Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
can't remove GooSave virus
Message
<blockquote data-quote="Shadowth" data-source="post: 296254" data-attributes="member: 30405"><p>Sorry but I can't upload the file there's always an error when I try to upload the file like this "The uploaded file is empty"</p><p>anyways here's the results:</p><p></p><p>Zoek.exe v5.0.0.0 Updated 10-November-2014</p><p>Tool run by Ian on Mon 11/10/2014 at 20:54:06.40.</p><p>Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Ian\Downloads\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== Older Logs ======================</p><p></p><p>C:\zoek-results2014-11-10-103115.log 1452 bytes</p><p></p><p>==== System Restore Info ======================</p><p></p><p>11/10/2014 9:06:53 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Files Recently Created / Modified ======================</p><p></p><p>====== C:\Windows ====</p><p>====== C:\Users\Ian\AppData\Local\Temp ====</p><p>2014-11-10 11:40:24 C5C698758BD9DA02CC2EF94DCF1B4637 2705744 ----a-w- C:\Users\Ian\AppData\Local\Temp\{1CBB4E8E-17BE-482A-AB40-5C230BBE15A2}\{CED8E25B-122A-4E80-B612-7F99B93284B3}\vcredist_x86.exe</p><p>2014-11-09 08:32:22 325B008AEC81E5AAA57096F05D4212B5 14848 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\InstallOptions.dll</p><p>2014-11-09 08:32:18 9384F4007C492D4FA040924F31C00166 5632 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\LangDLL.dll</p><p>2014-11-09 08:32:18 459E02E5FC18761C2CB80A5ED4CF80D0 1367040 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\gginst.dll</p><p>====== Java Cache =====</p><p>====== C:\Windows\system32 =====</p><p>2014-11-10 12:07:18 174A41684ABDF725D29ABF13F90BD65C 234648 ------w- C:\Windows\System32\ravext.dll</p><p>2014-11-05 10:37:29 833051C6C6C42117191935F734CFBD97 26176 ---ha-w- C:\Windows\System32\hamachi.sys</p><p>2014-11-02 04:14:19 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll</p><p>2014-10-30 01:38:13 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\System32\javaws.exe</p><p>2014-10-30 01:38:03 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\System32\javaw.exe</p><p>2014-10-30 01:38:03 279C281689A48D1CAF37338CAB312C06 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll</p><p>2014-10-30 01:38:03 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\System32\java.exe</p><p>====== C:\Windows\system32\drivers =====</p><p>2014-11-02 06:11:59 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys</p><p>2014-11-02 06:11:27 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys</p><p>2014-11-02 06:11:27 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys</p><p>2014-11-02 06:11:27 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys</p><p>====== C:\Windows\Tasks ======</p><p>2014-11-05 10:38:51 C12B7037B39BCCEB04B3D2D9F3E31D20 3758 ----a-w- C:\Windows\system32\Tasks\AutoKMS</p><p>====== C:\Windows\Temp ======</p><p>======= C:\Program Files =====</p><p>2014-10-30 01:38:29 -------- d-----w- C:\Program Files\Common Files\Java</p><p>2014-10-30 01:37:47 -------- d-----w- C:\Program Files\Java</p><p>2014-10-25 17:06:31 -------- d-----w- C:\Program Files\EA Games</p><p>2014-10-17 00:35:58 -------- d-----w- C:\Program Files\Common Files\INCA Shared</p><p>2014-10-16 23:59:32 -------- d-----w- C:\Program Files\SEGA</p><p>======= C: =====</p><p>====== C:\Users\Ian\AppData\Roaming ======</p><p>2014-11-03 03:32:49 -------- d-----w- C:\Users\Marc\AppData\Local\Garena</p><p>2014-11-02 23:43:57 -------- d-----w- C:\Users\Marc\AppData\Roaming\Spotify</p><p>2014-11-02 23:43:57 -------- d-----w- C:\Users\Marc\AppData\Local\Spotify</p><p>2014-10-30 06:17:42 -------- d-----w- C:\Users\Ian\AppData\Local\Spotify</p><p>2014-10-30 06:07:50 -------- d-----w- C:\Users\Ian\AppData\Roaming\Spotify</p><p>2014-10-30 04:58:56 -------- d-----w- C:\Users\Ian\AppData\Local\Vitalwerks</p><p>2014-10-30 