Zoek.exe v5.0.0.0 Updated 22-05-2014 Tool run by leon on zo 25-05-2014 at 6:32:01,68. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\leon\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 25-5-2014 06:34:41 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Pando Networks deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Avid deleted successfully C:\PROGRA~3\eMule deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Pinnacle Studio Plus deleted successfully C:\Users\leon\AppData\Roaming\proDAD deleted successfully C:\Users\leon\AppData\Local\ms-drivers deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2888209308-4153397200-2363281333-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CDFC26A-C4C7-4FE5-92F4-F2CFB971F6B7} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Batch Command(s) Run By Tool====================== C:\WINDOWS\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SopCast deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\tasks\AmiUpdXp deleted C:\end deleted C:\WINDOWS\Syswow64\RegistryHelperLM.ocx deleted "C:\WINDOWS\tasks\AmiUpdXp.job" deleted "C:\ProgramData\cm-lock" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-05-17 01:49:03 4BA1B313D71F8AF1282DAC37527FE06B 492581454 ----a-w- C:\WINDOWS\MEMORY.DMP ====== C:\Users\leon\AppData\Local\Temp ==== 2014-05-17 22:52:06 2C0F4C3A99DF15FF043C990C8BF419B7 1938944 ----a-w- C:\Users\leon\AppData\Local\Temp\MsiToExe.SetupExtension.msi 2014-05-17 22:51:57 F5CCF424BD96A3F3840B4A05BA1A304A 6941856 ----a-w- C:\Users\leon\AppData\Local\Temp\RegistryHelperSetupAM2.exe 2014-05-17 05:52:23 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\leon\AppData\Local\Temp\sfamcc00001.dll 2014-05-15 17:49:07 B9C96C81E5CB5340D0699A3BF87A62A7 56294024 ----a-w- C:\Users\leon\AppData\Local\Temp\TorrentStream.exe ====== Java Cache ===== 2014-05-03 21:37:07 4DB9365FFDEDF03D1369D11D38CC88BA 11440 ----a-w- C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\67a14222-2f6a9975 2014-05-03 21:37:07 EEC89C9778442167DA60672932ADF590 85 ----a-w- C:\Users\leon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\662c6fb5-c655132ce91a76c7d9728e633131717cd5c10f44b9d10b53dd4843b0a7078080-6.0.lap ====== C:\WINDOWS\SysWOW64 ===== 2014-05-17 05:51:59 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\WINDOWS\SysWOW64\initdebug.nfo 2014-05-14 19:18:36 1DEC681B79501A714F0D3FA2787183C3 305152 ----a-w- C:\WINDOWS\SysWOW64\wusa.exe 2014-05-14 19:17:54 9A11476467400E32083BCBF7A06EFF18 11792384 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 19:17:53 AB3A013BA1C50B2309E5BF8136600656 828928 ----a-w- C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 19:17:53 51B615EF9408277FEF586EB97583844E 666624 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 19:17:53 3F0DB8120F65E3223B4EAF6CA4CDB3C5 754688 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 19:17:53 0542A44401EA9451D82D3DF4BF3BD871 419928 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 19:17:52 DC72DC452793C9622E6F056B89F9302C 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 19:17:52 D8C63F333D4A8D8433849A9ADC092BE9 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 19:17:52 8DA8026471B3470085B4AFB9C77BF45F 25088 ----a-w- C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 19:17:52 82119579B000F62D96B083BC6A246C07 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 19:17:41 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 19:17:40 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 19:17:22 BA4FA107EF9A728C58A81B2EFCD6FE2B 26784 ----a-w- C:\WINDOWS\SysWOW64\mrt100.dll 2014-05-14 19:17:22 6923D6FAB7CBA8D82BD792182B4F3DE4 80032 ----a-w- C:\WINDOWS\SysWOW64\mrt_map.dll 2014-05-14 19:17:21 B5507F49CB2E2516746BD55B9F671925 18679728 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-05-14 19:18:36 326715361A7D1C65983BFE920990E4EF 308224 ----a-w- C:\WINDOWS\Sysnative\wusa.exe 2014-05-14 19:17:57 7E609FBF50774CC5A239420FE34EBB9C 3464192 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2014-05-14 19:17:57 3DF281C1553A6124DEF875C19D46AC0D 190976 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll 2014-05-14 19:17:55 