Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
I need help removing TrojanClicker and maybe other related malware
Message
<blockquote data-quote="starmusic" data-source="post: 297686" data-attributes="member: 30498"><p>Here is the zoek-results. Thanks:</p><p></p><p>Zoek.exe v5.0.0.0 Updated 11-November-2014</p><p>Tool run by Brian Hays on Tue 11/11/2014 at 23:14:30.71.</p><p>Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Brian Hays\Downloads\zoek.exe [Scan all users] [Script inserted]</p><p>==== System Restore Info ======================</p><p>11/11/2014 11:15:17 PM Zoek.exe System Restore Point Created Succesfully.</p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>==== Deleting Services ======================</p><p></p><p>==== Deleting Files \ Folders ======================</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted</p><p>C:\abacuslaw2013.exe deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\windows\SysNative\tasks\WinZip Job-WorkBackup deleted</p><p>C:\Windows\tasks\WinZip Job-WorkBackup.job deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\windows\SysNative\GroupPolicy\Machine deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\windows\SysNative\GroupPolicy\gpt.ini deleted</p><p>"C:\Users\Brian Hays\AppData\Roaming\????" not deleted</p><p>"C:\Users\Brian Hays\AppData\Roaming\Help" deleted</p><p>"C:\Users\Brian Hays\AppData\Roaming\webex" deleted</p><p>==== Files Recently Created / Modified ======================</p><p>====== C:\Windows ====</p><p>====== C:\Users\BRIANH~1\AppData\Local\Temp ====</p><p>====== Java Cache =====</p><p>====== C:\Windows\SysWOW64 =====</p><p>====== C:\Windows\SysWOW64\drivers =====</p><p>====== C:\Windows\Sysnative =====</p><p>====== C:\Windows\Sysnative\drivers =====</p><p>2014-11-09 07:20:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys</p><p>2014-11-09 07:19:45 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys</p><p>2014-11-09 07:19:45 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys</p><p>2014-11-09 07:19:45 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys</p><p>2014-10-15 03:57:38 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys</p><p>2014-10-15 03:57:38 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys</p><p>====== C:\Windows\Tasks ======</p><p>2014-11-06 19:55:27 8F94877C4EF34E2232E455D4B4CC9B6C 3858 ----a-w- C:\Windows\Sysnative\Tasks\{F4AD976A-66F4-D4E7-AEBF-3A4AF39440D5}</p><p>====== C:\Windows\Temp ======</p><p>======= C:\Program Files =====</p><p>======= C:\PROGRA~2 =====</p><p>2014-10-18 17:38:36 -------- d-----w- C:\PROGRA~2\Hewlett-Packard</p><p>======= C: =====</p><p>2014-11-09 09:23:31 F669A9BF8C17C190FAB2E034D9BCF4A8 2580945 ----a-w- C:\My RoboForm Data.zip</p><p>2014-10-16 18:26:00 627B0245E004197E03F71F5C93543E3D 42 ----a-w- C:\bh.ini</p><p>2014-10-16 18:26:00 00914039B2C4F0D5411BB2B88E783F3C 42 ----a-w- C:\bh.BAK</p><p>====== C:\Users\Brian Hays\AppData\Roaming ======</p><p>2014-11-11 19:12:54 -------- d-----w- C:\Users\Brian Hays\AppData\Roaming\Mozilla</p><p>2014-10-18 17:38:40 -------- d-----w- C:\Users\Brian Hays\AppData\Local\Hewlett-Packard</p><p>====== C:\Users\Brian Hays ======</p><p>2014-11-10 16:36:28 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Brian Hays\Downloads\mbar-1.08.0.1001.exe</p><p>2014-11-10 08:28:54 78BDCC72BEE314FA1715E2D7617757B3 2116096 ----a-w- C:\Users\Brian Hays\Desktop\FRST64.exe</p><p>2014-11-10 00:26:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AI RoboForm</p><p>2014-11-09 20:23:00 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Brian Hays\Downloads\adwcleaner_4.101.exe</p><p>2014-11-09 07:18:38 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Brian Hays\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-11-09 03:39:58 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Brian Hays\Desktop\JRT_NEW.exe</p><p>====== C: exe-files ==</p><p>2014-11-11 09:05:07 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateBroker.exe</p><p>2014-11-11 09:05:07 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe</p><p>2014-11-11 09:05:07 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateSetup.exe</p><p>2014-11-11 09:04:59 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe</p><p>2014-11-11 09:04:59 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe</p><p>2014-11-11 09:04:59 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe</p><p>2014-11-11 09:04:55 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdate.exe</p><p>2014-11-11 09:04:53 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Brian Hays\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe</p><p>2014-11-10 16:38:06 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Brian Hays\Desktop\mbar\mbamdor.exe</p><p>2014-11-10 16:38:06 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Brian Hays\Desktop\mbar\mbar.exe</p><p>2014-11-10 