Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Leon on za 08-08-2015 at 22:04:13,13. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Leon.LEONAALBURG1\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-06-213457.log 131884 bytes ==== Empty Folders Check ====================== C:\Users\Leon.LEONAALBURG1\AppData\Roaming\DAEMON Tools Pro deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Prey\wpxsvc.exe C:\Windows\Prey\current\bin\node.exe C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe C:\Windows\Prey\versions\1.4.1\node_modules\triggers\bin\lightevt.exe C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Leon.LEONAALBURG1\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Leon.LEONAALBURG1\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_08-08-2015_2223_.backup ProfilePath: C:\Users\LEON~1.LEO\AppData\Roaming\Mozilla\Firefox\Profiles\8wca9n4n.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_08-08-2015_2223_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "defsearchp@gmail.com"=- ==== Deleting Files \ Folders ====================== C:\Users\Leon.LEONAALBURG1\AppData\Roaming\Mozilla\Firefox\Profiles\8wca9n4n.default\extensions\defsearchp@gmail.com not found C:\Users\Leon.LEONAALBURG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn not found C:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8100 MB CPU Info: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz CPU Speed: 2326.1 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller CD / DVD Drives: 4x (E: | F: | G: | H: | ) E: HL-DT-STDVDRAM GT30N | F: | G: DTSOFT BDROM | H: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 349.3GB | D: 348.9GB Hard Disks - Free: C: 40.6GB | D: 337.3GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 10/04/11 | TOSCPL - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: TOSHIBA PWWHA Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 44.0.2403.130 Internet Explorer Version: 11.0.9600.17914 Mozilla Firefox version: 39.0.3 (x86 nl) Google Chrome version: 44.0.2403.130 Adobe Reader version: 15.8.20082.147029 Sun Java version: 1.8.0_51 (32-bit) Sun Java version: 1.8.0_51 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-07-12 07:53:20 42DB3FC4A59F71A5D8FE86C7354F69D3 668389110 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\LEON~1.LEO\AppData\Local\Temp ==== 2015-08-08 19:50:01 BCA0388139FF5F60970FB96E56BC00EB 71168 ----a-w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4xgebj.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-07-28 16:08:11 EB59F8712DC56764D88EB495AD5938B3 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-07-28 16:08:11 DA2054C50EB38C91322D4EEBCE408C5C 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-07-28 16:08:11 9AFFAF544BA8FBA1ABFCCC07F6AB85B8 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-07-28 16:08:11 3CDA55D83D5C9EA09DE82C6E5233C65B 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-07-28 16:08:11 3A87269A74F067EB566813619B4F0CC3 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-07-28 16:08:10 0AC0A45552B403020780DC74FB3BAC95 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-07-28 16:08:09 BE03A1A1B4DEEFDE3E58834F7584C31F 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-07-28 16:08:09 81E937F890B2F1A410547D6EB6A79572 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-15 11:04:07 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-15 11:04:06 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-07-15 11:04:06 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-15 11:04:06 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-15 11:04:05 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2015-07-30 14:51:53 29E8BAC76B4A35314E1F15CE1A08641F 3106 ----a-w- C:\Windows\Sysnative\Tasks\{D1E5B96F-262B-4935-8DBE-50CCC3451566} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-08-08 20:05:15 -------- d-----w- C:\PROGRA~2\Unchecky 2015-08-06 20:52:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-07-30 11:21:44 -------- d-----w- C:\PROGRA~2\GUPlayer ======= C: ===== ====== C:\Users\Leon.LEONAALBURG1\AppData\Roaming ====== 2015-08-06 21:32:03 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\TEMP.LEONAALBURG1\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\TEMP.leonaalburg\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\Leon\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-08-06 21:32:02 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-07-31 19:05:29 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-30 11:27:01 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Total Web 2015-07-30 11:17:55 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Local\WebShield 2015-07-30 11:17:40 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Programs 2015-07-18 15:16:24 -------- d-----w- C:\Users\Leon.LEONAALBURG1\AppData\Local\CEF ====== C:\Users\Leon.LEONAALBURG1 ====== 2015-08-08 20:05:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky 2015-08-08 20:05:15 -------- d-----w- C:\ProgramData\Unchecky 2015-08-08 20:03:33 435818762F84C20091DCFEB7732314B3 1078576 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\unchecky_setup.exe 2015-08-06 20:51:13 FD5E74BFA85F82E4D6533624E43F9175 562784 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\jxpiinstall.exe 2015-08-06 20:43:23 B9919195F61824F980F4A088D7447A11 43221600 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\jre-8u51-windows-x64.exe 2015-08-03 20:14:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\RSITx64.exe 2015-07-30 11:17:41 -------- d-----w- C:\ProgramData\WebShield ====== C: exe-files == 2015-08-08 20:05:15 E7836D47A1C4C15057C396F4E37ABB38 1595640 ----a-w- C:\Program Files (x86)\Unchecky\unchecky.exe 2015-08-08 20:05:15 D29C0DC460F6845833642F916818AAFC 163576 ----a-w- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe 2015-08-08 20:05:15 4E41F80AE740CEE1E1F7B47A3A2CB98C 429304 ----a-w- C:\Program Files (x86)\Unchecky\uninstall.exe 2015-08-08 20:05:15 