Zoek.exe v5.0.0.0 Updated 14-10-2014 Tool run by Rudi on wo 15/10/2014 at 17:11:19,84. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: E:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 15/10/2014 17:12:21 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\iSkysoft deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\Runtime Software deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Rudi\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Rudi\AppData\Local\CrashDumps deleted successfully C:\Users\Rudi\AppData\Local\PackageStaging deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\vdhmp4s9.default user.js not found ---- Lines WebSpades removed from prefs.js ---- user_pref("extensions.WebSpades.asul", "1397374179386"); user_pref("extensions.WebSpades.aul", "1397374177249"); user_pref("extensions.WebSpades.irl", true); user_pref("extensions.WebSpades.is", "fmxqtbe"); user_pref("extensions.WebSpades.ug", "9E0C37FB-350C-425B-96EA-4EB42DECA813"); ---- FireFox user.js and prefs.js backups ---- prefs_20141510_1719_.backup ==== Deleting Files \ Folders ====================== C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\vdhmp4s9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} deleted C:\PROGRA~3\~0 deleted C:\DUMP495e.tmp deleted C:\PROGRA~3\SoundResearch deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\vdhmp4s9.default\jetpack deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Rudi\AppData\Local\Temp ==== 2014-10-15 12:27:48 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Rudi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb6x4rf.dll 2014-10-11 11:28:19 1BC0E70C9B318E9AE952FC34256F7322 484816 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\1_spp_Q4004.exe 2014-10-11 07:59:26 9271B09D6B2EFDFCE05C3FD0EFFB6D7F 196712 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\1_spp_100006e.exe 2014-10-11 07:59:26 6C07F0CDA0D40DB943F4EBF2D83186C7 333816 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\2_spp_2000055.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-10-15 08:15:28 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-10-15 08:15:24 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-10-15 08:15:24 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-10-15 08:15:23 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-10-15 08:15:23 980D01CB48811552E09D9CFF397886C9 315904 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-10-15 08:15:23 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-10-15 08:15:23 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-10-15 08:15:23 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-10-15 08:15:23 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-10-15 08:15:22 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-10-15 08:15:22 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2014-10-15 08:15:22 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-10-15 08:15:22 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2014-10-15 08:15:22 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-10-15 08:15:21 CDB3123A2ABB34B830224B986568F4D4 626688 ----a-w- C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-10-15 08:15:20 FBC21212942F17DBA0A66C93ADC23F59 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2014-10-15 08:15:20 CE9FDB173E3FDA974B9CC2596558EA47 68608 ----a-w- C:\WINDOWS\SysWOW64\packager.dll 2014-10-15 08:15:20 C2F6C71F5316DA478632B3B463B06E6D 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2014-10-15 08:15:20 B6D3D955FBB174081CDFB977B726D069 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2014-10-15 08:15:20 09ABB665890DDCB614974AE563F0D877 672256 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2014-10-15 08:15:18 5D2C15BDAD48646C8CBC83903252D87C 514048 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll 2014-10-15 08:15:17 10F428429F7FF957B226E068A08B158A 3117568 ----a-w- C:\WINDOWS\SysWOW64\msi.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-10-15 08:15:29 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-10-15 08:15:28 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-10-15 08:15:25 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-10-15 08:15:25 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-10-15 08:15:24 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-10-15 08:15:23 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-10-15 08:15:23 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2014-10-15 08:15:23 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-10-15 08:15:23 2A1C9DB3F9C09795D77E9F24C30BE423 363008 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2014-10-15 08:15:23 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-10-15 