Zoek.exe v5.0.0.0 Updated 18-08-2014 Tool run by mark on 18/08/2014 at 19:24:23.82. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mark\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/08/2014 19:25:44 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Moo0 deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\RegClean Pro deleted successfully C:\PROGRA~2\SaveSense deleted successfully C:\PROGRA~2\SerialTrunc deleted successfully C:\PROGRA~2\Ubisoft deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\mark\AppData\Roaming\Media Player Classic deleted successfully C:\Users\mark\AppData\Roaming\QuickScan deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-379617572-2991067909-4128941990-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\RegClean Pro not found C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 deleted C:\Program Files (x86)\Desk 365 deleted C:\PROGRA~3\QuickSet deleted C:\Users\mark\.android deleted C:\PROGRA~2\COMMON~1\337 deleted C:\PROGRA~2\Advanced System Protector deleted C:\PROGRA~2\AVG SafeGuard toolbar deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\found.000 deleted C:\found.001 deleted C:\Users\mark\AppData\Roaming\All CPU MeterV3_Settings.ini deleted C:\Users\mark\AppData\Roaming\SaveSense deleted C:\Users\mark\AppData\Roaming\GoforFiles deleted C:\Users\mark\AppData\Roaming\Desk 365 deleted C:\Users\mark\AppData\Roaming\eIntaller deleted C:\Users\mark\AppData\Roaming\Systweak deleted C:\PROGRA~3\RUNDLL32.EXE-2232-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-2600-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-4220-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-45796-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-5060-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-5356-F.txt deleted C:\PROGRA~3\RUNDLL32.EXE-5752-F.txt deleted C:\PROGRA~3\B6264B.cpp deleted C:\PROGRA~3\eSafe deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\mark\AppData\Local\FilesFrog Update Checker deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\mark\Searches deleted C:\windows\SysNative\Tasks\GoforFilesUpdate deleted C:\windows\SysNative\tasks\RegClean Pro_DEFAULT deleted C:\windows\SysNative\tasks\RegClean Pro_UPDATES deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted "C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job" not deleted "C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" not deleted "C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job" not deleted "C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" not deleted "C:\Users\mark\AppData\Roaming\GHISLER\default.bar" deleted "C:\Users\mark\AppData\Roaming\GHISLER\default.br2" deleted "C:\Users\mark\AppData\Roaming\GHISLER" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\mark\AppData\Local\Temp ==== ====== Java Cache ===== 2014-07-29 17:07:04 59906E68668BA81C15E519C8948E4A54 556 ----a-w- C:\Users\mark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\14a14964-16caf0ba 2014-07-29 17:07:05 95025E8C72CA436E5CF657632CEC1476 38 ----a-w- C:\Users\mark\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\14a14964-bed30fae377f39d22497bf691cb7f55396e65543c2f806e5873fc20ea64ff03a-6.0.lap ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-08-13 14:28:25 905EFEB27F37F82CA6B99F0C83E1CCFE 84848 ----a-w- C:\WINDOWS\Sysnative\bdsandboxuiskin.dll.upd ====== C:\WINDOWS\Sysnative\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-08-17 15:26:38 -------- d-----w- C:\Program Files\trend micro 2014-08-10 09:21:56 -------- d-----w- C:\Program Files\iPod 2014-08-10 09:21:55 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-08-10 09:21:55 -------- d-----w- C:\PROGRA~2\iTunes 2014-08-05 18:39:12 -------- d-----w- C:\PROGRA~2\Steam 2014-07-30 20:01:10 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\mark\AppData\Roaming ====== ====== C:\Users\mark ====== 2014-08-18 16:08:51 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2014-08-17 15:26:10 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\mark\Desktop\RSITx64.exe 2014-08-10 09:22:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-05 18:39:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-07-30 20:01:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-30 19:59:59 -------- d-----w- C:\ProgramData\Riot Games ====== C: exe-files == 2014-08-17 15:26:42 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\mark.exe 2014-08-17 15:26:10 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\mark\Desktop\RSITx64.exe === C: other files == 2014-08-18 16:09:55 D31195B10838E047CAB3A0688D5DF4CD 195887 ----a-w- C:\Users\mark\AppData\Local\Microsoft\Windows\INetCache\Low\IE\LPGK88EJ\sheetdata_92[1].zip 2014-08-17 19:54:46 796BA57B7D11FE5A5AD1026F65C488BF 186759 ----a-w- C:\Users\mark\AppData\Local\Microsoft\Windows\INetCache\Low\IE\FHWYT6SO\sheetdata_90[1].zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-21-379617572-2991067909-4128941990-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="D:\DAEMON Tools Lite\DTLite.exe -autorun" "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="D:\DAEMON Tools Lite\DTLite.exe -autorun" "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" "Bitdefender Wallet Application Agent"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun" "Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" ==== Startup Folders ====================== 2014-08-18 16:09:07 1037 ----a-w- C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar749.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\RegClean Pro_UPDATES.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\WINDOWS\SysNative\tasks\4608" [wscript.exe C:\Users\mark\AppData\Local\Temp\launchie.vbs //B] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{A44FA474-64C6-4C55-9FBD-2A2B7BDF349D}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [02/08/2013 16:50] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[27/03/2014 17:28] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://www.bing.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{33FC3AB1-2F8B-468F-9F33-367E27A12862}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found" {33FC3AB1-2F8B-468F-9F33-367E27A12862} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-379617572-2991067909-4128941990-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{84FDD491-B527-0744-C3CB-8D61220FE050} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\mark\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\mark\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=671 folders=133 88051492 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\mark\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\mark\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job" not found "C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" not found "C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job" not found "C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" not found ==== EOF on 18/08/2014 at 19:44:46.11 ======================