Zoek.exe v5.0.0.0 Updated 26-08-2014 Tool run by Deckx_Van_Damme on di 26/08/2014 at 19:35:19,35. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Deckx_Van_Damme\Downloads\zoek (1).exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 26/08/2014 19:36:04 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Deal Keeper deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\ASRock deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Soldiers deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Sparta deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1286346882-3906972412-2366602759-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\AnyProtectEx not found C:\Program Files (x86)\Deal Keeper not found C:\Windows\tasks\APSnotifierPP1.job deleted C:\Windows\tasks\APSnotifierPP2.job deleted C:\Windows\tasks\APSnotifierPP3.job deleted C:\windows\SysNative\tasks\APSnotifierPP1 deleted C:\windows\SysNative\tasks\APSnotifierPP2 deleted C:\windows\SysNative\tasks\APSnotifierPP3 deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\DECKX_~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-13 05:30:34 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll 2014-08-13 05:30:34 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe 2014-08-13 05:30:33 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll 2014-08-13 05:30:18 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 04:34:05 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\SysWOW64\locale.nls 2014-08-13 04:34:04 72222991598E173BBE1429426926C020 7168 ----a-w- C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-13 04:34:03 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-13 04:34:03 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-13 04:34:03 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\Windows\SysWOW64\KBDRU.DLL 2014-08-13 04:34:02 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-13 04:33:58 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2014-08-13 04:33:48 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-08-13 04:33:48 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2014-08-13 04:33:47 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2014-08-13 04:33:33 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-08-13 04:33:33 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-08-13 04:33:33 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-13 04:33:33 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-08-13 04:33:32 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-13 04:33:32 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-08-13 04:33:32 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-08-13 04:33:32 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-08-13 04:33:32 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-08-13 04:33:31 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-08-13 04:33:31 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-08-13 04:33:31 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-08-13 04:33:30 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-08-13 04:33:30 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-08-13 04:33:30 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-08-13 04:33:30 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-08-13 04:33:30 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-08-13 04:33:29 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-08-13 04:33:28 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-08-13 04:33:28 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-08-13 04:33:28 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-08-13 04:33:28 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-08-13 04:33:28 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-13 04:33:28 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-13 04:33:28 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-08-13 04:33:27 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-08-13 04:33:15 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-08-13 04:33:14 0C2390376D95B0D27A6317F017CD58DC 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2014-08-13 04:33:12 D8BED6BA298DBAAF6F3D746739FCD333 664064 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-26 16:20:57 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\Windows\Sysnative\WPRO_41_2001woem.tmp 2014-08-13 05:30:34 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 ----a-w- C:\Windows\Sysnative\infocardapi.dll 2014-08-13 05:30:34 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\Sysnative\icardagt.exe 2014-08-13 05:30:33 EE415EC9288182BCFB6E6896A376EA53 8856 ----a-w- C:\Windows\Sysnative\icardres.dll 2014-08-13 05:30:18 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe 2014-08-13 04:34:05 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\Sysnative\locale.nls 2014-08-13 04:34:04 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\Windows\Sysnative\KBDTAT.DLL 2014-08-13 04:34:02 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\Windows\Sysnative\KBDYAK.DLL 2014-08-13 04:34:02 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\Windows\Sysnative\KBDBASH.DLL 2014-08-13 04:34:02 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\Windows\Sysnative\KBDRU1.DLL 2014-08-13 04:34:02 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\Windows\Sysnative\KBDRU.DLL 2014-08-13 04:33:58 EBFEF789E32279C2ED7C81260B186AD7 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2014-08-13 04:33:48 5DFFC12BF7DB53BDB401804A3C3A475E 1941504 ----a-w- C:\Windows\Sysnative\authui.dll 2014-08-13 04:33:48 3B39F9D51E4D8BAABDA6518955B58C13 3241984 ----a-w- C:\Windows\Sysnative\msi.dll 2014-08-13 04:33:47 B0F8CCA08DBC392442E27377B98DD0CD 112064 ----a-w- C:\Windows\Sysnative\consent.exe 2014-08-13 04:33:47 A6D0DC3B30F6BB1421DAA92537424822 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2014-08-13 04:33:32 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-08-13 04:33:32 08C5E6033786C1E41B63FD38CA22917A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-08-13 04:33:31 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-08-13 04:33:31 6598F2A876E13B6FFA5AE418D41CE7D6 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-08-13 04:33:31 5574B09C4676E8E2EBE125C18BDF9FBF 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-08-13 04:33:31 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-08-13 04:33:30 FCF5C8BB9AFD8D15B324B702F9B186B7 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-08-13 04:33:30 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-08-13 04:33:30 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-08-13 04:33:30 13A852B606F3644A7A35EDD99F74A685 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-08-13 04:33:29 DF485877CCE229776E6B8BB9116B67FE 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-08-13 