08:15:23 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-10-15 08:15:22 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll 2014-10-15 08:15:22 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-10-15 08:15:22 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2014-10-15 08:15:22 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2014-10-15 08:15:22 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll 2014-10-15 08:15:22 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-10-15 08:15:21 8CBF1E2761816CFD9D32F8B32531D0FB 118272 ----a-w- C:\WINDOWS\Sysnative\winbici.dll 2014-10-15 08:15:21 34B5290B8770A2FC578E3FEAD3FD7462 921600 ----a-w- C:\WINDOWS\Sysnative\MrmCoreR.dll 2014-10-15 08:15:20 F782575495709CD79F1A15EFD11D51E3 76288 ----a-w- C:\WINDOWS\Sysnative\packager.dll 2014-10-15 08:15:20 EEC80B8BF5B050D04DDCD88D03C9A771 59904 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2014-10-15 08:15:20 9FDD8CD31F3FBA88F050318F32D640E2 3448320 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2014-10-15 08:15:20 6D3FB811007A5330C6D85E182BCDFC85 839680 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2014-10-15 08:15:20 65297383420B2C09A7D2838C76106CEE 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2014-10-15 08:15:20 5E89EC6165E545B77122227E1DFFA23A 54752 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2014-10-15 08:15:20 35D45C2646794C66EAAD8FE11944A714 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2014-10-15 08:15:20 23C814333BDA6B07248E6E865D91B728 1702400 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2014-10-15 08:15:20 1D66D0788D7A398B4BF9030C45B5F71C 50688 ----a-w- C:\WINDOWS\Sysnative\wups2.dll 2014-10-15 08:15:20 1A941A83126E35782401E43C84FC90C7 388608 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2014-10-15 08:15:20 094D5D55C02FA2547A0B46A0ABC629D5 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2014-10-15 08:15:18 25EE65F2FA154EDED0E87354311FB1E2 590336 ----a-w- C:\WINDOWS\Sysnative\rastls.dll 2014-10-15 08:15:17 4C3A631A721A49324715717535633002 2779648 ----a-w- C:\WINDOWS\Sysnative\msi.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2014-09-23 06:59:47 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-09-23 06:59:46 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-10-12 08:23:09 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Rudi\AppData\Roaming ====== 2014-10-14 15:49:45 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Apps 2014-10-14 15:49:38 -------- d-----w- C:\Users\Rudi\AppData\Local\Deployment 2014-10-14 15:49:38 -------- d-----w- C:\Users\Rudi\AppData\Local\Apps 2014-10-07 17:50:53 -------- d-----w- C:\Users\Rudi\AppData\Roaming\Mozilla Corporation 2014-10-07 17:50:01 -------- d-----w- C:\Users\Rudi\AppData\Roaming\Editions ENI ====== C:\Users\Rudi ====== 2014-10-12 08:23:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy ====== C: exe-files == 2014-10-15 14:24:05 6DAE137B7C6FEC9B94B389596E55A20D 585728 ----a-w- C:\Users\Rudi\AppData\Local\Packages\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0_32\NativeImages\HP.AiORemote\b35221e10e4d03725cf511f0a419e22e\HP.AiORemote.ni.exe 2014-10-15 14:24:04 5CFF601B24A6DA8DED415D6AA0EF4749 485888 ----a-w- C:\Users\Rudi\AppData\Local\Packages\AD2F1837.HPScanandCapture_v10z8vjag6ke6\AC\Microsoft\CLR_v4.0\NativeImages\HPScanandCapture\8a2c4b86f17cf9334a5d8151de5b7650\HPScanandCapture.ni.exe 2014-10-15 08:15:23 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-10-15 08:15:23 8A120D686685E02B5D8760C723E890B4 810640 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-15 08:15:23 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-10-15 08:15:23 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-10-15 08:15:23 0B219DF6F397F076BC4DF0249156D010 812688 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-10-15 08:15:21 743DE31CDA4A16551F4F5F8A006E7295 1408472 ----a-w- C:\Windows\Camera\Camera.exe 2014-10-15 08:15:20 FBC21212942F17DBA0A66C93ADC23F59 31232 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2014-10-15 08:15:20 5E89EC6165E545B77122227E1DFFA23A 54752 ----a-w- C:\Windows\System32\wuauclt.exe 2014-10-15 08:15:20 35D45C2646794C66EAAD8FE11944A714 35328 ----a-w- C:\Windows\System32\wuapp.exe 2014-10-14 15:49:46 D90536E6C81E09FB8DDE2BECC7BEB213 456704 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles\MyHarmony.exe 2014-10-14 15:49:46 00C29A335682810D2CC8C8DBC85D6E23 237240 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles\PlugIns\Silverlight_5.1.20913.0\Silverlight.Configuration.exe 2014-10-14 15:49:45 B1CA8CB8563F3E05ADC08410BED6F5DB 68752 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles\PlugIns\Silverlight_5.1.20913.0\coregen.exe 