16:38:03 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Brian Hays\Desktop\mbar\Plugins\fixdamage.exe</p><p>2014-11-10 16:36:28 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Brian Hays\Downloads\mbar-1.08.0.1001.exe</p><p>2014-11-10 08:28:54 78BDCC72BEE314FA1715E2D7617757B3 2116096 ----a-w- C:\Users\Brian Hays\Desktop\FRST64.exe</p><p>2014-11-09 20:23:00 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Brian Hays\Downloads\adwcleaner_4.101.exe</p><p>2014-11-09 07:18:38 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Brian Hays\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-11-09 03:39:58 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Brian Hays\Desktop\JRT_NEW.exe</p><p>2014-11-08 16:01:03 037B1E7798960E0420003D05BB577EE6 33280 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\rundll32.exe</p><p>2014-11-08 16:01:02 0BDAE865738D27A4D84D50591C8C9D2D 860488 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\Lymduyelvzw.exe</p><p>2014-11-08 16:01:01 30A9BA6BDB2927E3E222629880BF03DE 1912136 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\delegate_execute.exe</p><p>2014-11-08 16:01:01 007E8B07E512FDA381C0BED5CF8BA6E6 1936712 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\nacl64.exe</p><p>2014-11-06 19:02:50 500CC0E1FFC86DF9E32A46D584E21280 8617472 ----a-w- C:\lw23\Programs\lawwin.exe</p><p>=== C: other files ==</p><p>2014-11-09 09:23:31 F669A9BF8C17C190FAB2E034D9BCF4A8 2580945 ----a-w- C:\My RoboForm Data.zip</p><p>2014-11-09 07:20:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys</p><p>2014-11-09 07:19:45 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys</p><p>2014-11-09 07:19:45 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys</p><p>2014-11-09 07:19:45 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys</p><p>2014-11-08 16:01:01 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\youtube.crx</p><p>2014-11-08 16:01:01 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\search.crx</p><p>2014-11-08 16:01:01 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\drive.crx</p><p>2014-11-08 16:01:01 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\gmail.crx</p><p>2014-11-08 16:01:01 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\docs.crx</p><p>==== Startup Registry Enabled ======================</p><p>[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"</p><p>[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"</p><p>[HKEY_USERS\S-1-5-21-1315959649-3742310553-3276613495-1000\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"</p><p>"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"</p><p>"com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"</p><p>"Google Update"="C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe /c"</p><p>"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"</p><p>"AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"</p><p>"Amazon Music"="C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe"</p><p>"Codejock Update"="C:\Program Files (x86)\Codejock Software\ActiveX\Xtreme SuitePro ActiveX v16.3.1\CodejockAlert.exe /AutoRun"</p><p>"GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe /Trigger RunAtLogon"</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"Application Restart #0"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:A16E240E-E348-4200-8BE2-579D61CFBB5B"</p><p>"Application Restart #2"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:B38FDDF6-6046-4b04-BABC-C58D64ECE1D7"</p><p>[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"mctadmin"="C:\Windows\System32\mctadmin.exe"</p><p>[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"mctadmin"="C:\Windows\System32\mctadmin.exe"</p><p>[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]</p><p>"Application Restart #0"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:A16E240E-E348-4200-8BE2-579D61CFBB5B"</p><p>"Application Restart #2"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:B38FDDF6-6046-4b04-BABC-C58D64ECE1D7"</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"</p><p>"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"</p><p>"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</p><p>"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler"</p><p>"DNS7reminder"="C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe -r C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"</p><p>"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"</p><p>"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</p><p>"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"</p><p>"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"</p><p>"com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe"</p><p>"Google Update"="C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe /c"</p><p>"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"</p><p>"AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"</p><p>"Amazon