Zoek.exe v5.0.0.0 Updated 08-December-2014 Tool run by Rijon on di 09-12-2014 at 11:37:16,55. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: G:\setups\zoek.exe [Scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 9-12-2014 11:38:53 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\Rijon\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-644121108-1263804581-3321629488-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully HKEY_USERS\S-1-5-21-644121108-1263804581-3321629488-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Rijon\AppData\Roaming\ParetoLogic deleted C:\Users\Rijon\AppData\Roaming\DriverCure deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\Package Cache deleted C:\Users\Rijon\AppData\Local\Thinstall deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Rijon\AppData\Roaming\Thinstall" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Rijon\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-01 21:29:28 1E7CDE8F155F3B6FDCFDB0F46378D4BE 42 ----a-w- C:\Windows\SysWOW64\AK083E209605E394C.lie 2014-11-30 06:11:33 57BCD4649CD7CA0FEBB31E5EA18796A8 30008 ----a-w- C:\Windows\SysWOW64\uxtuneup.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-01 16:17:18 9A642F163F1FB12DE395A6010A9AD687 189920 ----a-w- C:\Windows\Sysnative\mfevtps.exe 2014-11-30 06:11:33 A7649519DFE623683FA5062311A3D337 36664 ----a-w- C:\Windows\Sysnative\uxtuneup.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-01 16:25:13 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys ====== C:\Windows\Tasks ====== 2014-12-01 16:02:11 AB47A5B1AF8A85B9AA447755BC8A1E17 3302 ----a-w- C:\Windows\Sysnative\Tasks\{717EEA48-AB0B-4407-B5B4-3A8085557980} 2014-11-30 12:53:02 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 2014-11-12 14:10:32 EAF1C5F09E6F69FA9FBFFAF8419F6BE6 3338 ----a-w- C:\Windows\Sysnative\Tasks\SpyHunter4Startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-07 13:22:38 -------- d-----w- C:\Program Files\ReviverSoft 2014-12-04 06:59:20 -------- d-----w- C:\Program Files\Speccy 2014-12-01 21:39:52 -------- d-----w- C:\Program Files\Perfect Uninstaller 2014-12-01 11:12:10 -------- d--h--w- C:\Program Files\Uninstall Information 2014-11-28 20:09:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware ======= C:\PROGRA~2 ===== 2014-12-01 11:12:35 -------- d--h--w- C:\PROGRA~2\Uninstall Information 2014-12-01 10:39:54 -------- d-----w- C:\PROGRA~2\Tweaking.com ======= C: ===== ====== C:\Users\Rijon\AppData\Roaming ====== 2014-12-02 11:57:47 -------- d-----w- C:\Users\Rijon\AppData\Roaming\SUPERAntiSpyware.com 2014-11-30 12:19:11 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp 2014-11-30 12:19:11 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-11-30 12:19:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-11-30 12:19:11 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2014-11-30 12:19:10 -------- d-----w- C:\Users\Rijon\AppData\Local\Temp 2014-11-17 09:40:08 -------- d-----w- C:\Users\Rijon\AppData\Local\PopcornTimeDesktop 2014-11-15 06:53:03 FE845BEEC76A4CFB519997F7F62B3FC1 115976 ----a-w- C:\Users\Rijon\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-12 14:12:19 -------- d-sh--w- C:\Users\Rijon\AppData\Locallow\EmieBrowserModeList 2014-11-12 14:10:37 -------- d-sh--w- C:\Users\Rijon\AppData\Local\EmieBrowserModeList 2014-11-12 14:10:28 -------- d-----w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-11-10 07:58:26 -------- d-----w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps 2014-11-10 07:58:18 -------- d-----w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome ====== C:\Users\Rijon ====== 2014-12-07 13:25:55 -------- d-----w- C:\ProgramData\RegistryReviver.exe 2014-12-07 13:22:40 -------- d-----w- C:\ProgramData\ReviverSoft 2014-12-07 13:22:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft 2014-12-04 06:59:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-12-02 11:57:43 -------- d-----w- C:\ProgramData\!SASCORE 2014-12-02 11:57:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-12-01 21:39:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller 2014-12-01 10:40:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-11-29 21:44:01 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-11-28 13:03:43 -------- d-----w- C:\ProgramData\Acoustica 2014-11-28 12:18:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-11-28 12:18:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-11-27 16:52:21 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2014-11-27 13:47:20 -------- d-----w- C:\ProgramData\ASUS 2014-11-27 13:32:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust 2014-11-27 13:31:58 -------- d-----w- C:\ProgramData\Firetrust 2014-11-27 13:20:28 -------- d-----w- C:\ProgramData\Sun 2014-11-27 13:20:19 -------- d-----w- C:\ProgramData\Oracle 2014-11-27 13:20:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-27 13:18:22 -------- d-----w- C:\ProgramData\Adobe 2014-11-27 12:45:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet 2014-11-27 12:04:34 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-11-27 07:15:34 -------- d-----w- C:\ProgramData\TEMP 2014-11-27 06:23:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2014-11-26 14:06:02 -------- d-----w- C:\ProgramData\Microsoft Help 2014-11-26 14:04:52 -------- d-----w- C:\ProgramData\Spotnet 2014-11-26 14:04:42 -------- d-----w- C:\ProgramData\IObit 2014-11-26 12:58:18 -------- d-----w- C:\ProgramData\vso 2014-11-26 12:51:34 -------- d--h--w- C:\ProgramData\.Syncables 2014-11-26 12:51:34 -------- d-----w- C:\ProgramData\Intel 2014-11-26 12:45:49 -------- d-----w- C:\ProgramData\HP 2014-11-26 12:45:46 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2014-11-26 12:45:43 -------- d-----w- C:\ProgramData\NVIDIA 2014-11-26 12:44:06 -------- d-----w- C:\ProgramData\Microsoft 2014-11-26 12:43:04 -------- d-----w- C:\ProgramData\SystemExplorer 2014-11-12 12:56:37 -------- d-----w- C:\Users\Rijon\Start Menu ====== C: exe-files == 2014-12-08 16:35:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\RSITx64.exe 2014-12-07 13:09:29 EA5EEA1C196D50375BBAEA9122C8EDFF 4161536 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\RegistryReviverInstaller.exe 2014-12-06 08:51:28 F029262FFCF08C83BF0467AE2A1BA10F 718084 ----a-w- C:\Program Files (x86)\Spotnet\unins001.exe 2014-12-06 07:19:25 99CD14EFE0F5A39FD6FA63B0D62F5E88 4451032 ----a-w- C:\Users\Rijon\AppData\Local\NVIDIA\NvBackend\Packages\00006942\DAO.19113547.exe 2014-12-06 07:19:25 053A3499F9FA53C8CA808033C0F2B8E2 429800 ----a-w- C:\Users\Rijon\AppData\Local\NVIDIA\NvBackend\Packages\00006943\CoProc update.19113656.exe 2014-12-04 06:56:20 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\spsetup126.exe 2014-12-03 06:46:17 3CCFBBAF15FB3D07EFCBA4D6DE939929 1196823 ----a-w- C:\Program Files (x86)\Spotnet\unins000.exe 2014-12-02 18:08:42 D23A14C907FE7E882745D5C599F98ACD 123892480 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\msert.exe 2014-12-02 13:42:22 CBDDB6C4BCD895F8879FD6AC588007A0 2154496 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\adwcleaner_4.103.exe === C: other files == 2014-12-06 08:45:38 A8BA8565584EEF68857659E735AC4A97 12790632 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\Spotnet-FTDlook_dec2012.zip 2014-12-02 11:58:38 91A7FEB420341CF91E69CCC2EF77FF92 178664 ----a-w- C:\Users\Rijon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP 2014-12-02 11:58:17 74869DE2B0A02AF0781AEB335C1EC220 11544978 ----a-w- C:\Users\Rijon\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-644121108-1263804581-3321629488-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN14Q2C0CZ05MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1 " "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91140000-0011-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" "{90140000-0018-0413-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91140000-0011-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" "{90140000-0018-0413-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "SonicMasterTray"="C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" "FLxHCIm"="C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "VAWinAgent"="C:\ExpressGateUtil\VAWinAgent.exe " "RemoteControl10"="C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" "UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SystemExplorerAutoStart"="C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY" "mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe /platui /runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN14Q2C0CZ05MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1 " "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtherosBtStack"="C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe " "AthBtTray"="C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2014-01-13 08:23:02 1956 ----a-w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk 2014-11-27 13:37:26 1154 ----a-w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27-11-2014 14:00] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 06:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4a4c50154a1.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 06:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf27c04674f1b1.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\awditSkipUAC" [C:\Users\Rijon\AppData\Roaming\Reincubate\awdit Desktop\awdit-desktop.