01:07:01 31C28B66A7F4B609C2C9053FD23031DA 45270 ----a-w- C:\Users\Ian\AppData\Roaming\room_v3.dat</p><p>2014-10-30 00:02:38 -------- d-----w- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games</p><p>2014-10-26 22:48:35 9C9B7C29068C1C915B28B9237976A190 45270 ----a-w- C:\Users\Marc\AppData\Roaming\room_v3.dat</p><p>2014-10-25 16:14:15 -------- d-----w- C:\Users\Marc\AppData\Roaming\2K Sports</p><p>====== C:\Users\Ian ======</p><p>2014-11-10 11:49:57 9E437E301CF7F9118E077892E4803DA0 39389008 ----a-w- C:\Users\Ian\Downloads\ravintfree11.exe</p><p>2014-11-10 11:41:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment</p><p>2014-11-08 14:29:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-11-02 05:50:23 -------- d-----w- C:\ProgramData\HitmanPro</p><p>2014-10-30 01:38:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java</p><p>2014-10-16 23:44:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online 2</p><p>2014-10-14 23:55:01 -------- d-----w- C:\ProgramData\Microsoft Toolkit</p><p></p><p>====== C: exe-files ==</p><p>2014-11-10 11:49:57 9E437E301CF7F9118E077892E4803DA0 39389008 ----a-w- C:\Users\Ian\Downloads\ravintfree11.exe</p><p>2014-11-10 11:41:07 231FC322BA13F0B60073A4EAB8ABC42F 840576 ----a-w- C:\Program Files\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe</p><p>2014-11-10 11:40:24 C5C698758BD9DA02CC2EF94DCF1B4637 2705744 ----a-w- C:\Users\Ian\AppData\Local\Temp\{1CBB4E8E-17BE-482A-AB40-5C230BBE15A2}\{CED8E25B-122A-4E80-B612-7F99B93284B3}\vcredist_x86.exe</p><p>2014-11-08 14:29:29 859FC9E24C1F51D74B8A4C90E7FA646F 41100368 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.111\38.0.2125.111_chrome_installer.exe</p><p>2014-11-08 14:27:23 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe</p><p>2014-11-08 14:27:23 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>2014-11-08 14:27:23 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe</p><p>2014-11-08 14:27:23 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe</p><p>2014-11-08 14:27:21 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe</p><p>2014-11-08 14:27:21 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe</p><p>2014-11-08 14:27:21 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe</p><p>2014-11-08 14:27:21 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe</p><p>2014-11-08 14:27:07 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH\ChromeSetup[1].exe</p><p>2014-11-08 14:27:03 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ND0KAR9G\ChromeSetup[1].exe</p><p>2014-11-08 12:59:49 A9C1B37DA1FDD74E6C9B91386211FADE 1107968 ----a-w- C:\Users\Ian\Desktop\Files\Anti Bullshit Things\FRST.exe</p><p>2014-11-08 12:56:46 BA4DEC5B5CDE662E0D66D37C6F8733AD 4130848 ----a-w- C:\Users\Ian\AppData\Local\NVIDIA\NvBackend\Packages\0000676c\DAO.19039144.exe</p><p>2014-11-08 07:17:02 189879824D01F9A0DD1D72259A120F50 833728 ----a-w- C:\Program Files\Common Files\Steam\SteamServiceTmp.exe</p><p>2014-11-08 07:16:35 8BDF3924BEDF0C68D0080FF0C32B129C 513216 ----a-w- C:\Program Files\Steam\steamerrorreporter.exe</p><p>2014-11-08 07:16:35 2C6B11FA286709450F0D87D872EFF236 565952 ----a-w- C:\Program Files\Steam\steamerrorreporter64.exe</p><p>2014-11-08 07:16:34 F1954C24D76C07B89B98393657B68C22 383168 ----a-w- C:\Program Files\Steam\GameOverlayUI.exe</p><p>2014-11-08 07:16:34 A4556B9A6DF8DBE724B6095B0BDEF628 2522304 ----a-w- C:\Program Files\Steam\streaming_client.exe</p><p>2014-11-08 07:16:33 AB474BE13C05E94BF42C224BB3CECC88 382656 ----a-w- C:\Program Files\Steam\bin\x86launcher.exe</p><p>2014-11-08 07:16:33 629643C7653DAE13563DCBDE6D03BD5A 1529536 ----a-w- C:\Program Files\Steam\bin\steamwebhelper.exe</p><p>2014-11-08 07:16:33 067297DC25D0AFD141EE3E401FD2D454 391872 ----a-w- C:\Program Files\Steam\bin\x64launcher.exe</p><p>2014-11-08 07:16:25 EE57DFA8CDE83118E8745BE09D5E8259 284456 ----a-w- C:\Program