Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by charrel on wo 13-07-2016 at 12:00:51,78. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\charrel\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 13-7-2016 12:09:59 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\SurfAnonymousFree deleted successfully C:\Program Files\ByteFence deleted successfully C:\Program Files\iTunes deleted successfully C:\Program Files\MyDefrag v4.3.0 deleted successfully C:\PROGRA~3\ByteFence deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted successfully C:\Users\charrel\AppData\Roaming\EurekaLog deleted successfully C:\Users\charrel\AppData\Roaming\Malwarebytes deleted successfully C:\Users\charrel\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\charrel\AppData\Local\EmieSiteList deleted successfully C:\Users\charrel\AppData\Local\EmieUserList deleted successfully C:\Users\charrel\AppData\Local\photoOptimizeHistoryDataBase deleted successfully C:\Users\charrel\AppData\Local\Setup77150000 deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D49FCF-3CC7-4639-91CC-0346035512C6} deleted successfully HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D49FCF-3CC7-4639-91CC-0346035512C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"https://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"ht ---- Lines mysearch removed from prefs.js ---- user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{c40d1dc0-4a76-4634-84a4-d4e698eaf user_pref("browser.startup.homepage", "https://mysearch.avg.com?pid=wtu&sg=&cid=%7Bc40d1dc0-4a76-4634-84a4-d4e698eafd08%7D&mid=9e00481cce7847d2a1ea057 ---- FireFox user.js and prefs.js backups ---- prefs_13-07-2016_1221_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SurfAnonymousFree not found C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} not found C:\PROGRA~2\AVG SafeGuard toolbar deleted C:\Users\charrel\AppData\Roaming\stremio deleted C:\Program Files (x86)\Popcorn Time deleted C:\Program Files (x86)\AVG Web TuneUp deleted C:\ProgramData\Avg_Update_0215av deleted C:\ProgramData\Avg_Update_1214av deleted C:\Windows\AutoKMS deleted C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default\extensions\9Avg75f@8EH.net deleted C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default\extensions\avg@toolbar deleted C:\543724d3a2a77592a6b77e9e51 deleted C:\ProgramData\{229CE7FF-A8DE-6D39-2E18-F37BB45A78B5} deleted C:\Users\charrel\AppData\Roaming\{4B837D38-6ED1-104E-05E7-379CD935CAA2} deleted C:\windows\SysNative\Tasks\0215avUpdateInfo deleted C:\windows\SysNative\Tasks\1214avUpdateInfo deleted C:\windows\SysNative\Tasks\Open URL by RoboForm deleted C:\WINDOWS\tasks\0215avUpdateInfo.job deleted C:\WINDOWS\tasks\1214avUpdateInfo.job deleted C:\PROGRA~3\{01835c88-e538-d461-0183-35c88e537223} deleted C:\Users\charrel\AppData\Local\AVG Web TuneUp deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~2\Your Uninstaller! 7 deleted C:\Program Files\AVG Web TuneUp deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\GreenTree Applications deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\Users\charrel\AppData\Roaming\WB.CFG deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0814tb deleted C:\PROGRA~3\Avg_Update_1114tb deleted C:\PROGRA~3\Hotspot Shield deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\YTD Video Downloader deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\Users\charrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted C:\Users\charrel\Downloads\Babylon 5 (1).nzb deleted C:\Users\charrel\Downloads\Babylon 5 (2).nzb deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.1.zip deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.2.zip deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.3.zip deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.4.zip deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.5.zip deleted C:\Users\charrel\Downloads\Babylon 5 - 2267.zip deleted C:\Users\charrel\Downloads\Babylon 5.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-1.nzb-000394.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-2.nzb-000360.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-3.nzb-000359.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-4.nzb-000384 (1).nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-4.nzb-000384 (2).nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-4.nzb-000384 (3).nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-4.nzb-000384.