Zoek.exe v5.0.0.0 Updated 24-February-2015 Tool run by Mark on do 26-02-2015 at 17:31:41,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Mark\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-02-26-161453.log 432 bytes C:\zoek-results2015-02-26-162922.log 487 bytes C:\zoek-results2015-02-26-163032.log 535 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Java 1 deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\ProductData deleted successfully C:\PROGRA~3\Simpoe deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\Users\Mark\AppData\Roaming\DataWork deleted successfully C:\Users\Mark\AppData\Roaming\EDrawings deleted successfully C:\Users\Mark\AppData\Roaming\Outlook deleted successfully C:\Users\Mark\AppData\Roaming\Solvusoft deleted successfully C:\Users\Mark\AppData\Local\DassaultSystemes deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{774ACC0D-41F5-47E8-8873-23134E7F2CB4} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DraftSight API Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DraftSight API Service deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default ---- Lines mysearchdial removed from prefs.js ---- user_pref("extensions.mysearchdial.AL", 2); user_pref("extensions.mysearchdial.aflt", "irmsd0103"); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDt user_pref("extensions.mysearchdial.cr", "1904940648"); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0T user_pref("extensions.mysearchdial.id", "9AF6553A5BB15582"); user_pref("extensions.mysearchdial.instlDay", "16097"); user_pref("extensions.mysearchdial.instlRef", ""); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); user_pref("extensions.mysearchdial_i.hmpg", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:58:3"); ---- Lines mysearchdial removed from user.js ---- user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1904940648&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1904940648&ir="); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1904940648&ir=&q="); user_pref("extensions.mysearchdial.id", "9AF6553A5BB15582"); user_pref("extensions.mysearchdial.instlDay", "16097"); user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:58:3"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.aflt", "irmsd0103"); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.instlRef", ""); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial_i.hmpg", true); user_pref("extensions.mysearchdial.cr", "1904940648"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"); user_pref("extensions.mysearchdial.AL", 2); ---- Lines nspdl removed from prefs.js ---- user_pref("extensions.nspdl.aflt", "irmsd0103"); user_pref("extensions.nspdl.cd", "2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R") user_pref("extensions.nspdl.cr", "1904940648"); user_pref("extensions.nspdl.data._dy", "20140920"); user_pref("extensions.nspdl.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1"); user_pref("extensions.nspdl.data.ab02", "1"); user_pref("extensions.nspdl.data.activeDate", "20141010"); user_pref("extensions.nspdl.data.aliveDate", "20150225"); user_pref("extensions.nspdl.data.cc", "nl"); user_pref("extensions.nspdl.data.configDate", "20140228"); user_pref("extensions.nspdl.data.instlDate", "20140129"); user_pref("extensions.nspdl.data.ntopen", "23549319"); user_pref("extensions.nspdl.data.ra-0dd39926325c08d27482ec7852a60095", "1312115272a5bf590587d47f4c026579"); user_pref("extensions.nspdl.data.ra-462f23bb747e4f70407d053a3297bd0b", "d9be6106dd84fcf461549927373bc4fe"); user_pref("extensions.nspdl.data.ra-65b71db09f71c6c7d7b2071c59e0da25", "7a0d1e5a269bf770f0e939272dd8ac7a"); user_pref("extensions.nspdl.data.ra-abc402c70e46e8cc70f0532c455a3c97", "bc4a8c0bf8b03c98f24522dd55fe5b12"); user_pref("extensions.nspdl.data.u0317", "0"); user_pref("extensions.nspdl.data.u0320", "0"); user_pref("extensions.nspdl.general.content", "favorites-3b438caa65a3ce63c4051fbdfd1194fb"); user_pref("extensions.nspdl.general.firstRun", false); user_pref("extensions.nspdl.general.guid", "bf477544-31a0-4281-afe9-d9054c5996a2"); user_pref("extensions.nspdl.general.version", "9.5.3"); ---- Lines irmysearch removed from prefs.js ---- user_pref("extensions.irmysearch.aflt", "irmsd0103"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1 user_pref("extensions.irmysearch.cr", "1904940648"); user_pref("extensions.irmysearch.instlRef", ""); ---- Lines irmysearch removed