Files\Steam\WriteMiniDump.exe</p><p>2014-11-08 07:16:20 C34F746ACB2A8C69817AE58AA1DF5D30 238840 ----a-w- C:\Program Files\Steam\steam\games\appid_17300.exe</p><p>2014-11-08 07:16:20 B6AE77037F06336CF5046603E715D39F 226552 ----a-w- C:\Program Files\Steam\steam\games\appid_17340.exe</p><p>2014-11-08 07:16:20 A23357A49B79CBF46E15F367FBC2028E 500984 ----a-w- C:\Program Files\Steam\steam\games\appid_17330.exe</p><p>2014-11-08 07:16:20 9F54C8A9C92C42165575C1428862AF2B 2364920 ----a-w- C:\Program Files\Steam\steam\games\appid_6520.exe</p><p>2014-11-08 07:16:20 9F54C8A9C92C42165575C1428862AF2B 2364920 ----a-w- C:\Program Files\Steam\steam\games\appid_6510.exe</p><p>2014-11-08 07:16:19 E52C1B99FB8622F6F79144F84EA1382D 193784 ----a-w- C:\Program Files\Steam\steam\games\appid_10560.exe</p><p>2014-11-08 07:16:19 9F0ACFF4C39190F3F84CF87FE4C34085 193784 ----a-w- C:\Program Files\Steam\steam\games\appid_10540.exe</p><p>2014-11-08 05:39:10 BA4DEC5B5CDE662E0D66D37C6F8733AD 4130848 ----a-w- C:\Users\Marc\AppData\Local\NVIDIA\NvBackend\Packages\0000676c\DAO.19039144.exe</p><p>2014-11-05 00:34:05 5AA60EF37E7E15B2C8AA4570D73827AD 426960 ----a-w- C:\Users\Marc\AppData\Local\NVIDIA\NvBackend\Packages\0000672b\CoProc update.19024411.exe</p><p>2014-11-04 02:06:01 5AA60EF37E7E15B2C8AA4570D73827AD 426960 ----a-w- C:\Users\Ian\AppData\Local\NVIDIA\NvBackend\Packages\0000672b\CoProc update.19024411.exe</p><p>=== C: other files ==</p><p>2014-11-05 10:37:29 833051C6C6C42117191935F734CFBD97 26176 ---ha-w- C:\Windows\System32\hamachi.sys</p><p>2014-11-04 03:36:33 90A882134B3895A00C95FC028E24176F 595 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Hair.rar.zip</p><p>2014-11-04 03:36:32 585278F7688CA8AF3BC1C26C6E9D1DBF 607 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Female Face Textures.rar.zip</p><p>2014-11-04 03:36:31 85138B6F87BB0B27026EC0F3425ED74D 610 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Female Face Textures Fix.rar.zip</p><p>2014-11-04 03:36:04 B7BEB7473DA34286A298D42AE2B5445A 599 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\Cazy Conversions.7z.zip</p><p></p><p>==== Startup Registry Enabled ======================</p><p></p><p>[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"</p><p></p><p>[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"</p><p></p><p>[HKEY_USERS\S-1-5-21-3455295321-2722733427-4229038928-1000\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch"</p><p>"FlashGet 3"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize"</p><p>"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"</p><p>"Spotify"="C:\Users\Ian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"</p><p>"Spotify Web Helper"="C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</p><p></p><p>[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"mctadmin"="C:\Windows\System32\mctadmin.exe"</p><p></p><p>[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"mctadmin"="C:\Windows\System32\mctadmin.exe"</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"</p><p>"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart"</p><p>"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"</p><p>"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"</p><p>"LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"</p><p></p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch"</p><p>"FlashGet 3"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize"</p><p>"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun"</p><p>"Spotify"="C:\Users\Ian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"</p><p>"Spotify Web Helper"="C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"</p><p></p><p>==== Task Scheduler Jobs ======================</p><p></p><p>C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/13/2014 06:05 AM]</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/08/2014 10:27 PM]</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/08/2014 