2014-10-14 15:49:45 6D3712A6405F868C7902DEC1B52DDCAA 16528 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles\PlugIns\Silverlight_5.1.20913.0\agcp.exe 2014-10-14 15:49:43 A40FF5673366F07AE53B8ADBDEBD5BAC 1210368 ------w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\MyHarmony.exe 2014-10-11 11:28:19 1BC0E70C9B318E9AE952FC34256F7322 484816 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\1_spp_Q4004.exe 2014-10-11 07:59:26 9271B09D6B2EFDFCE05C3FD0EFFB6D7F 196712 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\1_spp_100006e.exe 2014-10-11 07:59:26 6C07F0CDA0D40DB943F4EBF2D83186C7 333816 ----a-w- C:\Users\Rudi\AppData\Local\Temp\lu\2_spp_2000055.exe === C: other files == 2014-10-15 08:15:29 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\Windows\System32\win32k.sys 2014-10-14 15:49:43 48B9D1514F64D424FC60AA6FC5E84199 35158852 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha..tion_893f52c973591bc9_0001.0000_6a878e02a9e32088\AppFiles.zip 2014-10-14 15:49:43 48B9D1514F64D424FC60AA6FC5E84199 35158852 ----a-w- C:\Users\Rudi\AppData\Local\Apps\2.0\P50R7MZT.G0H\Q8JEMBGO.GHT\myha...exe_6cdd542682be85a6_0001.0000_none_48663d11505f8f78\AppFiles.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-21-3711994559-1187540807-2206362420-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sync2"="C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe /background" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Allway Sync"="C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe -m" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BtTray"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sync2"="C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe /background" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Allway Sync"="C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe -m" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2014-05-13 07:29:51 1102 ----a-w- C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-11-15 03:20:43 1125 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/09/2014 19:53] C:\WINDOWS\tasks\Allway Sync_{40C410C354347EF9B041594AD0E50092}.job --a-------- C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [26/06/2014 09:52] C:\WINDOWS\tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job --a-------- C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [26/06/2014 09:52] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/05/2014 12:22] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/05/2014 12:22] C:\WINDOWS\tasks\HPCeeScheduleForRudi.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 00:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForRudi" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN39S2R2N9" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] "C:\WINDOWS\SysNative\tasks\Western Digital\SmartWare\____Volume_ba9981f6_7aa6_11e3_be6d_00027215fb89__dropbox_47742237_860c_466e_baea_aa6cee32c5c0_dropbox_" [C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe] "C:\WINDOWS\SysNative\tasks\Western Digital\SmartWare\____Volume_ba9981f6_7aa6_11e3_be6d_00027215fb89______Volume_fb118ce1_8763_11e3_be85_78e3b5c7dec4__" [C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\vdhmp4s9.default - Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi - Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\vdhmp4s9.default DFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash CB8C9EB4885904F3C8D71ED66F334AF4 - C:\Users\Rudi\AppData\Roaming\Editions ENI\MEDIAplus Client\npEniEditionsMediaplusClientPluginProxy.dll - Eni.Editions.Mediaplus.Client.Plugin.Proxy ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20/09/2014 10:52] Google Docs - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Tampermonkey - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Dark Vibe - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj Empty New Tab Page - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij TinEye Reverse Image Search - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl Google Wallet - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {5C858300-61D1-4BC5-821A-F18F93660646} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C689F919-CED2-430A-8E86-C6132DB6DAB3} Bing Url="http://www.bing.com/search?q={searchTerms}&r=" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rudi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rudi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=61 folders=33 50654940 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Rudi\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Rudi\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 15/10/2014 at 17:25:31,44 ======================