from user.js ---- user_pref("extensions.irmysearch.aflt", "irmsd0103"); user_pref("extensions.irmysearch.instlRef", ""); user_pref("extensions.irmysearch.cr", "1904940648"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R"); ---- Lines spigot removed from prefs.js ---- user_pref("browser.startup.homepage", "https://nl.search.yahoo.com/?type=667671&fr=spigot-yhp-ff"); ---- Lines mybrowserbar modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com\": ---- FireFox user.js and prefs.js backups ---- user_26-02-2015_1741_.backup prefs_26-02-2015_1741_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Java 1 not found C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\Users\Mark\AppData\Roaming\WB.CFG deleted C:\Users\Mark\AppData\Roaming\temp.ini deleted C:\PROGRA~3\Avg_Update_0414b deleted C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx deleted C:\Users\Mark\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\MySearchDial deleted C:\Windows\Tasks\MySearchDial.job deleted C:\Users\Mark\AppData\LocalLow\ADSRemoval deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Windows\Syswow64\SearchProtect deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\searchplugins\conduit-search.xml deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\searchplugins\Mysearchdial.xml deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\nspdl deleted "C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\searchplugins\yahoo_ff.xml" deleted "C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\extensions\savingsslider@mybrowserbar.com.xpi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-26 16:01:52 B0FDB871ED1D0BA45D0202E9986E2B5B 722626501 ----a-w- C:\Windows\MEMORY.DMP 2015-02-05 14:13:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\eDrawingOfficeAutomator.INI ====== C:\Users\Mark\AppData\Local\Temp ==== 2015-02-26 16:08:58 057631047016A448B842B96E872B132B 43008 ----a-w- C:\Users\Mark\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi3_2i8.dll 2015-02-25 14:01:55 FD8A58F4A5C4B2EEF93415D9C9581415 641448 ----a-w- C:\Users\Mark\AppData\Local\Temp\jre-8u31-windows-au.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-02-26 11:39:25 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls 2015-02-16 20:24:50 3D294C7E2F14DD9EC81DDCE570617F78 83136 ----a-w- C:\Windows\SysWOW64\perf-MSSQL$TEW_SQLEXPRESS-sqlctr11.2.5058.0.dll 2015-02-16 19:44:00 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-26 11:39:25 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls 2015-02-25 10:29:26 48BA9C6110A5EBA910E7FB2E7D23CFC1 110176 ----a-w- C:\Windows\Sysnative\klfphc.dll 2015-02-23 12:51:42 A39BD5D7ABC5C3A9392517A8A6733BBF 5202352 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2015-02-16 20:24:50 3291B6D496C4BFC452DE39BB6DB0A2D5 96448 ----a-w- C:\Windows\Sysnative\perf-MSSQL$TEW_SQLEXPRESS-sqlctr11.2.5058.0.dll 2015-02-16 20:24:48 DF6BE70FFCA92636354319726094E175 253016 ----a-w- C:\Windows\Sysnative\SQSRVRES.DLL 2015-02-16 19:44:01 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-02-16 19:44:00 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-02-16 19:44:00 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll ====== C:\Windows\Sysnative\drivers ===== 2015-02-25 10:28:20 7A64190934B66C17F41D3921353BAEDD 246456 ----a-w- C:\Windows\Sysnative\drivers\klhk.sys 2015-02-25 10:28:20 150DEC2F6A081D2513B7428DC060B557 818888 ----a-w- C:\Windows\Sysnative\drivers\klif.sys 2015-02-25 10:28:20 09F851161CB4B3D92CDE85B3845DCECC 150536 ----a-w- C:\Windows\Sysnative\drivers\klflt.sys 2015-02-11 15:01:07 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 15:01:07 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 15:01:07 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-02-26 13:44:45 41ECC3787B962F888F8CF4F016A632BC 3118 ----a-w- C:\Windows\Sysnative\Tasks\{C87E60ED-35E6-4EF7-9DD5-2879F5F5D81A} 2015-02-23 13:13:26 F9B60A8B7968520EB818A3FEC2B6A314 3092 ----a-w- C:\Windows\Sysnative\Tasks\AceUtilsSkipUAC 2015-02-04 18:26:33 DDB02B41C28C4B1895A2E9DE6FDF2564 3198 ----a-w- C:\Windows\Sysnative\Tasks\{70882AD7-5B80-4D30-9A2A-325C13AC3CB8} 2015-02-04 11:04:20 0FA3EF2151FAB210FD23E5E2DD19CABC 3222 ----a-w- C:\Windows\Sysnative\Tasks\{183629A4-9D85-4158-8614-14C45082395E} 2015-02-03 19:13:18 459E297BB64B614E11B9601D34E57646 3194 ----a-w- C:\Windows\Sysnative\Tasks\{65B07661-2E30-4CD7-A80D-82267FAF83E7} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-25 