Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jarno on di 08/03/2016 at 11:42:11,27. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jarno\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8/03/2016 11:43:28 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Hercules deleted successfully C:\Users\Jarno\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Jarno\AppData\Local\Adobe deleted successfully C:\Users\Jarno\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Jarno\AppData\Local\EmieSiteList deleted successfully C:\Users\Jarno\AppData\Local\EmieUserList deleted successfully C:\Users\Jarno\AppData\Local\Skype deleted successfully C:\Users\Jarno\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Hercules not found C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768\extensions\en-gb@flyingtophat.co.uk deleted C:\windows\SysNative\Tasks\Software Update Application deleted C:\Users\Public\Pokki deleted C:\PROGRA~3\Package Cache deleted C:\Users\Default\AppData\Local\Pokki deleted C:\Users\Jarno\AppData\Local\Unity deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Jarno\AppData\LocalLow\Unity deleted "C:\Windows\Installer\81669.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Jarno\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-02-20 10:56:52 7D7FBC9504575D97885A858EA93684F5 5804772 ----a-w- C:\Windows\Sysnative\drivers\rtvienna.dat 2016-02-20 10:56:48 3A2D6740F51BE48C0FD01AD907329DEE 4496600 ----a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys 2016-02-20 10:56:48 31ABB86D0F0F1BCF78743C4A0234D7AC 3157796 ----a-w- C:\Windows\Sysnative\drivers\rtkSSTsetting.dat 2016-02-20 10:56:37 D4259E13E0A4459DE8C07DA0852B6073 2862488 ----a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT 2016-02-09 19:27:16 B0A106352DEF6D52332EA39E00462EA7 202240 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-02-09 19:27:16 61000E7155E92342D0D5338CE05D102A 401920 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-02-09 19:26:59 D2AC8F07995CE6CD18848C129435B481 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2016-03-02 10:49:07 EFAB992F82525594C31663550A18275E 1066 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-02 10:49:07 D440DD661E14BF59940E5D9E54B412B2 4038 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2016-03-02 10:49:07 D16835587A04DCAEB07234DD1698429C 3802 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2016-03-02 10:49:07 D086DF760EE250537CD3C47A0B9622D9 1062 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-03-07 18:19:46 -------- d-----w- C:\Program Files\trend micro 2016-02-20 10:57:35 -------- d-----w- C:\Program Files\Realtek ======= C:\PROGRA~2 ===== 2016-03-02 10:49:05 -------- d-----w- C:\PROGRA~2\Google ======= C: ===== ====== C:\Users\Jarno\AppData\Roaming ====== 2016-03-04 20:48:42 EA50B274207BB4994E1742DEC4271FDB 2082 ----a-w- C:\Users\Jarno\AppData\Local\recently-used.xbel 2016-03-04 13:41:20 8FFB6335DC2830DF432A283183B41F47 173248 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2016-03-02 10:49:02 -------- d-----w- C:\Users\Jarno\AppData\Local\Google 2016-02-08 20:44:06 -------- d-----w- C:\Users\Jarno\AppData\Local\ElevatedDiagnostics ====== C:\Users\Jarno ====== 2016-03-07 18:19:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jarno\Downloads\RSITx64.exe 2016-03-02 15:51:53 51799DA44BA436FA961057AD156BA062 1518592 ----a-w- C:\Users\Jarno\Downloads\adwcleaner_5.037.exe 2016-03-02 10:48:53 55B7DB8E3FEEAC3D9B07B6C463BBB0E0 987728 ----a-w- C:\Users\Jarno\Downloads\ChromeSetup.exe ====== C: exe-files == 2016-03-07 18:19:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jarno.exe 2016-03-07 18:19:15 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jarno\Downloads\RSITx64.exe 2016-03-05 15:01:11 8D677EE90317A10D3369C3885C93B268 1579416 ----a-w- C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\SwReporter\6.44.4\software_reporter_tool.exe 2016-03-02 15:51:53 51799DA44BA436FA961057AD156BA062 1518592 ----a-w- C:\Users\Jarno\Downloads\adwcleaner_5.037.exe 2016-03-02 10:49:41 C63D17DCBEEB1A035D484C3F4A13BB11 44333984 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\48.0.2564.116\48.0.2564.116_chrome_installer.exe 2016-03-02 10:49:07 F489BF87E4B3E9CCEFA102CC347F180F 95048 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe 2016-03-02 10:49:07 A70C804C5BCC0BBFCB7E9173C32B0221 95048 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe 2016-03-02 10:49:07 55B7DB8E3FEEAC3D9B07B6C463BBB0E0 987728 ----a-w- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateSetup.exe 2016-03-02 10:49:07 1457C6AC71CAEC4D692FDD62155A9745 95048 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateBroker.exe 2016-03-02 10:49:06 750446ED76A5D13E902174DDDDA1A62B 154440 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2016-03-02 10:49:05 ABF64234F3462571E66527828040219B 252232 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe 2016-03-02 10:49:05 8C17EAF5E4883284A75FC560C7F021AB 137544 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe 2016-03-02 10:49:05 750446ED76A5D13E902174DDDDA1A62B 154440 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleUpdate.exe 2016-03-02 10:49:05 2E6215108125A42160A1EC17208A50F0 313672 ----atw- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe 2016-03-02 10:48:53 55B7DB8E3FEEAC3D9B07B6C463BBB0E0 987728 ----a-w- C:\Users\Jarno\Downloads\ChromeSetup.