Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by E Raes on vr 07/08/2015 at 18:00:21,96. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\E Raes\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 7/08/2015 18:02:24 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\log deleted successfully C:\Users\E Raes\AppData\Roaming\MP3Rocket deleted successfully C:\Users\E Raes\AppData\Roaming\TP deleted successfully C:\Users\E Raes\AppData\Local\Windows Live deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-244526131-3717190675-542008240-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14FF4172-C2BD-4959-93B9-F49BF650DD1F} deleted successfully HKEY_USERS\S-1-5-21-244526131-3717190675-542008240-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{14FF4172-C2BD-4959-93B9-F49BF650DD1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14FF4172-C2BD-4959-93B9-F49BF650DD1F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] ==== Deleting Files \ Folders ====================== C:\29d7d7847cc8acc69c44 not found C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~3\Package Cache deleted C:\Users\E Raes\AppData\Local\CRE deleted "C:\Windows\Installer\11cbc5.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ERAES~1\AppData\Local\Temp ==== 2015-08-07 14:41:40 722812A9EF151C0D77CFBCF6D12B7BCF 2031992 ----a-w- C:\Users\E Raes\AppData\Local\Temp\MGADiag.exe 2015-08-07 14:34:32 F327703F5351BB4A512E8CE9F66ABB9F 563808 ----a-w- C:\Users\E Raes\AppData\Local\Temp\jre-8u51-windows-au.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-08-07 08:08:34 EB59F8712DC56764D88EB495AD5938B3 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-08-07 08:08:34 DA2054C50EB38C91322D4EEBCE408C5C 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-08-07 08:08:34 9AFFAF544BA8FBA1ABFCCC07F6AB85B8 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-08-07 08:08:34 3CDA55D83D5C9EA09DE82C6E5233C65B 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-08-07 08:08:34 3A87269A74F067EB566813619B4F0CC3 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-08-07 08:08:34 0AC0A45552B403020780DC74FB3BAC95 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-08-07 08:08:33 BE03A1A1B4DEEFDE3E58834F7584C31F 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-08-07 08:08:33 81E937F890B2F1A410547D6EB6A79572 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-23 20:52:18 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-23 20:52:18 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-23 20:52:18 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-23 20:52:17 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-07-23 20:52:17 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-23 21:26:28 -------- d-----w- C:\Program Files\iPod 2015-07-23 21:26:27 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2015-08-07 14:40:21 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-07-23 21:26:28 -------- d-----w- C:\PROGRA~2\iTunes ======= C: ===== ====== C:\Users\E Raes\AppData\Roaming ====== 2015-07-23 21:23:00 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Apple Computer 2015-07-23 21:04:51 -------- d-----w- C:\Users\E Raes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup ====== C:\Users\E Raes ====== 2015-08-07 14:44:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\E Raes\Desktop\RSITx64.exe 2015-08-07 14:42:26 -------- d-----w- C:\ProgramData\Office Genuine Advantage 2015-08-07 14:36:13 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\E Raes\Desktop\AdwCleaner.exe 2015-07-23 21:27:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2015-08-07 14:49:19 BF85E9000B756D3D2477BC5F6E3E7595 292648 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe 2015-08-07 14:49:17 BEBE3BDEC466B59C56FBF76203C45E08 276480 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Instalator.exe 2015-08-07 14:49:17 2110F85197047470F0B6669375088436 622824 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\Uninst.exe 2015-08-07 14:44:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\E Raes\Desktop\RSITx64.exe 2015-08-07 14:41:40 722812A9EF151C0D77CFBCF6D12B7BCF 2031992 ----a-w- C:\Users\E Raes\AppData\Local\Temp\MGADiag.exe 2015-08-07 14:38:15 71F668207F24AA9A7469737607178355 394024 ----a-w- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe 2015-08-07 14:36:25 