Music"="C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe"</p><p>"Codejock Update"="C:\Program Files (x86)\Codejock Software\ActiveX\Xtreme SuitePro ActiveX v16.3.1\CodejockAlert.exe /AutoRun"</p><p>"GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe /Trigger RunAtLogon"</p><p>==== Startup Registry Enabled x64 ======================</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"</p><p>"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"</p><p>"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"</p><p>==== Task Scheduler Jobs ======================</p><p>C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 05:46 AM]</p><p>C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1315959649-3742310553-3276613495-1000.job --a------ C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [10/29/2014 01:07 PM]</p><p>C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000Core.job --a------ C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe [05/29/2013 09:07 AM]</p><p>C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000UA.job --a------ C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe [05/29/2013 09:07 AM]</p><p>==== Other Scheduled Tasks ======================</p><p>"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]</p><p>"C:\Windows\SysNative\tasks\Amazon Music Helper" [C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe]</p><p>"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1315959649-3742310553-3276613495-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000Core" [C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000UA" [C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\{F4AD976A-66F4-D4E7-AEBF-3A4AF39440D5}" [C:\Windows\system32\regsvr32.exe]</p><p>"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]</p><p>==== Firefox Extensions Registry ======================</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="http://my.refdesk.com/" target="_blank">http://my.refdesk.com/</a>"</p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://my.refdesk.com/" target="_blank">http://my.refdesk.com/</a>"</p><p>==== All HKCU SearchScopes ======================</p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms" target="_blank">http://www.google.com/search?q={searchTerms</a>}"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02</a>"</p><p>{DDD3917F-AA2F-4A0F-AF36-0FE51B3B35AC} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding</a>?}"</p><p>==== Empty IE Cache ======================</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ6VPJWU will be deleted at reboot</p><p>C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3NTTSUB will be deleted at reboot</p><p>C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB39285H will be deleted at reboot</p><p>C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRBFRXII will be deleted at reboot</p><p>==== Empty FireFox Cache ======================</p><p>No FireFox Profiles found</p><p>==== Empty Chrome Cache ======================</p><p>C:\Users\Brian Hays\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p>==== Empty All Flash Cache ======================</p><p>Flash Cache Emptied Successfully</p><p>==== Empty All Java Cache ======================</p><p>No Java Cache Found</p><p>==== C:\zoek_backup content ======================</p><p>C:\zoek_backup (files=20 folders=20 66165361 bytes)</p><p>==== Empty Temp Folders ======================</p><p>C:\Users\Brian Hays\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Hays\AppData\Local\Temp emptied successfully</p><p>C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p>==== After Reboot ======================</p><p>==== Empty Temp Folders ======================</p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\BRIANH~1\AppData\Local\Temp successfully emptied</p><p>==== Empty Recycle Bin ======================</p><p>C:\$RECYCLE.BIN successfully emptied</p><p>==== Deleting Files / Folders ======================</p><p>"C:\Users\Brian Hays\AppData\Roaming\????" not deleted</p><p>"C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ6VPJWU" not found</p><p>"C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3NTTSUB" not found</p><p>"C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB39285H" not found</p><p>"C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRBFRXII" not found</p><p>==== EOF on Tue 11/11/2014 at 23:29:21.52 ======================</p></blockquote><p></p>