10:27 PM]</p><p></p><p>==== Other Scheduled Tasks ======================</p><p></p><p>"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]</p><p>"C:\Windows\system32\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]</p><p>"C:\Windows\system32\tasks\gg_uac_daemon_Ian" [C:\Program Files\Garena Plus\ggdllhost.exe]</p><p>"C:\Windows\system32\tasks\gg_uac_daemon_Marc" [C:\Program Files\Garena Plus\ggdllhost.exe]</p><p>"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]</p><p></p><p>==== Fake Chromium Profiles Check ======================</p><p></p><p>Fake profile C:\Users\Administrator\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted</p><p>Fake profile C:\Users\Ian\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Ian\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Marc\AppData\Local\Torch deleted</p><p>Fake profile C:\Users\Marc\AppData\Local\Google\Chrome SxS deleted</p><p>Fake profile C:\Users\Marc\AppData\Local\Comodo\Dragon deleted</p><p>Fake profile C:\Users\Marc\AppData\Local\Chromatic Browser deleted</p><p></p><p>==== Chromium Look ======================</p><p></p><p>Google Slides - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek</p><p>Assassin's Creed IV Black Flag - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance</p><p>Google Docs - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake</p><p>Google Drive - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf</p><p>Google Voice Search Hotword (Beta) - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>YouTube - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo</p><p>Google Search - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf</p><p>Google Sheets - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap</p><p>Google Wallet - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda</p><p>Gmail - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia</p><p>Google Voice Search Hotword (Beta) - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>GoSSaVe - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl</p><p>Google Wallet - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downloadmytoolbar.com_0.localstorage deleted successfully</p><p>C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ourworldcom.ourtoolbar.com_0.localstorage deleted successfully</p><p>C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.savemygame.fr_0.localstorage" target="_blank">www.savemygame.fr_0.localstorage</a> deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl deleted successfully</p><p>C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH will be deleted at reboot</p><p>C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWSXFQA2 will be deleted at reboot</p><p>C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>No FireFox Profiles found</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p>C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=43 folders=27 80069389 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Ian\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Marc\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\Ian\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH" not found</p><p>"C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWSXFQA2" not found</p><p></p><p>==== EOF on Mon 11/10/2014 at 21:26:13.42 ======================</p></blockquote><p></p>