739F99ADA1F0A4188F683918809FE7AC 13288960 ----a-w- C:\WINDOWS\Sysnative\twinui.dll 2014-05-14 19:17:54 4FB80968811FAD6E88ABFAA98E51305C 1705472 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2014-05-14 19:17:53 E859E9B4A0300F56C94D2C69F6F65657 827392 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2014-05-14 19:17:53 C383B71BAAC22CCE37B99339AEB62F1E 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2014-05-14 19:17:53 AF1BC4F5421023D59F1D472C1A4E01CF 921088 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-05-14 19:17:53 850FC6B2E385766B9972CDBE947989F6 381440 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2014-05-14 19:17:53 7F15F3E0F847D90EB3A2124258E6B1DC 54776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2014-05-14 19:17:53 766DCDC7032C4C98E47B8A9F71239E38 555736 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll 2014-05-14 19:17:53 68CB2B575F0C67BB14590D1471285287 201728 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll 2014-05-14 19:17:53 5F74A7DB62F6D560B0C858A096A37B59 1054208 ----a-w- C:\WINDOWS\Sysnative\twinui.appcore.dll 2014-05-14 19:17:53 1EC3AACDB335533A7470245C683ACF94 56320 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2014-05-14 19:17:52 FD3638782572A8281BCF12520F6579F4 79872 ----a-w- C:\WINDOWS\Sysnative\WSReset.exe 2014-05-14 19:17:52 E9F333234A5641E2FEF2F5240BDD56B8 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2014-05-14 19:17:52 736046C9AFD66BA29BA61ACD582E7A7B 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2014-05-14 19:17:41 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-05-14 19:17:41 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-05-14 19:17:22 D178F55D53B9A10FFBDC134C95517846 28320 ----a-w- C:\WINDOWS\Sysnative\mrt100.dll 2014-05-14 19:17:22 A750229C96A406EE123F43916053F142 86688 ----a-w- C:\WINDOWS\Sysnative\mrt_map.dll 2014-05-14 19:17:21 06070D4CC64300D473C55ABDC887B63C 21225584 ----a-w- C:\WINDOWS\Sysnative\shell32.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-05-14 19:18:34 019CC610AD95FF47EAD7C08B7A683B96 257880 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys 2014-05-14 19:18:33 6CC1BB8F6851A262E2E824F0E92D5EEF 123224 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys 2014-05-14 19:18:32 F5D4FA3E1F4879C361FFF3855259D2C2 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys ====== C:\WINDOWS\Tasks ====== 2014-05-25 02:51:32 BBBA5032E826531BE3A890EBF80F4AD2 4052 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2014-05-25 02:51:32 489364D1273EDC6D22A005CD8A799A4D 1080 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-25 02:51:30 FAD1607C495746D735B622406004B992 3816 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2014-05-25 02:51:30 D8202CB20B53CD3903E9607D0D9972FB 1076 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-14 22:23:29 F5C6D6B0F4F0443CFBED5EE6F208EAFA 830 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-14 22:23:29 8C969289EFAEE28A9D3C9113A3654DAB 3718 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2014-05-05 21:51:46 0FB3FCA4BED235C0EE463F1D15896CF8 3510 ----a-w- C:\WINDOWS\Sysnative\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hooijer.l@hotmail.com ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-05-25 04:05:05 -------- d-----w- C:\Program Files\trend micro 2014-05-24 15:10:52 -------- d-----w- C:\Program Files\Speccy 2014-05-05 21:25:39 -------- d-----w- C:\Program Files\Common Files\Adobe 2014-05-03 22:13:26 -------- d-----w- C:\Program Files\GIMP 2 ======= C:\PROGRA~2 ===== 2014-05-22 17:32:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-05-22 17:32:07 -------- d-----r- C:\PROGRA~2\Skype 2014-05-17 22:52:08 -------- d-----w- C:\PROGRA~2\MSR 2014-05-04 18:54:05 -------- d-----w- C:\PROGRA~2\MetaGeek 2014-05-03 07:46:58 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe AIR ======= C: ===== 2014-05-05 21:02:41 EAB6877116A6DE78060DB5CCF583E50B 40 ---ha-w- C:\C9C282A82366 ====== C:\Users\leon\AppData\Roaming ====== 2014-05-25 02:51:07 -------- d-----w- C:\Users\leon\AppData\Local\Deployment 2014-05-17 22:52:02 -------- d-----w- C:\Users\leon\AppData\Local\6041 2014-05-15 18:53:12 -------- d-----w- C:\Users\leon\AppData\Local\PCStreams3 2014-05-15 18:14:14 -------- d-----w- C:\Users\leon\AppData\Roaming\.Torrent Stream 2014-05-15 18:08:28 -------- d-----w- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Stream 2014-05-15 18:07:43 -------- d-----w- C:\Users\leon\AppData\Roaming\TorrentStream 2014-05-14 18:11:04 -------- d-----w- C:\Users\leon\AppData\Local\Chromium 2014-05-14 17:59:41 -------- d-----w- C:\Users\leon\AppData\Local\Sports Interactive 2014-05-04 18:59:13 103F22251771D3974EAC90FBA4EBFF55 37 --sh--w- C:\Users\leon\AppData\Local\70149b02515b3bb20dd492.47983420 2014-05-04 18:59:09 -------- d-----w- C:\Users\leon\AppData\Local\MetaGeek,_LLC 2014-05-04 18:56:45 -------- d-----w- C:\Users\leon\AppData\Local\Diagnostics 2014-05-04 18:55:19 -------- d-sh--w- C:\Users\leon\AppData\Locallow\EmieUserList 2014-05-04 18:55:13 -------- d-sh--w- C:\Users\leon\AppData\Local\EmieUserList 2014-05-04 18:55:13 -------- d-sh--w- C:\Users\leon\AppData\Local\EmieSiteList 2014-05-04 18:55:07 -------- d-sh--w- C:\Users\leon\AppData\Locallow\EmieSiteList 2014-05-04 18:54:05 -------- d-----w- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek 2014-05-04 15:03:38 EE0AA40D69D7189901ACF4C6BDF03A0C 47531 ----a-w- C:\Users\leon\AppData\Local\recently-used.xbel 2014-05-03 22:30:15 -------- d-----w- C:\Users\leon\AppData\Local\gtk-2.0 2014-05-03 22:24:21 -------- d-----w- C:\Users\leon\AppData\Local\fontconfig 2014-05-03 22:24:19 -------- d-----w- C:\Users\leon\AppData\Local\gegl-0.2 2014-05-03 08:03:30 -------- d-----w- C:\Users\leon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2014-05-03 07:57:29 -------- d-----w- C:\Users\leon\AppData\Roaming\PDAppFlex ====== C:\Users\leon ====== 2014-05-25 04:04:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\leon\Downloads\RSITx64 (1).exe 2014-05-25 04:03:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\leon\Downloads\RSITx64.exe 2014-05-25 03:12:43 !HASH: COULD NOT OPEN FILE !!!!! 0 ----a-w- C:\ProgramData\cm-lock 2014-05-25 02:52:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-22 17:32:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-15 18:53:12 -------- d-----w- C:\ProgramData\PCStreams 2014-05-14 17:59:39 -------- d-----w- C:\ProgramData\Steam 2014-05-03 22:30:18 -------- d-----w- C:\Users\leon\.thumbnails 2014-05-03 22:24:20 -------- d-----w- C:\Users\leon\.gimp-2.8 ====== C: exe-files == 2014-05-25 04:05:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\leon.exe 2014-05-25 04:04:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\leon\Downloads\RSITx64 (1).exe 2014-05-25 04:03:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\leon\Downloads\RSITx64.exe 2014-05-25 02:51:51 3AF5806AAB54D86CDA7AAA034FD2C35E 38382160 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\35.0.1916.114\35.0.1916.114_chrome_installer.exe 2014-05-25 02:51:30 D893431503D5112DC3B799DF963D2AC8 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateComRegisterShell64.exe 2014-05-25 02:51:30 D5A444B63637EC0932172C6719A10252 263048 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe 2014-05-25 02:51:30 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateSetup.exe 2014-05-25 02:51:30 720546B84ED5229E1584C8F3533A2F12 328072 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe 2014-05-25 02:51:30 6FC454773ABF8DE9A33B35E03525140D 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateOnDemand.exe 2014-05-25 02:51:30 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2014-05-25 02:51:30 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdate.exe 2014-05-25 02:51:30 49B70FBEEC01A69CA9AC115C109E9CDD 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleUpdateBroker.exe 2014-05-25 02:51:25 30485BC4DAAA839808CB0F19D80D8AB8 10120 ----a-w- C:\Users\leon\AppData\Local\Apps\2.0\KOL5VHX4.LYA\9ZNLHCCA.16M\inst...app_4fe91ede9f9bdca3_0001.0003_62a41fd7933a48bd\clickonce_bootstrap.exe 2014-05-25 02:51:24 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Users\leon\AppData\Local\Apps\2.0\KOL5VHX4.LYA\9ZNLHCCA.16M\inst...app_4fe91ede9f9bdca3_0001.0003_62a41fd7933a48bd\GoogleUpdateSetup.exe 2014-05-25 02:51:24 BE472797288F53AA9F56974B1A1FC18F 918672 ----a-w- C:\Users\leon\AppData\Local\Apps\2.0\KOL5VHX4.LYA\9ZNLHCCA.16M\clic...exe_4fe91ede9f9bdca3_0001.0003_none_e0b66a49f1dbb42d\GoogleUpdateSetup.