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== Software Update Application deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-506317321-575504820-1641975243-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" ==== Startup Folders ====================== 2015-02-06 16:55:30 850 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/02/2016 20:34] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/03/2016 11:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/03/2016 11:49] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\abDocsDllLoader" [C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe] "C:\Windows\SysNative\tasks\ACC" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe] "C:\Windows\SysNative\tasks\ACCAgent" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe] "C:\Windows\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\BacKGroundAgent" [C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Launch Manager" ["C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe"] "C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"] "C:\Windows\SysNative\tasks\Quick Access" ["C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"] "C:\Windows\SysNative\tasks\Quick Access Quick Launcher" ["C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"] "C:\Windows\SysNative\tasks\UbtFrameworkService" ["C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{253F7A1D-A924-450A-B630-905C5BBA6902}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768 user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:home"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768 - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi - YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768 6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash 7FEBFE86DA24919D3CCAC7C108825C22 - C:\Users\Jarno\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll - Skype Web Plugin 64F3C6B959B2B20D87DA5B1886FCE3A7 - C:\Users\Jarno\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll - Skype Web Plugin ==== Chromium Look ====================== Google Slides - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek HD for YouTube™ - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf Google Docs - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo uBlock₀ - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Google Search - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia That's Pretty Good (iDubbbzTV) - Jarno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng ==== Chromium Fix ====================== C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130906988697429253&GUID=E3180004-DBDD-4F7C-81C7-3B4DD76D4EB2" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{E6B739CF-D525-4225-A973-9ACF1379AA21}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130906988697429253&GUID=E3180004-DBDD-4F7C-81C7-3B4DD76D4EB2" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{E6B739CF-D525-4225-A973-9ACF1379AA21}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{E6B739CF-D525-4225-A973-9ACF1379AA21} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E6B739CF-D525-4225-A973-9ACF1379AA21}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{E6B739CF-D525-4225-A973-9ACF1379AA21} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{E6B739CF-D525-4225-A973-9ACF1379AA21} - No_Url_Value ==== Reset Google Chrome ====================== C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02F6486B12843E11F869800002C0A966 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6846F20-4821-11E3-8F96-0800200C9A66} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\02F6486B12843E11F869800002C0A966 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jarno\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jarno\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jarno\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Jarno\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Jarno\AppData\Local\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768\cache2 emptied successfully C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768\storage\default\https+++medium.com\cache emptied successfully C:\Users\Jarno\AppData\Roaming\Mozilla\Firefox\Profiles\pevgrkp3.default-1442753370768\storage\default\https+++www.younow.com\cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Jarno\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5793 folders=141 308785359 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jarno\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jarno\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on di 08/03/2016 at 12:03:27,62 ======================