04:33:29 9C9FE69902CD45A7D9AB1F0C4EDE646C 348856 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-08-13 04:33:29 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-08-13 04:33:28 FCC86367BB0FB6DEB6614885CBE74FD5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-08-13 04:33:28 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-08-13 04:33:27 72B7D166D1B0D353330A34FDED3F5AA6 598016 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-08-13 04:33:27 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-08-13 04:33:27 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-08-13 04:33:26 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-08-13 04:33:26 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-08-13 04:33:26 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-08-13 04:33:26 1F02286D001AB5EA5719540C587224FE 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-08-13 04:33:26 1EEF9FE30DBE458A89B5F7A16FC68397 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-08-13 04:33:25 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-08-13 04:33:25 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-08-13 04:33:25 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-08-13 04:33:25 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-08-13 04:33:24 EDF22FBAE75ACB48BF51D099C6808B39 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-08-13 04:33:24 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-08-13 04:33:24 1C660588CFFB3A17BCF0F6B4779BF985 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-08-13 04:33:16 AE57F6C7AB3ED244B5F14151C4EA0057 14175744 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-08-13 04:33:14 AF00649558BFB211A9091F4A6E7B4A0C 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-08-13 04:33:14 9E19DEED6FEB140DA3764C32F2DC4849 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2014-08-13 04:33:13 F947D57534E01E3CA597BCF2AD8AE65B 1216000 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2014-08-13 04:33:10 9D455E3049B7F93483D7165422B7D0AF 529920 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-08-13 04:33:09 349CF386805783D2E6810A767642F1B8 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll ====== C:\Windows\Sysnative\drivers ===== 2014-08-13 04:33:36 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2014-07-29 21:46:57 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-07-29 21:46:41 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-07-29 21:46:41 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-07-29 21:46:41 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-07-29 21:44:19 508401A63E6B1CBF0B9C9A011498731F 32320 ----a-w- C:\Windows\Sysnative\drivers\FNETTBOH_305.SYS ====== C:\Windows\Tasks ====== 2014-07-29 12:26:58 E3D390B1AF0266A895CC41B3B29CCDCE 3768 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater 2014-07-29 12:26:57 F2B8354284511E544DAEC33C6017CA43 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-29 16:15:31 -------- d-----w- C:\Program Files\trend micro 2014-07-29 12:14:40 -------- d-----w- C:\Program Files\WinZip ======= C:\PROGRA~2 ===== 2014-07-27 18:53:40 -------- d-----w- C:\PROGRA~2\Rockstar Games ======= C: ===== 2014-07-29 21:59:59 DD10AF92485B84B0E12185FA1B5BC843 53304 ----a-w- C:\Mbam.txt ====== C:\Users\Deckx_Van_Damme\AppData\Roaming ====== 2014-08-26 04:38:58 -------- d-----w- C:\Users\Deckx_Van_Damme\AppData\Local\Diagnostics 2014-07-29 12:27:19 -------- d--h--w- C:\Users\Deckx_Van_Damme\AppData\Roaming\GoldenGate 2014-07-29 12:26:37 -------- d-----w- C:\Users\Deckx_Van_Damme\AppData\Roaming\Gameo 2014-07-29 12:16:46 -------- d-----w- C:\Users\Deckx_Van_Damme\AppData\Roaming\sparta111 2014-07-29 12:14:45 -------- d-----w- C:\Users\Deckx_Van_Damme\AppData\Local\WinZip 2014-07-28 18:57:03 -------- d-sh--w- C:\Users\Deckx_Van_Damme\AppData\Locallow\EmieUserList 2014-07-28 18:57:03 -------- d-sh--w- C:\Users\Deckx_Van_Damme\AppData\Locallow\EmieSiteList 2014-07-28 12:07:55 -------- d-----w- C:\Users\Deckx_Van_Damme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-07-27 18:52:55 -------- d-sh--w- C:\Users\Deckx_Van_Damme\AppData\Local\EmieUserList 2014-07-27 18:52:55 -------- d-sh--w- C:\Users\Deckx_Van_Damme\AppData\Local\EmieSiteList ====== C:\Users\Deckx_Van_Damme ====== 2014-07-29 12:14:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2014-07-29 12:14:41 -------- d-----w- C:\ProgramData\WinZip 2014-07-27 18:53:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1286346882-3906972412-2366602759-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Facebook Update"="C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "XFastUSB"="C:\Program Files (x86)\XFastUSB\XFastUsb.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Facebook Update"="C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1286346882-3906972412-2366602759-1000Core.job --a------ C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe [26/07/2014 01:46] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1286346882-3906972412-2366602759-1000UA.job --a------ C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe [26/07/2014 01:46] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1286346882-3906972412-2366602759-1000Core" [C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1286346882-3906972412-2366602759-1000UA" [C:\Users\Deckx_Van_Damme\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/07/2014 23:45] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/07/2014 19:54] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22] Google Voice Search Hotword (Beta) - Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Tribal Wars Time Extension - Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckolnemglnnaaaeopconbampbdejaika ==== Chromium Startpages ====================== C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.be/" ], ==== Chrome Fix ====================== C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_winzip.nl.softonic.com_0.localstorage deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_winzip.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_govome.inspsearch.com_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Deckx_Van_Damme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Deckx_Van_Damme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVU1IKNN will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Deckx_Van_Damme\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=23 folders=1 71548 bytes) ==== Empty Temp Folders ====================== C:\Users\Deckx_Van_Damme\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DECKX_~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\Deckx_Van_Damme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVU1IKNN" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on di 26/08/2014 at 19:49:28,79 ======================