4DE85CCAD1993358F02B39462159B0A0 401656 ----a-w- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe 2015-08-08 19:50:52 31A94358EF55B871B1B81ADE3ACEBFF9 148136 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2015-08-06 20:52:20 F52607E7F53DA8FE1C4A3C1F11CE2AE7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe 2015-08-06 20:52:20 F3D19B026E09B8150D9FF40D537C8F2A 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe 2015-08-06 20:52:20 EF442149A0502661D49628A66A69F33C 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\policytool.exe 2015-08-06 20:52:20 E7ABC6445E6A2F1EDE5F8BB082ECEEA1 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jabswitch.exe 2015-08-06 20:52:20 D50189686D9D144CB4EC807652640FC0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ktab.exe 2015-08-06 20:52:20 C4B3393396204E759E6EDFF92A9CAA50 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe 2015-08-06 20:52:20 BC66611222047778694C7650B7814978 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe 2015-08-06 20:52:20 B5AA17A9ACE57080909B9CB47CD74C39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\kinit.exe 2015-08-06 20:52:20 A4D1AC4078F1A819ECECC546F64907A1 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe 2015-08-06 20:52:20 9A474C07C5242EF2AE12FF6BF387F334 273504 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe 2015-08-06 20:52:20 8B09EF707CE0895D5478300CC2CE90DB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe 2015-08-06 20:52:20 8516D08420A7AB22A9B722FAF631E320 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssvagent.exe 2015-08-06 20:52:20 76BD4372DD5C5A316F64D562C2404BF8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe 2015-08-06 20:52:20 6790CB3F51E280A2A3EEAA3C5BD58EFF 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\keytool.exe 2015-08-06 20:52:20 5E1561548895218973EB5C833D96BD60 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe 2015-08-06 20:52:20 56C175D9B0D7EE7D1DA92B8D8A12772A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\servertool.exe 2015-08-06 20:52:20 547F9D4CB6FAAC8E941F1689D5555CDB 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jjs.exe 2015-08-06 20:52:20 4E022C0940633A9538892CB26B65BD0D 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe 2015-08-06 20:52:20 46AD9258E9B6EA56AFC8723CEFDF8425 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe 2015-08-06 20:52:20 235015745A6A6FE26BCDA8F227C9132B 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\klist.exe 2015-08-06 20:52:20 0CFCEE90C8711D4DEAD9EC7046918A45 77920 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe 2015-08-06 10:32:34 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E74CA89A-2800-4B4A-97AA-C8F81EA6490D}\44.0.2403.130_44.0.2403.125_chrome_updater.exe 2015-08-06 10:32:34 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_44.0.2403.125_chrome_updater.exe === C: other files == 2015-08-08 19:49:25 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Temp\_MEI40802\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-08-08 19:49:25 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Leon.LEONAALBURG1\AppData\Local\Temp\_MEI40802\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2015-08-06 20:52:20 5F7B14A65C88D4AEB0E3DF49C6A0941F 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip 2015-08-06 10:51:44 B1BC8B824BCCFBA37579D194B6AD1B34 31374 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\suits-fifth-season_HI_english-1164103.zip 2015-08-06 10:25:30 91833C2E3223BCE81DF371FE23431585 31328 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\suits-fifth-season_english-1164104(1).zip 2015-08-06 10:22:35 91833C2E3223BCE81DF371FE23431585 31328 ----a-w- C:\Users\Leon.LEONAALBURG1\Downloads\suits-fifth-season_english-1164104.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3541538408-1459528280-1945361666-1000\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Flvto YouTube Downloader"="C:\Users\Leon.LEONAALBURG1\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe /minimize" "Dropbox Update"="C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "NBAgent"="c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart" "SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe LPCM" "ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Flvto YouTube Downloader"="C:\Users\Leon.LEONAALBURG1\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe /minimize" "Dropbox Update"="C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 " "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "Toshiba Registration"="C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe " "TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" ==== Startup Folders ====================== 2011-03-28 15:06:28 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2011-03-28 15:06:28 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2012-01-27 17:04:23 1060 ----a-w- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-09-02 17:22:14 1183 ----a-w- C:\Users\Leon.LEONAALBURG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-09-18 18:34:20 1258 ----a-w- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2014-05-25 07:39:18 1258 ----a-w- C:\Users\TEMP.leonaalburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2014-07-02 20:57:23 1258 ----a-w- C:\Users\TEMP.LEONAALBURG1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2012-10-11 12:57:13 2476 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk 2013-06-02 20:52:37 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-07-2015 13:01] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3541538408-1459528280-1945361666-1000Core.job --a------ C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20-06-2015 08:35] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3541538408-1459528280-1945361666-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-02-2015 15:59] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27-02-2015 15:59] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3541538408-1459528280-1945361666-1000Core" [C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3541538408-1459528280-1945361666-1000UA" [C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{27C8DBDD-4CB6-48CE-B217-95E2FA066867}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.3.0.101/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{51BCA067-9DEA-4CF9-A186-6C492BE58B8E}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{BE0F7EF2-7A82-4B43-8BC5-363ABB5A59CA}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\{D54471B7-C210-432B-8B1A-E56A0E38CF80}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14-09-2014 13:52] ==== Firefox Extensions ====================== ProfilePath: C:\Users\LEON~1.LEO\AppData\Roaming\Mozilla\Firefox\Profiles\8wca9n4n.