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-5.nzb-000411.nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-6.nzb-000274 (1).nzb deleted C:\Users\charrel\Downloads\Babylon-5-Season-6.nzb-000274.nzb deleted C:\Users\charrel\Downloads\Babylon5 - Season1 (1).nzb deleted C:\Users\charrel\Downloads\Babylon5 - Season1.nzb deleted C:\Users\charrel\AppData\LocalLow\Minibar deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\windows\SysNative\Tasks\Yahoo! Powered sinen deleted C:\WINDOWS\Tasks\Yahoo! Powered sinen.job deleted C:\WINDOWS\tasks\UpdateTask.job deleted C:\windows\SysNative\tasks\UpdateTask deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default\searchplugins\avg-secure-search.xml deleted C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default\Invalidprefs.js deleted C:\Users\charrel\Google Earth PRO 7.1.2.2019 Final (2-click run)(Registered).exe deleted "C:\WINDOWS\tasks\AutoKMS.job" deleted "C:\WINDOWS\tasks\{440930E4-8920-E231-A955-7FFE849A7A69}.job" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\charrel\AppData\Local\Temp ==== 2016-07-13 09:48:24 730887F27C85C481DED116008DF147B6 6144 ----atw- C:\Users\charrel\AppData\Local\Temp\Upgrader3.exe 2016-07-07 10:14:15 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\charrel\AppData\Local\Temp\SDIAG_6b2c787d-fa4b-449e-81fe-23570a3c8f25\NetworkDiagnosticSnapIn.dll 2016-07-07 10:13:39 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\charrel\AppData\Local\Temp\SDIAG_17cf35ff-63ba-4248-90e7-1c9953e5d9ad\NetworkDiagnosticSnapIn.dll 2016-07-04 00:13:44 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\charrel\AppData\Local\Temp\SDIAG_77e8c1b9-d823-4501-8278-900d367fe07e\NetworkDiagnosticSnapIn.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-07-05 17:03:18 38F8CDC2E92573D2C0AD25CA15C30146 4864 ----a-w- C:\WINDOWS\SysWOW64\HideMyIpSRVOff.ini 2016-07-05 17:02:47 6F4976E485DE966519BFD124557DDCE7 364032 ----a-w- C:\WINDOWS\SysWOW64\HMIPCore.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-07-05 17:03:18 04D4D825652B817F2702E2EEF85249DB 4864 ----a-w- C:\WINDOWS\Sysnative\HideMyIpSRVOff.ini 2016-07-05 17:03:05 1474EE82605D16B57AD43130B09AD8D0 475136 ----a-w- C:\WINDOWS\Sysnative\HMIPCore64.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2016-07-05 17:03:27 F08C005DA823FDEFB8BD340EED7FD248 44376 ----a-w- C:\WINDOWS\Sysnative\drivers\hmip64.sys 2016-06-15 15:17:38 CED8576CD925E83ABEB14F65EA205C29 675328 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2016-06-15 15:17:38 69DC128CF54009A686E0F0C57E2BA0DC 416768 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2016-06-15 15:17:38 4396587119D8F4B72561ED24666E7567 243712 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2016-06-15 15:17:38 38BED40B100C6A844C3DB1AEE2F0C6CF 178008 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-06-15 15:17:37 1F20A2F59B7F979B39CBFA602E0D1F8E 563016 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-06-15 15:15:47 9DC17B7D9D84C37C102D379FCC7D4942 281088 ----a-w- C:\WINDOWS\Sysnative\drivers\netbt.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-07-12 18:24:04 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-07-05 17:02:39 -------- d-----w- C:\PROGRA~2\Hide My IP 6 2016-06-29 11:45:29 -------- d-----w- C:\PROGRA~2\FreeHideIP 2016-06-20 22:44:42 -------- d-----w- C:\PROGRA~2\Banner Maker Pro 9 2016-06-16 12:19:42 -------- d-----w- C:\PROGRA~2\OpenOffice 4 ======= C: ===== ====== C:\Users\charrel\AppData\Roaming ====== 2016-07-05 17:03:18 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\HideMyIpSRV 2016-06-29 11:45:32 -------- d-----w- C:\Users\charrel\AppData\Roaming\FreeHideIP 2016-06-29 11:29:59 -------- d-----w- C:\Users\charrel\AppData\Roaming\SurfAnonymousFree 2016-06-21 18:46:28 -------- d-----w- C:\Users\charrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio 2016-06-21 18:44:09 -------- d-----w- C:\Users\charrel\AppData\Local\code 2016-06-16 12:39:05 -------- d-----w- C:\Users\charrel\AppData\Roaming\OpenOffice ====== C:\Users\charrel ====== 2016-07-12 18:21:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\charrel\Downloads\RSITx64.exe 2016-07-05 17:02:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP 6 2016-07-05 17:00:47 A5019075F688DF101F1CD4D95332F0AC 3115072 ----a-w- C:\Users\charrel\Downloads\hidemyip.exe 2016-06-29 11:45:32 -------- d-----w- C:\ProgramData\FreeHideIP 2016-06-29 11:45:05 926C6C5A310C0E2EA5F50FEE7722A30A 2351581 ----a-w- C:\Users\charrel\Downloads\FreeHideIP-4.1.3.6.Setup (2).exe 2016-06-29 11:40:20 926C6C5A310C0E2EA5F50FEE7722A30A 2351581 ----a-w- C:\Users\charrel\Downloads\FreeHideIP-4.1.3.6.Setup (1).exe 2016-06-29 11:39:29 926C6C5A310C0E2EA5F50FEE7722A30A 2351581 ----a-w- C:\Users\charrel\Downloads\FreeHideIP-4.1.3.6.Setup.exe 2016-06-29 11:29:59 -------- d-----w- C:\ProgramData\SurfAnonymousFree 2016-06-29 11:22:34 35A5BAB153350BFE0C4B3053D6F7FAFC 2510855 ----a-w- C:\Users\charrel\Downloads\SurfAnonymousFree-2.5.4.2.Setup (1).exe 2016-06-29 11:22:16 35A5BAB153350BFE0C4B3053D6F7FAFC 2510855 ----a-w- C:\Users\charrel\Downloads\SurfAnonymousFree-2.5.4.2.Setup.exe 2016-06-22 06:38:34 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2016-06-21 18:44:24 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2016-06-20 