Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by BonnotKylie on wo 11/06/2014 at 17:05:10,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\BonnotKylie\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 11/06/2014 17:07:29 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~2\Zynga deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\NtiDvdCopy deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\ZoomBrowser deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\Users\BonnotKylie\AppData\Roaming\.# deleted successfully C:\Users\BonnotKylie\AppData\Roaming\FolderSync deleted successfully C:\Users\BonnotKylie\AppData\Roaming\HpUpdate deleted successfully C:\Users\BonnotKylie\AppData\Roaming\Lite deleted successfully C:\Users\BonnotKylie\AppData\Local\Downloaded Installations deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.0 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "BrowserMngr Start Page"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "BrowserMngrDefaultScope"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuactivation.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npsguide.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spotify.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\PROGRA~3\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found C:\Program Files (x86)\uTorrentBar deleted C:\Program Files (x86)\ConduitEngine deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\1ClickDownload deleted C:\PROGRA~2\Conduit deleted C:\extensions deleted C:\Users\BonnotKylie\AppData\Roaming\ZoomBrowser EX deleted C:\Users\BonnotKylie\AppData\Roaming\Babylon deleted C:\Users\BonnotKylie\AppData\Roaming\File Scout deleted C:\Users\BonnotKylie\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Browser Manager deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\AVG Secure Search deleted C:\Users\BonnotKylie\AppData\Local\AVG Secure Search deleted C:\Users\BonnotKylie\AppData\LocalLow\AVG Secure Search deleted C:\Users\BonnotKylie\AppData\LocalLow\BabylonToolbar deleted C:\Users\BonnotKylie\AppData\LocalLow\Zynga deleted C:\Users\BonnotKylie\AppData\LocalLow\uTorrentBar deleted C:\Users\BonnotKylie\AppData\LocalLow\PriceGong deleted C:\Users\BonnotKylie\AppData\LocalLow\Conduit deleted C:\Users\BonnotKylie\AppData\LocalLow\ConduitEngine deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\wininit.ini deleted C:\user.js deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.0\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.0" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BONNOT~1\AppData\Local\Temp ==== 2014-06-11 08:34:34 5634C601025C31032A0AF1590B4C0CA6 43008 ----a-w- C:\Users\BonnotKylie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppjwf2w.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 06:35:21 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 06:35:20 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-11 13:08:38 -------- d-----w- C:\Program Files\trend micro 2014-06-02 06:00:07 -------- d-----w- C:\Program Files\iPod 2014-06-02 06:00:06 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-06-02 06:00:06 -------- d-----w- C:\PROGRA~2\iTunes 2014-05-14 18:01:42 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER ======= C: ===== ====== C:\Users\BonnotKylie\AppData\Roaming ====== 2014-05-15 16:01:00 -------- d-----w- C:\Users\BonnotKylie\AppData\Roaming\DropboxMaster 2014-05-15 16:00:47 -------- d-----w- C:\Users\BonnotKylie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-15 16:00:15 -------- d-----w- C:\Users\BonnotKylie\AppData\Roaming\Dropbox 2014-05-14 10:49:53 -------- d-----w- C:\Users\BonnotKylie\AppData\Local\Spotify 2014-05-14 10:49:33 -------- d-----w- C:\Users\BonnotKylie\AppData\Roaming\Spotify ====== C:\Users\BonnotKylie ====== 2014-06-02 06:01:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-06-02 06:00:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-30 06:45:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-15 16:12:55 -------- d-----r- C:\Users\BonnotKylie\Dropbox ====== C: exe-files == 2014-06-11 13:08:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\BonnotKylie.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe " "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Spotify Web Helper"="C:\Users\BonnotKylie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED " "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Standby"="C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe -START" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AutoStartNPSAgent"="C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe " "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "Spotify Web Helper"="C:\Users\BonnotKylie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\browse~1\\261519~1.190\\{16cdf~1\\browse~1.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Facebook Update"="\"C:\\Users\\BonnotKylie\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" "Spotify"="\"C:\\Users\\BonnotKylie\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" "Spotify Web Helper"="\"C:\\Users\\BonnotKylie\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "EgisTecLiveUpdate"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "APSDaemon"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "BackupManagerTray"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" ==== Startup Folders ====================== 2014-05-15 16:01:04 1065 ----a-w- C:\Users\BonnotKylie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-02-08 15:56:38 1148 ----a-w- C:\Users\BonnotKylie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk 2011-06-17 10:17:06 2103 ---ha-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 11:08] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3838520216-1379074088-1384407620-1001Core.job --a------ C:\Users\BonnotKylie\AppData\Local\Facebook\Update\FacebookUpdate.exe [06/02/2014 16:28] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3838520216-1379074088-1384407620-1001UA.job --a------ C:\Users\BonnotKylie\AppData\Local\Facebook\Update\FacebookUpdate.exe [06/02/2014 16:28] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/06/2010 14:32] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/06/2010 14:32] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Egis technology-online actualiseringsprogramma" [C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3838520216-1379074088-1384407620-1001Core" [C:\Users\BonnotKylie\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3838520216-1379074088-1384407620-1001UA" [C:\Users\BonnotKylie\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\McQcModifier-5c47-a7b0" [C:\ProgramData\McQcModifier-5c47-a7b0\McQcModifier-5c47-a7b0.cmd] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\{5F2D68D3-E82D-4342-82B7-0269A1866113}" [C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe] "C:\Windows\SysNative\tasks\{802FC847-2D78-4F05-9D76-109B355B323B}" [C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17/06/2011 12:18] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5741&r=27360610b545l0474z1l5t4432j80r" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=115291&tt=120912_ccp_3812_5&babsrc=NT_ss&mntrId=24a0ffa3000000000000f07bcb067ed5" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.babylon.com/?affID=115291&tt=120912_ccp_3812_5&babsrc=NT_ss&mntrId=24a0ffa3000000000000f07bcb067ed5" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE385BE385" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3838520216-1379074088-1384407620-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hpwucli.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuactivation.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\BonnotKylie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\BonnotKylie\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\BonnotKylie\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\BonnotKylie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1UF8OIP will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=718 folders=269 230105802 bytes) ==== Empty Temp Folders ====================== C:\Users\BonnotKylie\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BONNOT~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\BonnotKylie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1UF8OIP" deleted ==== EOF on wo 11/06/2014 at 17:31:29,97 ======================