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Rijon)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Rijon\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cf4a4c50154a1" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf27c04674f1b1" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3070 B611 series" ["C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2012" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\{07E2ECC4-29C7-4EC3-A776-C3E69A167A96}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{0CACDB23-E95C-46AC-80B5-EF7813CB2DB0}" [C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe] "C:\Windows\SysNative\tasks\{109D6723-712F-4FC9-B3AA-3FD118C0D289}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{10B7FE5E-EE75-451B-A7E6-63C5667CE3BA}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{170C416F-5160-44AE-A72E-A5CD8EEC1F7A}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{1F5D6B6F-6129-4058-B395-5091A4ADF7FC}" [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe] "C:\Windows\SysNative\tasks\{217CFED6-A10B-44A5-ABAB-631318207A9B}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{31646315-966C-4F7B-8AA3-DF42BE9CA9EF}" [C:\Program Files (x86)\DFX\DFX.exe] "C:\Windows\SysNative\tasks\{47D01D11-9ADD-4E37-B08E-19AFC87DCBF8}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{51849723-58D8-4BCE-94BA-48A60DD4E352}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{5CDF9262-576B-496B-9D96-A20883BC1B51}" [C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe] "C:\Windows\SysNative\tasks\{6B2EFC00-56AF-4316-B65F-83830E9C94E6}" [C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe] "C:\Windows\SysNative\tasks\{6D4CCEEF-9DB4-45BF-B675-76C570DAFABF}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{7180B7C4-2E24-4DED-919C-D0C4A497A526}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{731D1A89-6B0D-4D18-BF57-A6CB33B55A44}" [C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe] "C:\Windows\SysNative\tasks\{8F10A1B8-C14B-4CEF-9014-01BF86E06713}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{A2A2ABBD-D449-4AE0-AB1C-9C1B32DF706C}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{A381054B-4C72-4948-A928-029C9F033D89}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{A60E0330-A2D3-4AA7-A53A-DC4521951214}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{ADB24E89-EAF3-4676-9FD0-C08C7DF7D5D2}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{B021E925-2465-417C-A89E-D913828EA70F}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{D99207A7-E77A-437C-8398-9EF56E846EDE}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{DE651C09-86D0-4D41-849F-65C6DDD3D0D4}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{E595115E-6686-4D54-91F7-DBB558ADBF92}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{E7BA9C85-5342-48C0-BB5D-1AF80D9B9C0D}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{E981C966-85CC-4047-A217-BBECFB1AD5A4}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{EE7EDEB2-1AB3-4620-8D85-B6E312377347}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [07-12-2014 06:35] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706 - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - clickclean@hotcleaner.com - Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - Clickamp;Clean - %ProfilePath%\extensions\clickclean@hotcleaner.com - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Rijon\AppData\Roaming\TomTom\HOME\Profiles\6tb2ga9j.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.8.544.1836@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.057.562242@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706 8303B3CEC05500F763B4FA75210598BB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Slides - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf VLC for Chrome - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fapffilknndicpjinfcjjcnladnmjgdm SiteAdvisor - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho ClickClean - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod Google Wallet - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/?gfe_rd=cr&ei=Iap9VMeDD4ug-wa0qIH4Dw" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/?gfe_rd=cr&ei=Iap9VMeDD4ug-wa0qIH4Dw" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rijon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Rijon\AppData\Local\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706\cache2 emptied successfully C:\Users\Rijon\AppData\Local\Mozilla\Firefox\Profiles\lfyf67y1.default-1361697865420\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=34 folders=154 8395220 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Gast\AppData\Local\temp emptied successfully C:\Users\HomeGroupUser$\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\Rijon\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Rijon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 09-12-2014 at 12:11:23,93 ======================