[QUOTE="starmusic, post: 297686, member: 30498"] Here is the zoek-results. Thanks: Zoek.exe v5.0.0.0 Updated 11-November-2014 Tool run by Brian Hays on Tue 11/11/2014 at 23:14:30.71. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Brian Hays\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/11/2014 11:15:17 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted C:\abacuslaw2013.exe deleted C:\PROGRA~3\Package Cache deleted C:\windows\SysNative\tasks\WinZip Job-WorkBackup deleted C:\Windows\tasks\WinZip Job-WorkBackup.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted "C:\Users\Brian Hays\AppData\Roaming\????" not deleted "C:\Users\Brian Hays\AppData\Roaming\Help" deleted "C:\Users\Brian Hays\AppData\Roaming\webex" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BRIANH~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-11-09 07:20:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-11-09 07:19:45 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-11-09 07:19:45 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-11-09 07:19:45 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-10-15 03:57:38 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 03:57:38 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== 2014-11-06 19:55:27 8F94877C4EF34E2232E455D4B4CC9B6C 3858 ----a-w- C:\Windows\Sysnative\Tasks\{F4AD976A-66F4-D4E7-AEBF-3A4AF39440D5} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-10-18 17:38:36 -------- d-----w- C:\PROGRA~2\Hewlett-Packard ======= C: ===== 2014-11-09 09:23:31 F669A9BF8C17C190FAB2E034D9BCF4A8 2580945 ----a-w- C:\My RoboForm Data.zip 2014-10-16 18:26:00 627B0245E004197E03F71F5C93543E3D 42 ----a-w- C:\bh.ini 2014-10-16 18:26:00 00914039B2C4F0D5411BB2B88E783F3C 42 ----a-w- C:\bh.BAK ====== C:\Users\Brian Hays\AppData\Roaming ====== 2014-11-11 19:12:54 -------- d-----w- C:\Users\Brian Hays\AppData\Roaming\Mozilla 2014-10-18 17:38:40 -------- d-----w- C:\Users\Brian Hays\AppData\Local\Hewlett-Packard ====== C:\Users\Brian Hays ====== 2014-11-10 16:36:28 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Brian Hays\Downloads\mbar-1.08.0.1001.exe 2014-11-10 08:28:54 78BDCC72BEE314FA1715E2D7617757B3 2116096 ----a-w- C:\Users\Brian Hays\Desktop\FRST64.exe 2014-11-10 00:26:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AI RoboForm 2014-11-09 20:23:00 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Brian Hays\Downloads\adwcleaner_4.101.exe 2014-11-09 07:18:38 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Brian Hays\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-09 03:39:58 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Brian Hays\Desktop\JRT_NEW.exe ====== C: exe-files == 2014-11-11 09:05:07 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateBroker.exe 2014-11-11 09:05:07 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe 2014-11-11 09:05:07 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateSetup.exe 2014-11-11 09:04:59 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe 2014-11-11 09:04:59 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe 2014-11-11 09:04:59 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe 2014-11-11 09:04:55 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Brian Hays\AppData\Local\Google\Update\1.3.25.5\GoogleUpdate.exe 2014-11-11 09:04:53 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Brian Hays\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe 2014-11-10 16:38:06 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Brian Hays\Desktop\mbar\mbamdor.exe 2014-11-10 16:38:06 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Brian Hays\Desktop\mbar\mbar.exe 2014-11-10 16:38:03 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Brian Hays\Desktop\mbar\Plugins\fixdamage.exe 2014-11-10 16:36:28 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Brian Hays\Downloads\mbar-1.08.0.1001.exe 2014-11-10 08:28:54 78BDCC72BEE314FA1715E2D7617757B3 2116096 ----a-w- C:\Users\Brian Hays\Desktop\FRST64.exe 2014-11-09 20:23:00 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Brian Hays\Downloads\adwcleaner_4.101.exe 2014-11-09 07:18:38 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Brian Hays\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-09 03:39:58 EA11B5C84321B89C4CE7C5EED3602C2A 1706808 ----a-w- C:\Users\Brian Hays\Desktop\JRT_NEW.exe 2014-11-08 16:01:03 037B1E7798960E0420003D05BB577EE6 33280 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\rundll32.exe 2014-11-08 16:01:02 0BDAE865738D27A4D84D50591C8C9D2D 860488 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\Lymduyelvzw.exe 2014-11-08 16:01:01 30A9BA6BDB2927E3E222629880BF03DE 1912136 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\delegate_execute.exe 2014-11-08 16:01:01 007E8B07E512FDA381C0BED5CF8BA6E6 1936712 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\nacl64.exe 2014-11-06 19:02:50 500CC0E1FFC86DF9E32A46D584E21280 8617472 ----a-w- C:\lw23\Programs\lawwin.exe === C: other files == 2014-11-09 09:23:31 F669A9BF8C17C190FAB2E034D9BCF4A8 2580945 ----a-w- C:\My RoboForm Data.zip 2014-11-09 07:20:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-11-09 07:19:45 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-11-09 07:19:45 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-11-09 07:19:45 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-08 16:01:01 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\youtube.crx 2014-11-08 16:01:01 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\search.crx 2014-11-08 16:01:01 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\drive.crx 2014-11-08 16:01:01 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\gmail.crx 2014-11-08 16:01:01 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Users\Brian Hays\AppData\LocalLow\EmieUserList\yzfdkpfyryl\Tzdobur\36.0.1985.143\default_apps\docs.