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14-09-2014 13:52] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\LEON~1.LEO\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[30-09-2014 23:25] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] SweetIM for Facebook - Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Google Wallet - Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Leon.LEONAALBURG1\AppData\Local\Google\Chrome\User Data\Default\Preferences {"account_tracker_service_last_update":"13082842803660971","browser":{"check_default_browser":true,"window_placement":{"bottom":718,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":728,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":20044,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","959","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","3689","748"],"daily_original_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_original_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","959","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","3689","748"],"daily_received_length_https_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_long_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_short_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_unknown_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"last_update_date":"13082767200000000"},"default_apps_install_state":2,"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"13082747619845898","next_check":"13082856944497290"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"44.0.2403.125"},"gcm":{"check_time":"13082854521693101"},"http_original_content_length":"5396","http_received_content_length":"5396","intl":{"accept_languages":"nl-NL,nl,en-US,en"},"invalidator":{"client_id":"cm9rWhKUHMbX7y2Bdl1Oog=="},"media":{"device_id_salt":"pZwMttppGOOmJxXNlwu5oA=="},"net":{"http_server_properties":{"servers":{"clients2.google.com:443":{"network_stats":{"srtt":39708},"supports_spdy":true},"clients4.google.com:443":{"network_stats":{"srtt":35492},"supports_spdy":true}},"supports_quic":{"address":"192.168.2.181","used_quic":true},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Persoon 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13079527863599538"},"translate_blocked_languages":["nl"],"translate_whitelists":{}} A5A89ABCBA63192A7D966D77CAC34CD34A709E9EF5","prefs":{"preference_reset_time":"A39B26A1E29C15C5A15353BE3AE9B0B876E0D8FCF49D0DB5112E1B8E0E634D86"},"profile":{"reset_prompt_memento":"383E527C57164EA9FDDA35D3B4CA648ED594F30919D6EA20390401D92271E2D6"},"safebrowsing":{"incidents_sent":"000701ABA40722F4642E3E7BF4EE4EC24F8489285AC2ECB7A55295ABC22C1047"},"search_provider_overrides":"02DB19ABF630AFDF9B77D479A8AFAF3B51B1B8203715DEAE4AE9C4384924D66E","session":{"restore_on_startup":"10213FEC704DA7538AFC24AAE964F4A7E068EC5D2E8CBD0F52295C97311A9973","startup_urls":"4AB70D2699715B736458843DA53DF101D3CFBF824C870488989E8F49A6B646B5"},"software_reporter":{"prompt_reason":"D4725C64C39961E46693ADE1C3D73E892E3AA075176724AF5169B76E1A47B3E7","prompt_seed":"0649E19349FB7FABE5063AF97D15384F284623EEAF73613415DF6E6CE543D055","prompt_version":"DD055EAE23195420A2A1606957DC1F5CBDBAE7C1DC7F3797D4DE22568F6D3E95"},"sync":{"remaining_rollback_tries":"08404D7FA6BB9C6CE0197D5617EC7975DCAF72FFCB6553C5853AD3CBF69D784B"}},"super_mac":"D31E6B575708B9C48EC45427FDE9F511352F705FF7237E7A1BD94ACC67952F90"},"session":{"restore_on_startup":4,"startup_urls":["http://www.istartsurf.com/?type=hppp&ts=1438255160&z=863fb15bd5b74d3ac1f9cd7g4zac3b0o9w6wag5e2z&from=tugs&uid=TOSHIBAXMK7575GSX_51GCF2Z3SXX51GCF2Z3S"]}} ==== Chromium Fix ====================== C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Flvto YouTube Downloader] "C:\Users\Leon.LEONAALBURG1\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe" /minimize O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Leon.LEONAALBURG1\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Dropbox.lnk = Leon.LEONAALBURG1\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - (no file) O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - (no file) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cron Service (CronService) - Fork, Ltd. - C:\Windows\Prey\wpxsvc.exe O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Leon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Leon.LEONAALBURG1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.leonaalburg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.LEONAALBURG1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Leon.LEONAALBURG1\AppData\Local\Mozilla\Firefox\Profiles\8wca9n4n.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Leon.LEONAALBURG1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=214 folders=78 75129534 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Leon\AppData\Local\Temp emptied successfully C:\Users\Leon.LEONAALBURG1\AppData\Local\Temp will be emptied at reboot C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\TEMP.leonaalburg\AppData\Local\Temp emptied successfully C:\Users\TEMP.LEONAALBURG1\AppData\Local\Temp emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\LEON~1.LEO\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 08-08-2015 at 22:48:05,49 ======================