17:29:33 -------- d-----w- C:\Program Files\Speccy 2015-02-23 13:13:17 -------- d-----w- C:\Program Files\Ace Utilities 2015-02-16 20:23:18 -------- d-----w- C:\Program Files\Microsoft.NET 2015-02-04 19:07:47 -------- d-----w- C:\Program Files\SolidWorks Corp 2015-02-04 19:07:47 -------- d-----w- C:\Program Files\Common Files\SolidWorks Shared 2015-02-04 19:01:31 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2015-02-04 18:53:39 -------- d-----w- C:\Program Files\Microsoft SQL Server 2015-02-04 18:47:49 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2015-02-26 13:46:39 -------- d-----w- C:\PROGRA~2\Nieuwe map 2015-02-26 12:36:49 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-02-25 09:43:34 -------- d-----w- C:\PROGRA~2\Kaspersky Lab 2015-02-10 13:34:33 -------- d-----w- C:\PROGRA~2\COMMON~1\CAA-Targets 2015-02-10 13:33:00 -------- d-----w- C:\PROGRA~2\Eaton 2015-02-05 14:19:31 -------- d-----w- C:\PROGRA~2\PDFCreator 2015-02-05 14:14:15 -------- d-----w- C:\PROGRA~2\SolidWorks Corp 2015-02-04 19:07:48 -------- d-----w- C:\PROGRA~2\NVIDIA Corporation 2015-02-04 18:57:19 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server 2015-02-04 18:47:49 -------- d-----w- C:\PROGRA~2\Bonjour 2015-02-04 18:47:03 -------- d-----w- C:\PROGRA~2\COMMON~1\SolidWorks Shared 2015-02-04 18:45:20 -------- d-----w- C:\PROGRA~2\COMMON~1\SolidWorks Installation Manager ======= C: ===== 2015-02-23 09:32:37 0CC63BDE75F4D5147DD7153CF1BBBA5C 3408 ------w- C:\bootsqm.dat ====== C:\Users\Mark\AppData\Roaming ====== 2015-02-25 14:08:56 -------- d-----w- C:\Users\Mark\AppData\Local\ElevatedDiagnostics 2015-02-23 14:54:07 -------- d-----w- C:\Users\Mark\AppData\Local\Acelogix 2015-02-23 13:13:34 -------- d-----w- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2015-02-23 12:55:28 D11B87EE012BFD0DEDE9A82ECF198807 145944 ----a-w- C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-23 12:30:36 -------- d-----w- C:\Users\Mark\AppData\Roaming\vlc 2015-02-23 12:10:02 -------- d-----w- C:\Users\Mark\AppData\Roaming\AVG2015 2015-02-23 12:09:41 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015 2015-02-23 12:09:10 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015 2015-02-23 12:07:09 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015 2015-02-23 12:01:38 -------- d-----w- C:\Users\Mark\AppData\Local\Avg2015 2015-02-05 15:00:48 -------- d-----w- C:\Users\Mark\AppData\Roaming\SolidWorks 2014 2015-02-05 14:13:42 -------- d-----w- C:\Users\Mark\AppData\Roaming\help_images_otherUI 2015-02-04 19:33:17 -------- d-----w- C:\Users\Mark\AppData\Local\SolidWorks 2015-02-04 18:24:44 -------- d-----w- C:\Users\Mark\AppData\Roaming\SolidWorks ====== C:\Users\Mark ====== 2015-02-26 11:24:16 CA2522F1E480FA299060C05B859DE16D 639912 ----a-w- C:\Users\Mark\Desktop\JavaSetup8u31.exe 2015-02-25 17:29:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-02-25 17:25:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Mark\Documents\RSITx64.exe 2015-02-25 11:02:49 5FE1D3D5EEE5B265C047B1B928FB3B85 132549832 ----a-w- C:\Users\Mark\Downloads\Kspscn.exe 2015-02-25 09:58:23 A8AFC4FCDE417F346FD1CA1C89D0FE1A 209897792 ----a-w- C:\Users\Mark\Downloads\VrsscnKasp1.exe 2015-02-25 09:43:34 -------- d-----w- C:\ProgramData\Kaspersky Lab 2015-02-24 10:09:02 BCFAAE04DFC86E3F5E1F1B0A13C1424B 189400 ----a-w- C:\Users\Mark\Downloads\VrsscnKasp.exe 2015-02-23 13:19:26 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\Mark\Downloads\ProbeerJRT.exe 2015-02-23 13:13:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities 2015-02-23 12:28:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-02-23 12:26:15 E1ECA1CB80D3FC173F68B299A3AC503D 14176408 ----a-w- C:\Users\Mark\Documents\MSEInstall.exe 2015-02-23 12:07:54 -------- d-----w- C:\ProgramData\AVG2015 2015-02-10 13:33:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eaton 2015-02-10 13:33:01 -------- d-----w- C:\Users\Public\Documents\XSoft-CoDeSys-2 2015-02-05 14:23:54 -------- d-----w- C:\ProgramData\COSMOS Applications 2015-02-05 14:23:03 -------- d-----w- C:\ProgramData\SolidWorks Flow Simulation 2015-02-05 14:03:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014 2015-02-04 19:07:47 -------- d-----w- C:\ProgramData\SolidWorks 2015-02-04 19:00:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2015-02-04 18:57:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012 2015-02-04 18:47:17 -------- d-----w- C:\ProgramData\SolidWorks Electrical 2015-02-04 18:45:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager ====== C: exe-files == 2015-02-26 16:30:41 ABB5EB0241AAC49477E38AFF65F764AF 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-641389877-299622356-937118616-1000\$I23JGGB.exe 2015-02-26 15:48:46 D7F97BF3F9DB7E547CFDA4089C3E4401 1304576 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-641389877-299622356-937118616-1000\$R23JGGB.exe 2015-02-26 13:46:57 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-02-26 13:46:57 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-02-26 13:46:57 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-02-26 13:46:50 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\orbd.exe 2015-02-26 13:46:50 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\ssvagent.exe 2015-02-26 13:46:50 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\kinit.exe 2015-02-26 13:46:50 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\servertool.exe 2015-02-26 13:46:50 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\jp2launcher.exe 2015-02-26 13:46:50 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\ktab.exe 2015-02-26 13:46:50 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\jjs.exe 2015-02-26 13:46:50 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\rmiregistry.exe 2015-02-26 13:46:50 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\unpack200.exe 2015-02-26 13:46:50 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\keytool.exe 2015-02-26 13:46:50 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\policytool.exe 2015-02-26 13:46:50 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\tnameserv.exe 2015-02-26 13:46:50 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\pack200.exe 2015-02-26 13:46:50 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\klist.exe 2015-02-26 13:46:50 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\rmid.exe 2015-02-26 13:46:49 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\javacpl.exe 2015-02-26 13:46:49 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\java-rmi.exe 2015-02-26 13:46:49 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\java.exe 2015-02-26 13:46:49 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\javaws.exe 2015-02-26 13:46:49 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\javaw.exe 2015-02-26 13:46:49 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files (x86)\Nieuwe map\bin\jabswitch.exe 2015-02-24 09:54:29 D283B80A6F7B04E15EDDBF9A1073ECAA 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-641389877-299622356-937118616-1000\$IWVKJX1.exe 2015-02-24 09:45:31 97929F19F4D1CEFF260BE032F6756B63 46936 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\yyd2w-0e.exe 2015-02-24 09:45:29 FF1488A9D3E544DC608E8174F0D44F26 46952 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\qj0limqa.exe 2015-02-24 09:45:29 6AC63D349D17B6B55FF4D0E07AD30E19 78872 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\setuparp.exe 2015-02-24 09:45:29 63A3FFE1C4A3BC26C0AEFFE139AAAD62 59224 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\setup100.exe 2015-02-24 09:45:26 B2D81AF7B82CD04EE415495C08804869 419672 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\j1slftqz.exe 2015-02-24 09:45:26 322E9DC8183D217DF48417E45DA4A60B 51032 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\x64\jcsrc-oa.exe 2015-02-24 09:45:19 241478E6D87ABA09C8B380BC8DA19D94 133976 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup\1033\pfiles\sqlservr\100\setup\release\setup.exe 2015-02-24 09:44:45 63A3FFE1C4A3BC26C0AEFFE139AAAD62 59224 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\setup100.exe 2015-02-24 09:44:44 B2D81AF7B82CD04EE415495C08804869 419672 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\landingpage.exe 2015-02-24 09:44:43 FF1488A9D3E544DC608E8174F0D44F26 46952 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\fixsqlregistrykey_x64.exe 2015-02-24 09:44:43 C269AFF29207059E4AEB6659D4A2262E 106840 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\setup.exe 2015-02-24 09:44:43 97929F19F4D1CEFF260BE032F6756B63 46936 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\fixsqlregistrykey_ia64.exe 2015-02-24 09:44:43 322E9DC8183D217DF48417E45DA4A60B 51032 ----a-w- C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB2285068\ServicePack\x64\fixsqlregistrykey_x86.exe 2015-02-23 