Zoek.exe v5.0.0.0 Updated 10-February-2015 Tool run by User on do 12/02/2015 at 22:49:42,34. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12/02/2015 22:52:25 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\User\AppData\Roaming\SkyStudioPro.ini deleted C:\PROGRA~3\SetStretch.VBS deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted "C:\WINDOWS\Installer\2a92112a.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\User\AppData\Local\Temp ==== 2015-02-09 21:47:21 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8g9xsr.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-01-31 00:45:47 3B26DCAB842C280FA7271FF2B58D3293 28352 ----a-w- C:\WINDOWS\SysWOW64\aspnet_counters.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-02-12 10:07:42 E357B0D37DB9C4B17923C893CCF75A18 894464 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll 2015-02-12 10:07:42 642A03FB834B4C4BCA8DFEE2EFD4175B 609280 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2015-02-12 10:07:41 FCEE1C08EA416800FAC891DDEB608627 414208 ----a-w- C:\WINDOWS\Sysnative\devinv.dll 2015-02-12 10:07:41 32DE26000788F35DA344702B44728524 761856 ----a-w- C:\WINDOWS\Sysnative\invagent.dll 2015-02-12 10:07:41 12D4142E4EBFDB6F057B615A0547C4CF 1098752 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2015-02-12 10:07:39 EF2C89AEE3D56860F6CCB8D97374402B 227328 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2015-02-12 10:07:36 BA0ED854110D45E5D4A46BD250BAF4E0 1487976 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll 2015-01-31 00:45:52 9BC00C5608BF75BEAE893814A3AEC2AD 29888 ----a-w- C:\WINDOWS\Sysnative\aspnet_counters.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-01-14 13:17:41 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2015-01-14 13:17:12 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-01-15 20:58:15 -------- d-----w- C:\Program Files\WinRAR ======= C:\PROGRA~2 ===== 2015-01-15 22:22:33 -------- d-----w- C:\PROGRA~2\QuickTime 2015-01-15 22:22:15 -------- d-----w- C:\PROGRA~2\COMMON~1\TechSmith Shared 2015-01-15 22:13:29 -------- d-----w- C:\PROGRA~2\TechSmith ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2015-01-18 22:26:47 -------- d-----w- C:\Users\User\AppData\Local\Spotify 2015-01-18 22:25:51 -------- d-----w- C:\Users\User\AppData\Roaming\Spotify 2015-01-15 22:24:11 -------- d-----w- C:\Users\User\AppData\Roaming\TechSmith 2015-01-15 22:15:54 -------- d-----w- C:\Users\User\AppData\Local\TechSmith 2015-01-15 20:58:50 -------- d-----w- C:\Users\User\AppData\Roaming\WinRAR 2015-01-15 20:58:38 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C:\Users\User ====== 2015-01-15 22:22:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-01-15 22:22:35 -------- d-----w- C:\ProgramData\regid.1995-08.com.techsmith 2015-01-15 22:15:44 -------- d-----w- C:\ProgramData\TechSmith 2015-01-15 22:13:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 3 2015-01-15 20:58:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ====== C: exe-files == 2015-02-12 10:07:40 B62B7F2ACDEDF61F4DAA1FF2A6BB247A 67240 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-02-06 10:11:35 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Install\{EA06A64A-8516-40FF-96E1-59B6A8D4A0F9}\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-06 10:11:33 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.94_chrome_updater.exe === C: other files == 2015-02-06 09:53:45 A71166042E499F1DD6BE8ACA7A198087 12493 ----a-w- C:\Users\User\Downloads\lrtimelapse (2).zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1976373076-1392880494-1781311148-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIOE.EXE /EPT EPLTarget\P0000000000000000 /M XP-30 33 Series" "Spotify"="C:\Users\User\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "uTorrent"="C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIOE.EXE /EPT EPLTarget\P0000000000000000 /M XP-30 33 Series" "Spotify"="C:\Users\User\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Folders ====================== 2014-11-21 09:00:48 1182 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-08-18 11:49:37 355 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Report.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job --a-------- C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [16/09/2014 08:06] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/08/2014 16:47] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/08/2014 16:47] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-Asus-User" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe] "C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\WINDOWS\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\WINDOWS\SysNative\tasks\DriverEasy Scheduled Scan" [C:\Program Files\Easeware\DriverEasy\DriverEasy.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A6F1F700-76FF-48D9-851C-31B905A1ED2A}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Chromium Look ====================== Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus13.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus13.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\472EE7AF07377B34A9543AB971CCDC5C deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=18 folders=16 21584609 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 12/02/2015 at 23:21:54,16 ======================