F3D19B026E09B8150D9FF40D537C8F2A 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe 2015-08-07 14:36:25 C4B3393396204E759E6EDFF92A9CAA50 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe 2015-08-07 14:36:25 8B09EF707CE0895D5478300CC2CE90DB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe 2015-08-07 14:36:25 8516D08420A7AB22A9B722FAF631E320 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssvagent.exe 2015-08-07 14:36:25 5E1561548895218973EB5C833D96BD60 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe 2015-08-07 14:36:25 56C175D9B0D7EE7D1DA92B8D8A12772A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\servertool.exe 2015-08-07 14:36:24 EF442149A0502661D49628A66A69F33C 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\policytool.exe 2015-08-07 14:36:24 D50189686D9D144CB4EC807652640FC0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ktab.exe 2015-08-07 14:36:24 B5AA17A9ACE57080909B9CB47CD74C39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\kinit.exe 2015-08-07 14:36:24 76BD4372DD5C5A316F64D562C2404BF8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe 2015-08-07 14:36:24 6790CB3F51E280A2A3EEAA3C5BD58EFF 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\keytool.exe 2015-08-07 14:36:24 547F9D4CB6FAAC8E941F1689D5555CDB 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jjs.exe 2015-08-07 14:36:24 46AD9258E9B6EA56AFC8723CEFDF8425 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe 2015-08-07 14:36:24 235015745A6A6FE26BCDA8F227C9132B 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\klist.exe 2015-08-07 14:36:24 0CFCEE90C8711D4DEAD9EC7046918A45 77920 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe 2015-08-07 14:36:21 F52607E7F53DA8FE1C4A3C1F11CE2AE7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe 2015-08-07 14:36:21 E7ABC6445E6A2F1EDE5F8BB082ECEEA1 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jabswitch.exe 2015-08-07 14:36:21 BC66611222047778694C7650B7814978 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe 2015-08-07 14:36:21 A4D1AC4078F1A819ECECC546F64907A1 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe 2015-08-07 14:36:21 9A474C07C5242EF2AE12FF6BF387F334 273504 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe 2015-08-07 14:36:21 4E022C0940633A9538892CB26B65BD0D 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe 2015-08-07 14:36:13 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\E Raes\Desktop\AdwCleaner.exe 2015-08-07 14:34:32 F327703F5351BB4A512E8CE9F66ABB9F 563808 ----a-w- C:\Users\E Raes\AppData\Local\Temp\jre-8u51-windows-au.exe 2015-08-07 09:22:33 4CA190994191EA1F01DCB5B27426DB4C 42956368 ----a-w- C:\Users\E Raes\AppData\Local\Google\Update\Install\{76A55A03-79FB-4B40-867E-F83DCD697D30}\44.0.2403.130_chrome_installer.exe 2015-08-07 09:22:31 4CA190994191EA1F01DCB5B27426DB4C 42956368 ----a-w- C:\Users\E Raes\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_chrome_installer.exe 2015-08-07 08:08:33 BE03A1A1B4DEEFDE3E58834F7584C31F 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2015-08-06 07:01:34 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\SwReporter\4.28.1\software_reporter_tool.exe 2015-08-06 06:54:53 0E317FFD94C2710DB7D2B56C14CB828B 7569488 ----a-w- C:\Users\E Raes\AppData\Local\Google\Update\Install\{870FDE18-7CA7-4FD3-96EA-5B61C531E75D}\44.0.2403.130_43.0.2357.132_chrome_updater.exe 2015-08-06 06:54:52 0E317FFD94C2710DB7D2B56C14CB828B 7569488 ----a-w- C:\Users\E Raes\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_43.0.2357.132_chrome_updater.exe === C: other files == 2015-08-07 14:36:26 5F7B14A65C88D4AEB0E3DF49C6A0941F 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip 2015-08-07 09:50:18 CA12515A9B7F25D622295A3B85201F1A 77453062 ----a-w- C:\Users\E Raes\AppData\Local\Temp\pf15fuif.zip 2015-08-07 09:45:31 E6788A41B2B4939DD0C460F3CCC9ABF7 157525038 ----a-w- C:\Users\E Raes\AppData\Local\Temp\pf15posterflyer.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-244526131-3717190675-542008240-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Google Update"="C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe /c" "GoogleChromeAutoLaunch_8FD0172BB5FFB72E78C7A1BB0556F0AF"="C:\Users\E Raes\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "HPConnectionManager"="C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Google Update"="C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe /c" "GoogleChromeAutoLaunch_8FD0172BB5FFB72E78C7A1BB0556F0AF"="C:\Users\E Raes\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\System32\\BgGamingMonitor.