13:13:25 61DA2D0086A8DA8B1B472A1EF7E369C1 104750 ----a-w- C:\Program Files\Ace Utilities\Uninstall.exe 2015-02-23 12:28:54 52437302E4A48A6915AFE987423A1587 275217 ----a-w- C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe 2015-02-21 18:41:44 24208CC54FD9AFF729232603CF74918C 337710 ----a-w- C:\Program Files\SolidWorks Corp\SolidWorks\data\macro\Archief\xyzPathMacro.exe === C: other files == 2015-02-26 13:46:50 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files (x86)\Nieuwe map\lib\deploy\ffjcext.zip 2015-02-26 11:59:12 DE2B3CBA5FE318F24AD4E4F6B876854D 74413 ----a-w- C:\Users\Mark\Dropbox\H7 - Automatisering\Project\Documentatie robot\Plastic_design\Steel_cut\Steel_cut.zip 2015-02-25 10:28:20 7A64190934B66C17F41D3921353BAEDD 246456 ----a-w- C:\Windows\System32\drivers\klhk.sys 2015-02-25 10:28:20 150DEC2F6A081D2513B7428DC060B557 818888 ----a-w- C:\Windows\System32\drivers\klif.sys 2015-02-25 10:28:20 09F851161CB4B3D92CDE85B3845DCECC 150536 ----a-w- C:\Windows\System32\drivers\klflt.sys 2015-02-23 17:21:14 11404D4010E790688AA80EDEB60E11F7 3899 ----a-w- C:\Users\Mark\AppData\Local\SolidWorks\CXPA\20150223182026_22.3.0.0056.zip 2015-02-21 18:44:59 3194D97827840565F6986BAAC44DDEDD 12410 ----a-w- C:\Users\Mark\AppData\Local\SolidWorks\CXPA\20150221194456_22.3.0.0056.zip 2015-02-21 18:40:02 E7737B4D3C0230BC67D692A8198BDFA1 2851 ----a-w- C:\Users\Mark\AppData\Local\SolidWorks\CXPA\20150221193943_22.3.0.0056.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Windows\CurrentVersion\Run] "KSS"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "KSS"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe /autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\codecs~1\\22639~1.201\\{16cdf~1\\codecm~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" "Google Update"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Users\\Mark\\AppData\\Roaming\\eludfk\\\\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Creative Cloud" "hkey"="HKLM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Adobe Speed Launcher" "hkey"="HKCU" "command"="1420192535" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 7" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Ultra Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Ultra Agent" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_96D28242BA1FDBE7F82E6712BD4F4597] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_96D28242BA1FDBE7F82E6712BD4F4597" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPQuickWebProxy] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPQuickWebProxy" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Hewlett-Packard\\HP QuickWeb\\hpqwutils.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HTC Sync Loader] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HTC Sync Loader" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\HTC\\HTC Sync 3.0\\htcUPCTLoader.exe\" -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Identities] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Identities" "hkey"="HKCU" "command"="C:\\Users\\Mark\\AppData\\Roaming\\Identities\\svchost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IObit Malware Fighter" "hkey"="HKLM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NI Update Service] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NI Update Service" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\National Instruments\\Shared\\Update Service\\NIUpdateService.exe\" -startupTask " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\niDevMon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="niDevMon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\National Instruments\\NI-DAQ\\HWConfig\\nidevmon.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NIRegistrationWizard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NIRegistrationWizard" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\National Instruments\\Shared\\RegistrationWizard\\Bin\\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeSyncProcess" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk] "item"="NI Error Reporting" "backup"="C:\\Windows\\pss\\NI Error Reporting.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\NATION~1\\Shared\\NIERRO~1\\NIERSE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2013 Fast Start.lnk] "item"="SolidWorks 2013 Fast Start" "backupExtension"=".CommonStartup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks 2014 Fast Start.lnk] "item"="SolidWorks 2014 Fast Start" "backup"="C:\\Windows\\pss\\SolidWorks 2014 Fast Start.