------ C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe [01-09-2015 18:52]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe]
"C:\Windows\SysNative\tasks\4471" [wscript.exe C:\Users\YpY\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-YpY-PC-YpY" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001Core" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4038081757-550974096-142076149-1001UA" [C:\Users\YpY\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0AFA89FA-4B5A-4355-94B2-17B4B3E3F765}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\{16AB30CD-28DF-4EC4-94A6-A61547077AF1}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\{3056E4D1-4391-4F10-BE79-77191EA9DC23}" [C:\Program Files (x86)\EA Games\Command &amp; Conquer The First Decade\Launcher\TFDLauncher.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chromium Look ======================


AVG Web TuneUp - YpY\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Chrome Web Store Payments - YpY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YpY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YpY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\YpY\AppData\Local\Mozilla\Firefox\Profiles\6we27vpp.default-1451417505313\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\YpY\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=283 folders=45 354935338 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\YpY\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\YpY\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\AVG"  not found
"C:\Users\YpY\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn" deleted

==== EOF on ma 22-02-2016 at 16:37:02.54 ======================