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1315959649-3742310553-3276613495-1000\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" "Google Update"="C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe /c" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "Amazon Music"="C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe" "Codejock Update"="C:\Program Files (x86)\Codejock Software\ActiveX\Xtreme SuitePro ActiveX v16.3.1\CodejockAlert.exe /AutoRun" "GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe /Trigger RunAtLogon" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:A16E240E-E348-4200-8BE2-579D61CFBB5B" "Application Restart #2"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:B38FDDF6-6046-4b04-BABC-C58D64ECE1D7" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:A16E240E-E348-4200-8BE2-579D61CFBB5B" "Application Restart #2"="C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:B38FDDF6-6046-4b04-BABC-C58D64ECE1D7" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler" "DNS7reminder"="C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe -r C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "com.apple.dav.bookmarks.daemon"="C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" "Google Update"="C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe /c" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" "Amazon Music"="C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe" "Codejock Update"="C:\Program Files (x86)\Codejock Software\ActiveX\Xtreme SuitePro ActiveX v16.3.1\CodejockAlert.exe /AutoRun" "GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe /Trigger RunAtLogon" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 05:46 AM] C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1315959649-3742310553-3276613495-1000.job --a------ C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [10/29/2014 01:07 PM] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000Core.job --a------ C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe [05/29/2013 09:07 AM] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000UA.job --a------ C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe [05/29/2013 09:07 AM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Amazon Music Helper" [C:\Users\Brian Hays\AppData\Local\Amazon Music\Amazon Music Helper.exe] "C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1315959649-3742310553-3276613495-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000Core" [C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1315959649-3742310553-3276613495-1000UA" [C:\Users\Brian Hays\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\{F4AD976A-66F4-D4E7-AEBF-3A4AF39440D5}" [C:\Windows\system32\regsvr32.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[url]http://my.refdesk.com/[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://my.refdesk.com/[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms[/url]}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02[/url]" {DDD3917F-AA2F-4A0F-AF36-0FE51B3B35AC} Google Url="[url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding[/url]?}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ6VPJWU will be deleted at reboot C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3NTTSUB will be deleted at reboot C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB39285H will be deleted at reboot C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRBFRXII will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Brian Hays\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=20 folders=20 66165361 bytes) ==== Empty Temp Folders ====================== C:\Users\Brian Hays\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Hays\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BRIANH~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Brian Hays\AppData\Roaming\????" not deleted "C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQ6VPJWU" not found "C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3NTTSUB" not found "C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VB39285H" not found "C:\Users\Brian Hays\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRBFRXII" not found ==== EOF on Tue 11/11/2014 at 23:29:21.52 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top