Zoek.exe v5.0.0.0 Updated 16-07-2014 Tool run by arno on za 19/07/2014 at 18:46:08,57. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\arno\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-05-01-110453.log 44170 bytes ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\PROGRA~3\{05C334F7-C2A4-418A-9BC8-1542AE38D62B} deleted successfully C:\Users\safe\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"=- "svchost"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "612601db"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\{05C334F7-C2A4-418A-9BC8-1542AE38D62B} not found C:\PROGRA~3\{05C334F7-C2A4-418A-9BC8-1542AE38D62B} not found "C:\Windows\zoek-delete.exe" not found C:\ProgramData\{9B09061B-0A4F-42DA-9987-7D3F452DCB09} deleted C:\ProgramData\{9597097D-B8DC-4754-AF2D-CB61CCFC861A} deleted C:\ProgramData\{EB21323D-3F46-4EF0-B849-B096B7705C69} deleted C:\ProgramData\{9F570B21-E27A-40BE-A508-292899A7D042} deleted C:\ProgramData\{AF79C86B-2321-4D47-A168-2A24BA2B6A73} deleted C:\ProgramData\{B7C85E99-2AC6-455D-B4D1-752A56403757} deleted C:\ProgramData\{57B31BE2-3175-4425-9722-D2AC5F68C7BD} deleted C:\ProgramData\{BD26D777-CA21-4BDD-A581-6BCFE4F0F941} deleted C:\ProgramData\{C6A355F5-168B-4EEC-AB7C-75594F783EDB} deleted C:\ProgramData\{7FC62C74-A9B7-42DD-AD85-966127F1BCC6} deleted C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\zoek_backup deleted C:\PROGRA~2\LPT deleted C:\Users\arno\AppData\Roaming\YoudaGames deleted C:\Users\arno\AppData\Local\LPT deleted C:\Users\arno\Searches deleted C:\Windows\SysWow64\AI_RecycleBin deleted "C:\Windows\Installer\c1d6852.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\arno\AppData\Local\Temp ==== ====== Java Cache ===== 2014-07-19 14:18:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\safe\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-29732235 ====== C:\Windows\SysWOW64 ===== 2014-07-09 13:47:44 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-09 13:47:43 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2014-07-09 13:47:39 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 13:47:39 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-07-09 13:47:39 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 13:47:39 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 13:47:38 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 13:47:38 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-07-09 13:47:38 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 13:47:38 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 13:47:38 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-07-09 13:47:37 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-07-09 13:47:37 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 13:47:37 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 13:47:36 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 13:47:36 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-07-09 13:47:35 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-07-09 13:47:35 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 13:47:35 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 13:47:34 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-07-09 13:47:33 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 13:47:32 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-07-09 13:47:32 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 13:47:32 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-07-09 13:47:31 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-07-09 13:47:31 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-07-09 13:47:31 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 13:47:31 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 13:47:12 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-07-09 13:47:12 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-07-09 03:50:11 5893E2393BBEAD344BC726B280B1CC79 10603008 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-09 13:47:45 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-07-09 13:47:44 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe 2014-07-09 13:47:43 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2014-07-09 13:47:39 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-07-09 13:47:39 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-07-09 13:47:38 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-07-09 13:47:38 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-07-09 13:47:38 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-07-09 13:47:37 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-07-09 13:47:36 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-07-09 13:47:35 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-07-09 13:47:35 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-07-09 13:47:34 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-07-09 13:47:34 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-07-09 13:47:33 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-07-09 13:47:33 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-07-09 13:47:33 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-07-09 13:47:31 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-07-09 13:47:30 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-07-09 13:47:29 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-07-09 13:47:29 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-07-09 13:47:28 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-07-09 13:47:28 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-07-09 13:47:27 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-07-09 13:47:26 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-07-09 13:47:26 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-07-09 13:47:25 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-07-09 13:47:25 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-07-09 13:47:24 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-07-09 13:47:23 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-07-09 13:47:22 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-07-09 13:47:21 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-07-09 13:47:20 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-07-09 13:47:13 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll ====== C:\Windows\Sysnative\drivers ===== 2014-07-09 13:47:41 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2014-06-26 13:22:10 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\Windows\Sysnative\drivers\GEARAspiWDM.