[QUOTE="Shadowth, post: 296254, member: 30405"] Sorry but I can't upload the file there's always an error when I try to upload the file like this "The uploaded file is empty" anyways here's the results: Zoek.exe v5.0.0.0 Updated 10-November-2014 Tool run by Ian on Mon 11/10/2014 at 20:54:06.40. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ian\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-11-10-103115.log 1452 bytes ==== System Restore Info ====================== 11/10/2014 9:06:53 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ian\AppData\Local\Temp ==== 2014-11-10 11:40:24 C5C698758BD9DA02CC2EF94DCF1B4637 2705744 ----a-w- C:\Users\Ian\AppData\Local\Temp\{1CBB4E8E-17BE-482A-AB40-5C230BBE15A2}\{CED8E25B-122A-4E80-B612-7F99B93284B3}\vcredist_x86.exe 2014-11-09 08:32:22 325B008AEC81E5AAA57096F05D4212B5 14848 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\InstallOptions.dll 2014-11-09 08:32:18 9384F4007C492D4FA040924F31C00166 5632 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\LangDLL.dll 2014-11-09 08:32:18 459E02E5FC18761C2CB80A5ED4CF80D0 1367040 ----a-w- C:\Users\Marc\AppData\Local\Temp\nscFF2B.tmp\gginst.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-11-10 12:07:18 174A41684ABDF725D29ABF13F90BD65C 234648 ------w- C:\Windows\System32\ravext.dll 2014-11-05 10:37:29 833051C6C6C42117191935F734CFBD97 26176 ---ha-w- C:\Windows\System32\hamachi.sys 2014-11-02 04:14:19 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll 2014-10-30 01:38:13 B9F9FD6188CC732F19DB69CAE5CC597C 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-10-30 01:38:03 3594C0ABBFFE10B3CF95714B8B3C89A4 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-10-30 01:38:03 279C281689A48D1CAF37338CAB312C06 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-10-30 01:38:03 095826BCBBFA5C09C72463A82612B23C 175528 ----a-w- C:\Windows\System32\java.exe ====== C:\Windows\system32\drivers ===== 2014-11-02 06:11:59 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-11-02 06:11:27 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-02 06:11:27 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-11-02 06:11:27 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys ====== C:\Windows\Tasks ====== 2014-11-05 10:38:51 C12B7037B39BCCEB04B3D2D9F3E31D20 3758 ----a-w- C:\Windows\system32\Tasks\AutoKMS ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-30 01:38:29 -------- d-----w- C:\Program Files\Common Files\Java 2014-10-30 01:37:47 -------- d-----w- C:\Program Files\Java 2014-10-25 17:06:31 -------- d-----w- C:\Program Files\EA Games 2014-10-17 00:35:58 -------- d-----w- C:\Program Files\Common Files\INCA Shared 2014-10-16 23:59:32 -------- d-----w- C:\Program Files\SEGA ======= C: ===== ====== C:\Users\Ian\AppData\Roaming ====== 2014-11-03 03:32:49 -------- d-----w- C:\Users\Marc\AppData\Local\Garena 2014-11-02 23:43:57 -------- d-----w- C:\Users\Marc\AppData\Roaming\Spotify 2014-11-02 23:43:57 -------- d-----w- C:\Users\Marc\AppData\Local\Spotify 2014-10-30 06:17:42 -------- d-----w- C:\Users\Ian\AppData\Local\Spotify 2014-10-30 06:07:50 -------- d-----w- C:\Users\Ian\AppData\Roaming\Spotify 2014-10-30 04:58:56 -------- d-----w- C:\Users\Ian\AppData\Local\Vitalwerks 2014-10-30 01:07:01 31C28B66A7F4B609C2C9053FD23031DA 45270 ----a-w- C:\Users\Ian\AppData\Roaming\room_v3.dat 2014-10-30 00:02:38 -------- d-----w- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-10-26 22:48:35 9C9B7C29068C1C915B28B9237976A190 45270 ----a-w- C:\Users\Marc\AppData\Roaming\room_v3.dat 2014-10-25 16:14:15 -------- d-----w- C:\Users\Marc\AppData\Roaming\2K Sports ====== C:\Users\Ian ====== 2014-11-10 11:49:57 9E437E301CF7F9118E077892E4803DA0 39389008 ----a-w- C:\Users\Ian\Downloads\ravintfree11.exe 2014-11-10 11:41:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-11-08 14:29:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-02 05:50:23 -------- d-----w- C:\ProgramData\HitmanPro 2014-10-30 01:38:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-16 23:44:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online 2 2014-10-14 23:55:01 -------- d-----w- C:\ProgramData\Microsoft Toolkit ====== C: exe-files == 2014-11-10 11:49:57 9E437E301CF7F9118E077892E4803DA0 39389008 ----a-w- C:\Users\Ian\Downloads\ravintfree11.exe 2014-11-10 11:41:07 231FC322BA13F0B60073A4EAB8ABC42F 840576 ----a-w- C:\Program