22:44:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banner Maker Pro 9 2016-06-16 12:20:17 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 ====== C: exe-files == 2016-07-13 09:48:24 730887F27C85C481DED116008DF147B6 6144 ----atw- C:\Users\charrel\AppData\Local\Temp\Upgrader3.exe 2016-07-12 18:24:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\charrel.exe 2016-07-12 18:21:39 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\charrel\Downloads\RSITx64.exe 2016-07-08 10:50:27 1C23A4690EDBB7741E25C3386AC404D1 48289512 ----a-w- C:\ProgramData\Garmin\Core Update Service\APP-express-windows-4.1.22.0\GarminExpressInstaller.exe 2016-07-08 09:11:47 CE44B7F77D593BCD5D322AA297036C46 98456 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdateWebPlugin.exe 2016-07-08 09:11:47 8DEA412D23038A02BE48FA3C7758E896 98456 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdateBroker.exe 2016-07-08 09:11:47 092EC80CEE3C17DBD9D718DB7F042354 98456 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdateOnDemand.exe 2016-07-08 09:11:46 3AC9681D98B364D8B662419A99A2E708 1077152 ----a-w- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdateSetup.exe 2016-07-08 09:11:42 E9ED267236A0E1A4E4AE83EDFDB80588 178328 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdateComRegisterShell64.exe 2016-07-08 09:11:42 9334AE42D241E25AA2E4F28F3101077A 372376 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleCrashHandler64.exe 2016-07-08 09:11:42 7DA85752EAEA69676EE258081F131C73 291992 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleCrashHandler.exe 2016-07-08 09:11:42 4890B475C53D2DE1F2F2CCBA32F615EE 156824 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.3\GoogleUpdate.exe 2016-07-08 09:11:39 3AC9681D98B364D8B662419A99A2E708 1077152 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.3\GoogleUpdateSetup.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== Norton 8M deleted Open URL by RoboForm deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003\Software\Microsoft\Windows\CurrentVersion\Run] "Stremio"="C:\Users\charrel\AppData\Local\Programs\LNV\Stremio\Stremio.exe --trayed" "Wifi HotSpot"="C:\Program Files (x86)\WifiHotSpot2\WifiHotSpot.exe systray" "Google Update"="C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe /c" "GoogleChromeAutoLaunch_67A7E7694AF29336A3037DC386A152A8"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5" [HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Stremio"="C:\Users\charrel\AppData\Local\Programs\LNV\Stremio\Stremio.exe --trayed" "Wifi HotSpot"="C:\Program Files (x86)\WifiHotSpot2\WifiHotSpot.exe systray" "Google Update"="C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe /c" "GoogleChromeAutoLaunch_67A7E7694AF29336A3037DC386A152A8"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5" [HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "T-Mobile CManager"="C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\Manager.exe -autorun" [HKEY_USERS\S-1-5-21-3803305046-1514202074-806241562-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe" "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Stremio"="C:\Users\charrel\AppData\Local\Programs\LNV\Stremio\Stremio.exe --trayed" "Wifi HotSpot"="C:\Program Files (x86)\WifiHotSpot2\WifiHotSpot.exe systray" "Google Update"="C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe /c" "GoogleChromeAutoLaunch_67A7E7694AF29336A3037DC386A152A8"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" ==== Startup Folders ====================== 2016-05-29 13:35:41 1206 ----a-w- C:\Users\charrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 16:17] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29-08-2015 16:17] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3803305046-1514202074-806241562-1003Core.job --a-------- C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe [31-05-2016 10:21] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3803305046-1514202074-806241562-1003UA.job --a-------- C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe [31-05-2016 10:21] C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a-------- C:\Users\charrel\AppData\Roaming\HP Photo Creations\Communicator.exe [05-12-2015 04:47] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\afsluiten" [C:\Windows\System32\shutdown.exe] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3803305046-1514202074-806241562-1003Core" [C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3803305046-1514202074-806241562-1003UA" [C:\Users\charrel\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HP AR Program Upload - b7c9a6b7443d4fe283609bedb45dee1038dbae1ff0b844619b24567f71e3b915" [C:\Program Files\HP\HP Officejet 5740 series\bin\HPRewards.exe] "C:\WINDOWS\SysNative\tasks\HP Photo Creations Communicator" [C:\Users\charrel\AppData\Roaming\HP Photo