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-26 13:24:23 -------- d-----w- C:\Program Files\Common Files\Native Instruments 2014-06-26 13:21:29 -------- d-----w- C:\Program Files\iPod 2014-06-26 13:21:28 -------- d-----w- C:\Program Files\iTunes 2014-06-26 13:17:33 -------- d-----w- C:\Program Files\Native Instruments ======= C:\PROGRA~2 ===== 2014-06-26 13:24:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Native Instruments 2014-06-26 13:21:28 -------- d-----w- C:\PROGRA~2\iTunes 2014-06-26 13:20:12 -------- d-----w- C:\PROGRA~2\Apple Software Update 2014-06-26 13:16:52 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple ======= C: ===== ====== C:\Users\arno\AppData\Roaming ====== 2014-07-19 14:18:44 -------- d-----w- C:\Users\safe\AppData\Locallow\Sun 2014-07-19 14:17:31 -------- d-s---w- C:\Users\safe\AppData\Locallow\Microsoft 2014-07-19 14:14:17 -------- d-----w- C:\Users\safe\AppData\Local\Google 2014-07-19 14:12:24 B3251602E60FDB9442213F940D20CA80 110048 ----a-w- C:\Users\safe\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-19 14:11:59 -------- d-----w- C:\Users\safe\AppData\Roaming\Adobe 2014-07-19 14:11:55 -------- d-----r- C:\Users\safe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-07-19 14:11:55 -------- d-----r- C:\Users\safe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-07-19 14:11:43 -------- d-----w- C:\Users\safe\AppData\Roaming\Identities 2014-07-19 14:11:21 -------- d-s---w- C:\Users\safe\AppData\Roaming\Microsoft 2014-07-19 14:11:21 -------- d-----w- C:\Users\safe\AppData\Roaming\Media Center Programs 2014-07-19 14:11:21 -------- d-----w- C:\Users\safe\AppData\Local\Temp 2014-07-19 14:11:21 -------- d-----w- C:\Users\safe\AppData\Local\Microsoft Help 2014-07-19 14:11:21 -------- d-----w- C:\Users\safe\AppData\Local\Microsoft 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-26 13:22:45 -------- d-----w- C:\Users\arno\AppData\Roaming\Apple Computer 2014-06-26 13:22:45 -------- d-----w- C:\Users\arno\AppData\Local\Apple Computer ====== C:\Users\arno ====== 2014-07-19 15:08:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\arno\Downloads\RSITx64 (2).exe 2014-07-19 14:11:55 -------- d-----r- C:\Users\safe\Searches 2014-07-19 14:11:29 -------- d-----r- C:\Users\safe\Contacts 2014-07-19 14:11:21 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\safe\ntuser.ini 2014-07-19 14:11:21 -------- d--h--w- C:\Users\safe\AppData 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Videos 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Saved Games 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Pictures 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Music 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Links 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Favorites 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Downloads 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Documents 2014-07-19 14:11:21 -------- d-----r- C:\Users\safe\Desktop 2014-06-26 13:24:28 -------- d-----w- C:\ProgramData\Native Instruments 2014-06-26 13:22:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-06-26 13:21:28 -------- d-----w- C:\ProgramData\Apple Computer 2014-06-26 13:17:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2533528585-1281325381-2656693861-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\arno\AppData\Local\Akamai\netsession_win.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "Aeria Ignite"="C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe silent" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\arno\AppData\Local\Akamai\netsession_win.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\gsb779~1.ena" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Aeria Ignite" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/07/2014 05:50] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2533528585-1281325381-2656693861-1000Core.job --a------ C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe [27/12/2013 16:17] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2533528585-1281325381-2656693861-1000UA.job --a------ C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe [27/12/2013 16:17] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/12/2013 21:58] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/12/2013 21:58] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2533528585-1281325381-2656693861-1000Core" [C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2533528585-1281325381-2656693861-1000UA" [C:\Users\arno\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\{DED912F8-6287-40C9-9E29-18BBE11F2AA0}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/12/2013 22:54] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] YouTube Center - arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcegdpionpopahcglnfiiioapcclamdj Last updated at time on date - arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb avast Online Security - arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Skype Click to Call - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyricstranslate.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.directlyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.directlyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elyrics.net_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elyrics.net_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsreg.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsreg.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricstime.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricstime.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.onlylyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.onlylyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.releaselyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.releaselyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sweetslyrics.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sweetslyrics.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverfindertool.com_0.localstorage deleted successfully C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_driverfindertool.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\safe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\arno\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\safe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=31 folders=0 120970 bytes) ==== Empty Temp Folders ====================== C:\Users\arno\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\safe\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\arno\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 19/07/2014 at 19:32:09,63 ======================