Files\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe 2014-11-10 11:40:24 C5C698758BD9DA02CC2EF94DCF1B4637 2705744 ----a-w- C:\Users\Ian\AppData\Local\Temp\{1CBB4E8E-17BE-482A-AB40-5C230BBE15A2}\{CED8E25B-122A-4E80-B612-7F99B93284B3}\vcredist_x86.exe 2014-11-08 14:29:29 859FC9E24C1F51D74B8A4C90E7FA646F 41100368 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.111\38.0.2125.111_chrome_installer.exe 2014-11-08 14:27:23 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateBroker.exe 2014-11-08 14:27:23 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\GoogleUpdate.exe 2014-11-08 14:27:23 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe 2014-11-08 14:27:23 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateSetup.exe 2014-11-08 14:27:21 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe 2014-11-08 14:27:21 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdate.exe 2014-11-08 14:27:21 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe 2014-11-08 14:27:21 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler64.exe 2014-11-08 14:27:07 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH\ChromeSetup[1].exe 2014-11-08 14:27:03 307946BA83BA0E8989732386BA63E0E0 880272 ----a-w- C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ND0KAR9G\ChromeSetup[1].exe 2014-11-08 12:59:49 A9C1B37DA1FDD74E6C9B91386211FADE 1107968 ----a-w- C:\Users\Ian\Desktop\Files\Anti Bullshit Things\FRST.exe 2014-11-08 12:56:46 BA4DEC5B5CDE662E0D66D37C6F8733AD 4130848 ----a-w- C:\Users\Ian\AppData\Local\NVIDIA\NvBackend\Packages\0000676c\DAO.19039144.exe 2014-11-08 07:17:02 189879824D01F9A0DD1D72259A120F50 833728 ----a-w- C:\Program Files\Common Files\Steam\SteamServiceTmp.exe 2014-11-08 07:16:35 8BDF3924BEDF0C68D0080FF0C32B129C 513216 ----a-w- C:\Program Files\Steam\steamerrorreporter.exe 2014-11-08 07:16:35 2C6B11FA286709450F0D87D872EFF236 565952 ----a-w- C:\Program Files\Steam\steamerrorreporter64.exe 2014-11-08 07:16:34 F1954C24D76C07B89B98393657B68C22 383168 ----a-w- C:\Program Files\Steam\GameOverlayUI.exe 2014-11-08 07:16:34 A4556B9A6DF8DBE724B6095B0BDEF628 2522304 ----a-w- C:\Program Files\Steam\streaming_client.exe 2014-11-08 07:16:33 AB474BE13C05E94BF42C224BB3CECC88 382656 ----a-w- C:\Program Files\Steam\bin\x86launcher.exe 2014-11-08 07:16:33 629643C7653DAE13563DCBDE6D03BD5A 1529536 ----a-w- C:\Program Files\Steam\bin\steamwebhelper.exe 2014-11-08 07:16:33 067297DC25D0AFD141EE3E401FD2D454 391872 ----a-w- C:\Program Files\Steam\bin\x64launcher.exe 2014-11-08 07:16:25 EE57DFA8CDE83118E8745BE09D5E8259 284456 ----a-w- C:\Program Files\Steam\WriteMiniDump.exe 2014-11-08 07:16:20 C34F746ACB2A8C69817AE58AA1DF5D30 238840 ----a-w- C:\Program Files\Steam\steam\games\appid_17300.exe 2014-11-08 07:16:20 B6AE77037F06336CF5046603E715D39F 226552 ----a-w- C:\Program Files\Steam\steam\games\appid_17340.exe 2014-11-08 07:16:20 A23357A49B79CBF46E15F367FBC2028E 500984 ----a-w- C:\Program Files\Steam\steam\games\appid_17330.exe 2014-11-08 07:16:20 9F54C8A9C92C42165575C1428862AF2B 2364920 ----a-w- C:\Program Files\Steam\steam\games\appid_6520.exe 2014-11-08 07:16:20 9F54C8A9C92C42165575C1428862AF2B 2364920 ----a-w- C:\Program Files\Steam\steam\games\appid_6510.exe 2014-11-08 07:16:19 E52C1B99FB8622F6F79144F84EA1382D 193784 ----a-w- C:\Program Files\Steam\steam\games\appid_10560.exe 2014-11-08 07:16:19 9F0ACFF4C39190F3F84CF87FE4C34085 193784 ----a-w- C:\Program Files\Steam\steam\games\appid_10540.exe 2014-11-08 05:39:10 BA4DEC5B5CDE662E0D66D37C6F8733AD 4130848 ----a-w- C:\Users\Marc\AppData\Local\NVIDIA\NvBackend\Packages\0000676c\DAO.19039144.exe 2014-11-05 00:34:05 5AA60EF37E7E15B2C8AA4570D73827AD 426960 ----a-w- C:\Users\Marc\AppData\Local\NVIDIA\NvBackend\Packages\0000672b\CoProc update.19024411.exe 2014-11-04 02:06:01 5AA60EF37E7E15B2C8AA4570D73827AD 426960 ----a-w- C:\Users\Ian\AppData\Local\NVIDIA\NvBackend\Packages\0000672b\CoProc