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe -boot" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\System32\\BgGamingMonitor.dll" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\E Raes\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ConnectionCenter" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\E Raes\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Photos Backup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Photos Backup" "hkey"="HKCU" "command"="\"C:\\Users\\E Raes\\AppData\\Local\\Programs\\Google\\Google Photos Backup\\Google Photos Backup.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Quick Launch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Quick Launch" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch\\HPMSGSVC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPOSD] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPOSD" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP On Screen Display\\HPOSD.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Malwarebytes Anti-Malware" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Redirector] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Redirector" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\redirector.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\E Raes\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\E Raes\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000Core.job --a------ C:\Users\E Raes\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 15:16] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000UA.job --a------ C:\Users\E Raes\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 15:16] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000Core.job --a------ C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe [24/10/2014 20:12] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000UA.job --a------ C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe [24/10/2014 20:12] C:\Windows\tasks\HPCeeScheduleForE Raes.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 22:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000Core" [C:\Users\E Raes\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000UA" [C:\Users\E Raes\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000Core" [C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-244526131-3717190675-542008240-1000UA" [C:\Users\E Raes\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForE Raes" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{31D132D4-ECCD-4544-A49B-4D106021B518}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{AC2B8FE2-8524-43F2-B5AA-09C974E69F73}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chromium Look ====================== Google Drive - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Ella Moss - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\klghmpijngbhkpcnbdjpdbognohonimk Chrome Web Store Payments - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - E Raes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Preferences ents2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"http://www.google.be/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"54DE1AD495CF3A6B1157B413EF3C6546EA9C2CE2140AFF3D4D42D9CB02F7134E"},"default_search_provider":{"keyword":"51AF676B09BCE2CCC7A295CE0BFAFC6D59A1F5178D0167D14AA393A24C12E99B","name":"09A444C7E5E8123DCE1B5234537549596C44163849C4749C545D0D9B1426EB81","search_url":"A41E93DF049726351DD5C20DFFCAE902D96B7DEFA969C1463573D4E5D0E21739"},"default_search_provider_data":{"template_url_data":"E1C6F1D397BFF1DF9705B4937C539301414A2C43B565186F29D43BE8A3CBBD00"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"37E2E09AC4CD9FEDF37FC1DFF3FD8426D0187022BBC27E9172C605172C31A026","apdfllckaahabafndbhieahigkjlhalf":"53C7E16DDF992D3B2D91A8DA1CE90AD0A599F1996F18A13653CA69CCF6CD8CC4","bepbmhgboaologfdajaanbcjmnhjmhfn":"A25E1C8EC5690A4F07652BF7454B116249AC2462989A202E528BA86EC240AB4E","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E062334C08811189A84DDD84CEDE1E43B3D0FE2417F57098D5819155B8A02223","cfhdojbkjhnklbpkdaibdccddilifddb":"B95467FD6DD500890AB62