Zoek.exe v5.0.0.0 Updated 03-August-2014 Tool run by Kevin on zo 03/08/2014 at 20:49:10,94. Microsoft® Windows Vista™ Home Premium 6.0.6000 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kevin\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3/08/2014 20:50:57 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Freemake deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\Settings Manager deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\systemk deleted successfully C:\Users\Kevin\AppData\Roaming\PerformerSoft deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1554026446-4006694378-3394363960-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ADBFFBCA-9A3E-427D-8C58-9095ED0A330E} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] ==== Deleting Files \ Folders ====================== C:\Program Files\AVG Nation toolbar not found C:\Program Files\Settings Manager not found C:\Program Files\AskPartnerNetwork deleted C:\ProgramData\AskPartnerNetwork deleted C:\ProgramData\APN deleted C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 deleted C:\PROGRA~2\eSellerate deleted C:\Program Files\Yahoo! deleted C:\junction.exe deleted C:\PROGRA~2\Registry Helper deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\Users\Kevin\AppData\Local\AskPartnerNetwork deleted C:\Users\Kevin\Searches deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted C:\Windows\WinInit.ini deleted C:\Windows\system32\Tasks\Express FilesUpdate deleted C:\Windows\system32\RegistryHelperLM.ocx deleted C:\Users\Kevin\Desktop\facebook.lnk deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-08-02 13:41:36 88D6A2E8060C71E730AD83B510A0643B 168471761 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Kevin\AppData\Local\Temp ==== 2014-07-29 20:01:56 30C3449DD95669C047EC6916E17F4F63 2049864 ----a-w- C:\Users\Kevin\AppData\Local\Temp\UNINSTALL.EXE ====== Java Cache ===== 2014-07-27 20:01:18 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-30de0d10 2014-07-27 20:01:12 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6ca2a902 2014-07-27 20:01:12 AD8C7EFB41BD1415B427F01BD7F39AAC 425 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-07-27 20:01:08 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-31ac41fd 2014-07-27 20:01:12 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-31727735 ====== C:\Windows\system32 ===== 2014-07-31 09:08:07 6651D83A6210DF18496C2447024E1B02 343464 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-07-27 13:07:51 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-07-27 13:07:39 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\System32\java.exe 2014-07-27 13:07:39 F98096A7E805CAE52BE582BF1318182F 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-07-27 13:07:39 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\System32\javaw.exe ====== C:\Windows\system32\drivers ===== 2014-07-31 10:58:16 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-31 10:56:08 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-07-31 10:56:08 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-31 10:56:08 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-03 17:41:07 -------- d-----w- C:\Program Files\trend micro 2014-07-27 13:07:56 -------- d-----w- C:\Program Files\Common Files\Java 2014-07-08 17:07:39 -------- d-----w- C:\Program Files\iPod 2014-07-08 17:07:20 -------- d-----w- C:\Program Files\iTunes ======= C: ===== ====== C:\Users\Kevin\AppData\Roaming ====== 2014-07-31 10:10:08 72FA6DCABB252868ADB71DA85F7F01E5 86536 ----a-w- C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Kevin ====== 2014-08-03 17:39:48 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT (1).exe 2014-08-03 17:39:14 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-07-31 10:52:29 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Kevin\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-07-31 10:52:13 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Kevin\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-27 13:07:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-08 17:09:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2014-08-03 17:41:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kevin.exe 2014-08-03 17:39:48 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT (1).exe 2014-08-03 17:39:14 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Kevin\Downloads\RSIT.exe 2014-07-31 10:52:29 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Kevin\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-07-31 10:52:13 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Kevin\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-29 20:01:56 30C3449DD95669C047EC6916E17F4F63 2049864 ----a-w- C:\Users\Kevin\AppData\Local\Temp\UNINSTALL.EXE === C: other files == 2014-07-31 10:58:16 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-31 10:56:08 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-07-31 10:56:08 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-31 10:56:08 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="C:\\Program Files\\Apoint2K\\Apoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DMXLauncher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DMXLauncher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\CinePlayer\\DMXLauncher.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eAudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="eAudio" "hkey"="HKLM" "command"="\"C:\\Acer\\Empowering Technology\\eAudio\\eAudio.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eDataSecurity Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="eDataSecurity Loader" "hkey"="HKLM" "command"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000000] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPLTarget\\P0000000000000000" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\E_TATIJJE.EXE /EPT \"EPLTarget\\P0000000000000000\" /M \"WF-3520 Series\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUFAXRCV] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FUFAXRCV" "hkey"="HKLM" "command"="\"C:\\Program Files\\Epson Software\\FAX Utility\\FUFAXRCV.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUFAXSTM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FUFAXSTM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Epson Software\\FAX Utility\\FUFAXSTM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Kevin\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAAnotif" "hkey"="HKLM" "command"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IgfxTray" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\osCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="osCheck" "hkey"="HKLM" "command"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Persistence" "hkey"="HKLM" "command"="C:\\Windows\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files\\Acer Arcade Deluxe\\Play Movie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMSpeed" "hkey"="HKLM" "command"="C:\\Program Files\\NewSoft\\Presto! PageManager 9.03\\PMSpeed.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RoxWatchTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\10.0\\SharedCOM\\RoxWatchTray10.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="RtHDVCpl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Scan Buttons] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Scan Buttons" "hkey"="HKCU" "command"="C:\\Program Files\\NewSoft\\Presto! PageManager 9.03\\PMSB.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec PIF AlertEng] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Symantec PIF AlertEng" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsWelcomeCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WindowsWelcomeCenter" "hkey"="HKCU" "command"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WrtMon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WrtMon.exe" "hkey"="HKLM" "command"="C:\\Windows\\system32\\spool\\drivers\\w32x86\\3\\WrtMon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma Loader.exe.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 00:00] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1554026446-4006694378-3394363960-1000Core.job --a------ C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [22/07/2011 03:16] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1554026446-4006694378-3394363960-1000UA.job --a------ C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [22/07/2011 03:16] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1554026446-4006694378-3394363960-1000Core" [C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1554026446-4006694378-3394363960-1000UA" [C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1554026446-4006694378-3394363960-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1554026446-4006694378-3394363960-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [14/10/2013 19:54] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaaiabcopkplhgaedhbloeejhhankf - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11] jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[] YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Card number - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Search App By Ask v2 - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf Google Docs - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_aaaaaiabcopkplhgaedhbloeejhhankf_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "SEARCH PAGE"="http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com" "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "SEARCH PAGE"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scan Buttons deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=302 folders=119 18491807 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kevin\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kevin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 03/08/2014 at 21:27:54,45 ======================