update.19024411.exe === C: other files == 2014-11-05 10:37:29 833051C6C6C42117191935F734CFBD97 26176 ---ha-w- C:\Windows\System32\hamachi.sys 2014-11-04 03:36:33 90A882134B3895A00C95FC028E24176F 595 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Hair.rar.zip 2014-11-04 03:36:32 585278F7688CA8AF3BC1C26C6E9D1DBF 607 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Female Face Textures.rar.zip 2014-11-04 03:36:31 85138B6F87BB0B27026EC0F3425ED74D 610 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\DK Female Face Textures Fix.rar.zip 2014-11-04 03:36:04 B7BEB7473DA34286A298D42AE2B5445A 599 ----a-w- C:\Games\Nexus Mod Manager\FalloutNV\Mods\cache\Cazy Conversions.7z.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3455295321-2722733427-4229038928-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch" "FlashGet 3"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify"="C:\Users\Ian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "LogMeIn Hamachi Ui"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GarenaPlus"="C:\Program Files\Garena Plus\GarenaMessenger.exe -autolaunch" "FlashGet 3"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe -minimize" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify"="C:\Users\Ian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Ian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/13/2014 06:05 AM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/08/2014 10:27 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [11/08/2014 10:27 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\system32\tasks\gg_uac_daemon_Ian" [C:\Program Files\Garena Plus\ggdllhost.exe] "C:\Windows\system32\tasks\gg_uac_daemon_Marc" [C:\Program Files\Garena Plus\ggdllhost.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Guest\AppData\Local\Torch deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Ian\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Ian\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Marc\AppData\Local\Torch deleted Fake profile C:\Users\Marc\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Marc\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Marc\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Slides - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Assassin's Creed IV Black Flag - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance Google Docs - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Voice Search Hotword (Beta) - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn GoSSaVe - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl Google Wallet - Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_downloadmytoolbar.com_0.localstorage deleted successfully C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ourworldcom.ourtoolbar.com_0.localstorage deleted successfully C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.savemygame.fr_0.localstorage"]www.savemygame.fr_0.localstorage[/url] deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl deleted successfully C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfmgnidfcielcecnadbjnilidbgecl deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" ==== Empty IE Cache ====================== C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH will be deleted at reboot C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWSXFQA2 will be deleted at reboot C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=43 folders=27 80069389 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ian\AppData\Local\Temp will be emptied at reboot C:\Users\Marc\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ian\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NDGPHJTH" not found "C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SWSXFQA2" not found ==== EOF on Mon 11/10/2014 at 21:26:13.42 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top