Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Kyarah on za 05/04/2014 at 12:01:39,83. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kyarah\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2013-08-19-205542.log 36242 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Settings Manager deleted successfully C:\Program Files\Common Files\Symantec Shared deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Kyarah\AppData\Roaming\CheckPoint deleted successfully C:\Users\Kyarah\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Kyarah\AppData\Roaming\TP deleted successfully C:\Users\Kyarah\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CB7CDA95-C0F8-4946-A40D-32F962516666} deleted successfully HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Settings Manager not found C:\Program Files (x86)\Linkey not found C:\Users\Kyarah\Downloads\iLividSetup-r1203-n-bc - Snelkoppeling.lnk deleted C:\Users\Kyarah\AppData\LocalLow\imeshtoolbar deleted C:\Users\Kyarah\AppData\LocalLow\DataMngr deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\DTReg deleted "C:\Windows\Installer\2288483.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kyarah\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-04-01 09:23:42 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-01 09:22:23 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-04-01 09:22:23 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-01 09:22:23 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-03-07 17:00:31 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys ====== C:\Windows\Tasks ====== 2014-03-07 16:58:02 -------- d-----w- C:\Windows\Sysnative\Tasks\Apple ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-03-31 09:29:24 -------- d-----w- C:\Program Files\trend micro 2014-03-07 16:59:57 -------- d-----w- C:\Program Files\iTunes 2014-03-07 16:59:57 -------- d-----w- C:\Program Files\iPod 2014-03-07 16:57:46 -------- d-----w- C:\Program Files\Common Files\Apple 2014-03-07 16:57:31 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2014-03-28 07:41:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-03-20 17:20:58 -------- d-----w- C:\PROGRA~2\GeoGebra 4.4 2014-03-07 16:59:57 -------- d-----w- C:\PROGRA~2\iTunes 2014-03-07 16:58:01 -------- d-----w- C:\PROGRA~2\Apple Software Update 2014-03-07 16:57:31 -------- d-----w- C:\PROGRA~2\Bonjour 2014-03-07 16:57:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple ======= C: ===== ====== C:\Users\Kyarah\AppData\Roaming ====== 2014-03-28 07:41:46 -------- d-----w- C:\Users\Kyarah\AppData\Local\Skype 2014-03-26 11:48:29 -------- d-----w- C:\Users\Kyarah\AppData\Roaming\Mozilla 2014-03-20 17:22:00 -------- d-----w- C:\Users\Kyarah\AppData\Roaming\GeoGebra 4.4 2014-03-07 17:01:11 -------- d-----w- C:\Users\Kyarah\AppData\Roaming\Apple Computer 2014-03-07 17:01:11 -------- d-----w- C:\Users\Kyarah\AppData\Local\Apple Computer 2014-03-07 16:58:02 -------- d-----w- C:\Users\Kyarah\AppData\Local\Apple 2014-03-07 16:57:57 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer ====== C:\Users\Kyarah ====== 2014-04-01 10:04:40 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kyarah\Downloads\RSITx64 (3).exe 2014-04-01 09:18:29 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Kyarah\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-01 09:10:12 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\Kyarah\Downloads\adwcleaner.exe 2014-03-31 09:32:15 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kyarah\Downloads\RSITx64 (2).exe 2014-03-31 09:28:05 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kyarah\Downloads\RSITx64 (1).exe 2014-03-31 09:24:42 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Kyarah\Downloads\RSITx64.exe 2014-03-31 09:07:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-03-28 07:41:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-03-20 17:21:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.4 2014-03-07 17:01:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-03-07 16:59:57 -------- d-----w- C:\ProgramData\Apple Computer 2014-03-07 16:59:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-07 16:57:09 -------- d-----w- C:\ProgramData\Apple ====== C: exe-files == 2014-04-05 10:08:50 8E5BDE8919C805F7DC20FD113BE44EE5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-120730179-43632052-1941440850-1001\$IF5LD0B.exe 2014-04-05 10:02:24 2ED2319F3DE13495AAA49B70A1467055 1285120 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-120730179-43632052-1941440850-1001\$RF5LD0B.exe 2014-04-05 09:57:55 7459E77886100C000CB0080345B3D454 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-120730179-43632052-1941440850-1001\$IKCG1LY.exe 2014-04-05 09:47:57 DD6B67380A24750A44E928CE204812D1 869456 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-120730179-43632052-1941440850-1001\$RKCG1LY.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-120730179-43632052-1941440850-1001\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe /minimized" "Facebook Update"="C:\Users\Kyarah\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "AVG-Secure-Search-Update_0913b"="C:\Users\Kyarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 48f342c61d6c47d0a1b39da204baeccf-a68cfaf925b4696d1357f5fd2c1c84ccae305a28 --CMPID 0913b" "FLV Player"="C:\Users\Kyarah\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "FLxHCIm64"="C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" "HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "ZoneAlarm Installer"="C:\Program Files (x86)\CheckPoint\Install\Launcher.exe C:\Program Files (x86)\CheckPoint\Install\Install.exe /r install /c C:\Program Files (x86)\CheckPoint\Install\Install.xml" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "ooVoo.exe"="C:\Program Files (x86)\ooVoo\oovoo.exe /minimized" "Facebook Update"="C:\Users\Kyarah\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "AVG-Secure-Search-Update_0913b"="C:\Users\Kyarah\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 48f342c61d6c47d0a1b39da204baeccf-a68cfaf925b4696d1357f5fd2c1c84ccae305a28 --CMPID 0913b" "FLV Player"="C:\Users\Kyarah\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\Linkey\\IEEXTE~1\\iedll.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2013-02-19 07:32:53 1051 ----a-w- C:\Users\Kyarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/03/2014 20:56] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-120730179-43632052-1941440850-1001Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-120730179-43632052-1941440850-1001UA.job --a------ C:\Users\Kyarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [30/04/2013 18:21] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2012 20:21] C:\Windows\tasks\HPCeeScheduleForKyarah.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 05:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-120730179-43632052-1941440850-1001Core" [C:\Users\Kyarah\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-120730179-43632052-1941440850-1001UA" [C:\Users\Kyarah\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForKyarah" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1050 J410 series" ["C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25/08/2011 05:41] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 10:53] Website Logon - Kyarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa Skype Click to Call - Kyarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ==== Chrome Fix ====================== C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.default-search.net?sid=476&aid=115&itype=n&ver=11471&tm=292&src=hmp" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-5/4?mpre=http://www.benl.ebay.be/sch/i.html?_nkw={searchTerms}" {DD10FCBC-4C1D-4894-A337-65BDCFFDDF71} Search By ZoneAlarm Url="http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116030558530516-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=32b389660000000000004ceb425e0539&q={searchTerms}&r=795" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kyarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kyarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Kyarah\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kyarah\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Kyarah\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=143 folders=28 1624802 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kyarah\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kyarah\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Search Results Toolbar" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 05/04/2014 at 12:36:29,34 ======================