FE78147A922123EAE2567539443752B261B38D8E778","coobgpohoikkiipiblmjeljniedjpjpf":"9EA6EA6EEB045EF2567FF03122B498FB1E22531F60A581C1F203E58F7AFFFFBB","eemcgdkfndhakfknompkggombfjjjeno":"E0CB27981F8610C6C31A17C041DBB191BB43F1FBE785CD87EE43FC827AA7AD70","ennkphjdgehloodpbhlhldgbnhmacadg":"6259919356657904232882533C5420A107071419BF3E9CC9DB633F68AC4015D9","gfdkimpbcpahaombhbimeihdjnejgicl":"EE69625833689F3734633F50BB0A12330D26C883D3AFB0CCF86650DB70E1ED5F","gighmmpiobklfepjocnamgkkbiglidom":"C508B7859B3EF032DABAC8E5E1FCE59DD85134B4676FFC1905536520C00BE01E","klghmpijngbhkpcnbdjpdbognohonimk":"80E9CA2DE9A8070218EE3618651DDBB1F6B2C634491BEF8330D615CD923CDC31","kmendfapggjehodndflmmgagdbamhnfd":"3ACD8BCFF3C20B54EA8F759DF5211BAA1A4B9E58283BD3A6188F8D806912DF7F","mfehgcgbbipciphmccgaenjidiccnmng":"955EE1AF1BA94E24E6705A2771C10903D4C24AA357CB8BFEA0A5F557C8811D08","mgndgikekgjfcpckkfioiadnlibdjbkf":"D701054FAE4256723C56DEB52EE7AD8D7F46DDF33AB664A4F62DE58A430936AB","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A9AC86AF39A859E2CD689B761E02239A8E28496F928D32CFB419F025AF82B10D","neajdppkdcdipfabeoofebfddakdcjhd":"859560D98900B0306A03A99DD8F9F6542EB4F79CAAEB01A1763915B7E9B6F305","nkeimhogjdpnpccoofpliimaahmaaome":"2AC7DD64576DFE7A3D7152C5E6E0E608EE8DF53D89CD1A2783637908071EF704","nmmhkkegccagdldgiimedpiccmgmieda":"19124C2BCEFC185940665909B4CF4F00235F7204FE37239E4BCCCB51B4EA1CAA","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"E8D94DBF16DF25AC933A0D193C0DBEEAE6A6FE654E69E9EAE5BDE92B4881EDE9","pjkljhegncpnkpknbcohdijeoejaedia":"89641AE7EBE1E3E5179E9E6B6DE90A0437A9F3104510E5213FF0A111D19EB7A4"}},"google":{"services":{"account_id":"9546075D8CC0614A48B7008EAD60ED561184146D3E7E864EA68CEB60049C6CE1","last_username":"FC770C6B84973838EBBD2EA2053FAECEC14E12840B0C6B3768FE7E3DB6535AAE","username":"92BBA1C3B50B6AA80CA84D9101E99754EAD95E7C4C0C467F3C7B6BB39AD9760B"}},"homepage":"98D91249888040FDFBDFE38DB4A9709F9B51F4B7029B278A5B083D753D7F026A","homepage_is_newtabpage":"FEC6D9D525A42D2DBFBE192B5A4CFF5EF62C1B5FAD93360A843299A9A2DA56CE","pinned_tabs":"9E52B86B77DF3B9822B4A753B7BD820B96BFB64FCFA501ADE636A2CD5E063416","prefs":{"preference_reset_time":"345C9778BD132B920D6A12618DD50D94B23D9A5439D9A3D0EDDC9F8C9E2D30EA"},"profile":{"reset_prompt_memento":"59D2588C7671B9A6933C5EAF44CFDFB0862B2FF88349DB7BB77D385032916AB4"},"safebrowsing":{"incidents_sent":"683321608ECCB7C51A1580CEF4F7C7D46AFC4E86E730522D1F836623A344F4DD"},"search_provider_overrides":"30423084C64F9568108A25A19D0F4B2B6F8E9B7303CB6A3F0D730438D74CADD3","session":{"restore_on_startup":"C66C2142320F715CB8B577A62D8625D01A811BD8E02BE72B193FDE4D34996C6B","startup_urls":"0E46BE381BB790980C104D4547621AEBDCEE947C4EF86465824DF529F8B11EDC"},"software_reporter":{"prompt_reason":"6E6411869839BB836AD379943FB05FB13381D029AB93FEBFD9FC4B3EDEF5D0C2","prompt_seed":"9608AEC6817886AFAACBA08061D535CE0EC2FEB7A0B96812593648B90A86D6AE","prompt_version":"49E3C7987BD097C2F2936529369E2EBD990A865BCCC5834623E336012561D09B"},"sync":{"remaining_rollback_tries":"18836843FC31EB35B9E3D8407BDDAA1AE43678FBD4168C413437497714FD04E6"}},"super_mac":"E531CC30DC74F20D7222495ECAE8F7A9645F6BAEBEE2C63C5B5C93B62C9846EB"},"session":{"startup_urls":["http://www.google.be/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_partner.support.services.microsoft.com_0.localstorage deleted successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_partner.support.services.microsoft.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Default_Search_URL"="http://www.google.com/ie" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" "Default"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" {C0466D39-EF7A-40A3-A71D-7FCFD4D997A9} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-5/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2e6ff63.TMP will be reset at reboot C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\E Raes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\E Raes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=152 folders=53 59794215 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\E Raes\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ERAES~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\E Raes\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF2e6ff63.TMP" not found ==== EOF on vr 07/08/2015 at 18:32:54,45 ======================