Creations\Communicator.exe] "C:\WINDOWS\SysNative\tasks\HPCustPartic.exe_{B951B3F1-A0BD-4B46-9B48-E3CE2D4F0B58}" [C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Officejet 5740 series" ["C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6A730198-6101-4B55-BDDA-37F9E44D8A0D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Nero\Nero Info" [c:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default user_pref("browser.search.defaultenginename", "AVG Secure Search"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default - Free Hide IP - %ProfilePath%\extensions\support@free-hideip.com.xpi - RightToClick em:version2.9.5.1-signed em:type2 em:descriptionAllows right clicks highlighting and more where forbidden by javascript em:creatorNettiCat em:contributor em:optionsURLchrome:rtccontentrtcOptions.xul em:homepageURLhttp:nc.ddns.usextensions.html em:iconURLchrome:rtcskinrtclogo.png - %ProfilePath%\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi - DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\charrel\AppData\Roaming\Mozilla\Firefox\Profiles\0mj3grw2.default C426F7E678D6E539041847556059D5E8 - C:\Users\charrel\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll - Google Update 81CF73D4CDF07C45C6B5E442C62E40A9 - C:\Users\charrel\AppData\Local\SkypePlugin\7.3.0.501\npGatewayNpapi.dll - Skype Web Plugin 30058F2746B25F60DCC7624E227357D1 - C:\Users\charrel\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer 4B3CE2989CE371437F7E036088EE2A82 - C:\Users\charrel\AppData\Local\SkypePlugin\7.3.0.501\npGatewayNpapi-x64.dll - Skype Web Plugin ==== Deleted Firefox Extensions ====================== C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Pin It Button - charrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic Tag Assistant - charrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk Google Slides - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf Search Manager - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bahkljhhdeciiaodlkppoonappfnheoi YouTube - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.focalprice.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.focalprice.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hairfinder.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hairfinder.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.specsavers.nl_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.specsavers.nl_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_addons.prestashop.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_addons.prestashop.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adhoc-horecamakelaars.nl_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adhoc-horecamakelaars.nl_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adresar.hyperreality.cz_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adresar.hyperreality.cz_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.opensubtitles.org_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advertise.bingads.microsoft.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advertise.bingads.microsoft.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dwq4do82y8xi7.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_babylon5.wikia.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_babylon5.wikia.com_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_kidsfurniturebestdeals16.bl.ee_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_kidsfurniturebestdeals16.bl.ee_0.localstorage-journal deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.waterlanddeals.com_0.localstorage deleted successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.waterlanddeals.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.focalprice.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.focalprice.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{73cd434e-8e1e-46b6-bb8d-7dd935140717} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{2f23ab71-4ac6-41f2-a955-ea576e553146}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{73cd434e-8e1e-46b6-bb8d-7dd935140717} - No_Url_Value ==== Reset Google Chrome ====================== C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal was reset successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\charrel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\charrel\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\charrel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\charrel\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\charrel\AppData\Local\Mozilla\Firefox\Profiles\0mj3grw2.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\charrel\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5119 folders=591 747567947 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\charrel\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\charrel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 13-07-2016 at 12:38:43,92 ======================