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\INSTAL~1\\{4FFA6~1\\NEWSHO~3.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk] "backup"="C:\\Windows\\pss\\SolidWorks Background Downloader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\COMMON~1\\SOLIDW~1\\BACKGR~1\\SLDBGD~1.EXE" "item"="SolidWorks Background Downloader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Mark\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Mark\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SABnzbd.lnk] "backup"="C:\\Windows\\pss\\SABnzbd.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\SABnzbd\\SABnzbd.exe -b0" "item"="SABnzbd" ==== Startup Folders ====================== 2014-11-19 18:32:33 1094 ----a-w- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForMAESTRO$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 04:43] C:\Windows\tasks\HPCeeScheduleForMark.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AceUtilsSkipUAC" [C:\Program Files\Ace Utilities\au.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Codecs Pack Manager" [C:\Windows\system32\sc.exe start Codecs Pack Manager] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Mark)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000Core" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000Core1ce48ebcfbf444c" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000UA" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForMAESTRO$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForMark" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\NIUpdateServiceCheckTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2804BC2C-2514-4AA4-8E1A-F28A3FD7A79E}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{844E80A6-47A1-43E0-B645-7794052150D9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{956A4DB7-EA2D-4933-BDA1-11B2711E69A3}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B7FAE442-368D-473C-968B-DF6F7B117160}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default user_pref("browser.search.defaultenginename", "Yahoo!"); user_pref("browser.search.selectedEngine", "Yahoo!"); user_pref("keyword.URL", "https://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com" [25-02-2015 11:57] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default - Start Page - %ProfilePath%\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi - MySearchDial - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash 98137411B9C632095F919E2CE70B288A - C:\Users\Mark\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update ==== Deleted Firefox Extensions ====================== C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25-08-2011 04:41] hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx[] icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx[] mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Users\Mark\AppData\Local\Slick Savings\coupons.crx[] pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx[] pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx[] Advanced SystemCare Surfing Protection - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd Kaspersky Protection - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Website Logon - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa Ads Removal - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen AdBlock - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1904940648&ir=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://start.mysearchdial.com/?f=2&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzuzy0A0FyCyDyDtA0AyD0B0BtCyDyDzztBtN0D0Tzu0SyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1904940648&ir=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{774ACC0D-41F5-47E8-8873-23134E7F2CB4}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{774ACC0D-41F5-47E8-8873-23134E7F2CB4}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Google Url="https://www.google.com/search?q={searchTerms}" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\5awyvyzn.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=978 folders=240 48487839 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Mark\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Mark\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 26-02-2015 at 17:54:53,64 ======================