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2888209308-4153397200-2363281333-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" "Intel AppUp(R) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Reader Application Helper"="C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO " "BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-08-06 16:04:46 1138 ----a-w- C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-05-2014 00:23] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-05-2014 04:51] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-05-2014 04:51] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [23-10-2012 22:10] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{87381594-310D-4850-82B9-95B55671E92A}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\NCH Software\DebutReminder" [C:\Program Files (x86)\NCH Software\Debut\Debut.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VHDInformationCheck" ["%ProgramFiles(x86)%\Sony\VAIO Recovery\plugins\InformationCheck.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\CRMReminder" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VAIO Care" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCCheckIolo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCMetrics" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCOneClick" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCSelfHeal" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\Level4Daily" [C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\Level4Month" [C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem" [C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser" [C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start" [C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Gate\VAIO Gate" [C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask" [C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader" [C:\Program Files\Sony\VAIO Improvement\viuploader.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update" ["C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start" [C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe] ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "magicplayer@torrentstream.org"="C:\Users\leon\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org" [15-05-2014 20:36] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gpicboiclhmnllnjdcfcffifpoaebgkm - C:\Program Files (x86)\Freecorder extension\Freecorder.crx[] ochbjojkpcmlfeagbaahkofepalngihg - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ochbjojkpcmlfeagbaahkofepalngihg - C:\Users\leon\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx[29-04-2014 23:29] Google Docs - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\leon\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.findwide.com/?guid={880FFBAD-1D37-4987-AD66-BD1F94877397}&serpv=22" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.findwide.com/?guid={880FFBAD-1D37-4987-AD66-BD1F94877397}&serpv=22" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{AB00872C-C5D7-4B12-A825-25F70461B265}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {29994D9C-8408-421A-90EC-569574A35E7D} eBay Url="http://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=http://shop.ebay.co.uk/?oemInLn=ieSrch-Q113&_nkw={searchTerms}" {53F44D0D-EA0A-4797-B03E-0C00F0A6891D} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {AB00872C-C5D7-4B12-A825-25F70461B265} FindWide Url="http://search.findwide.com/serp?guid={880FFBAD-1D37-4987-AD66-BD1F94877397}&action=default_search&serpv=22&k={searchTerms}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:8118;https=127.0.0.1:8118" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=120 folders=32 29636884 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\leon\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\leon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\cm-lock" not deleted ==== EOF on zo 25-05-2014 at 10:01:53,65 ======================