Zoek.exe v5.0.0.0 Updated 04-September-2015 Tool run by Philippe on vr 04/09/2015 at 17:56:15,69. Microsoft Windows 10 Pro 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Philippe\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 4/09/2015 17:57:06 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Philippe\AppData\Local\Adobe deleted successfully C:\Users\Philippe\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Philippe\AppData\Local\EmieSiteList deleted successfully C:\Users\Philippe\AppData\Local\EmieUserList deleted successfully C:\Users\Philippe\AppData\Local\PeerDistRepub deleted successfully C:\Users\super_000\AppData\Local\PackageStaging deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default\FVD Toolbar deleted C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default\jetpack deleted "C:\ProgramData\.SimImages" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-08-19 14:02:47 F1CBCB7FA6F3B309639AA2D4EF74469C 4532304 ----a-w- C:\WINDOWS\explorer.exe 2015-08-12 14:01:47 986BC1A9E29A9E35C1D10D874616ACBB 215040 ----a-w- C:\WINDOWS\notepad.exe 2015-08-11 12:36:01 B58952E67FC2FA0E689F4F0F4E3091E6 43112 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\Philippe\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-08-29 10:23:04 7AD77D21F1A7964240636BDA40B9480E 18806272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2015-08-29 10:23:03 0C6BA8C523BCC86D7CF16385419EE4D7 20857848 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-08-29 10:23:02 A9AFC833BFA05645C7C5C4A2C9EA4515 1771592 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-08-29 10:23:02 3FFBA909D9F44E83105459076E01E066 963920 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-08-29 10:23:01 820C0126D90810B78F5417767DA4F487 1593344 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll 2015-08-29 10:23:01 7CDC13C04C1038D6143B64CD2321B1F0 274432 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll 2015-08-29 10:22:59 EBD8D48F8EF7E7BDCEEB176CAB1033E3 37376 ----a-w- C:\WINDOWS\SysWOW64\wfdprov.dll 2015-08-29 10:22:59 A5E98AB07AE94407058A4224F2A9504A 1226752 ----a-w- C:\WINDOWS\SysWOW64\wcnwiz.dll 2015-08-29 10:22:59 2A28095B1C625D3DE3C25E6696AC4504 100352 ----a-w- C:\WINDOWS\SysWOW64\WcnApi.dll 2015-08-29 10:22:58 FABFF0AA6B503B960BBCBCC7CF00350B 195584 ----a-w- C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2015-08-29 10:22:58 7EFF73E0CF886F43B0ABF9921189857E 95744 ----a-w- C:\WINDOWS\SysWOW64\fdWCN.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-09-04 15:45:28 4421C08914BA938D66B6156551ACD7F3 16148 ----a-w- C:\WINDOWS\Sysnative\PHIL-PC_Philippe_HistoryPrediction.bin 2015-09-04 09:39:40 538333420C9FEE3D956FBF40F5107A34 16148 ----a-w- C:\WINDOWS\Sysnative\PHIL-PC_super_000_HistoryPrediction.bin 2015-09-04 08:43:30 EA4ED5E5A1C7EBDE927AD31986737285 4274 ----a-w- C:\WINDOWS\Sysnative\.crusader 2015-08-29 10:23:06 41E92432E013F487360795621B5393C0 21875200 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2015-08-29 10:23:06 40B99AF1511BF6309E986278854740D1 22324656 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-08-29 10:23:02 EBB4649381ED8DFB47B929C673E3BFBF 859136 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll 2015-08-29 10:23:02 BE1ADC0E59D13C4F9117D4AECC4B16A1 2498808 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll 2015-08-29 10:23:02 B7B20B07E6BDB3DCD78668E4F7BFABA9 1888768 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2015-08-29 10:23:02 93C8A57CF3EA747BB855FFFC511B5E50 1396064 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll 2015-08-29 10:23:02 81904664D6E8532794F629427B02AF00 2225664 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll 2015-08-29 10:23:01 B89FE628B72CEA4674787D13A87CEE9A 387584 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll 2015-08-29 10:23:01 994DB3BD0278B3136FD95F7E1C73A935 2235904 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-08-29 10:23:01 8A74C66ECB29E05C4324B29536CB12EE 8019296 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-08-29 10:23:01 35EC6A4E7384E233CBB5EEFD3BC2204D 247296 ----a-w- C:\WINDOWS\Sysnative\facecredentialprovider.dll 2015-08-29 10:23:00 FB24F19E6CF491A060FA9645F2D3B67D 497664 ----a-w- C:\WINDOWS\Sysnative\WlanMediaManager.dll 2015-08-29 10:23:00 E4257DF7C5517E3996047F7ADDB208F5 8847 ----a-w- C:\WINDOWS\Sysnative\ResPriHMImageList 2015-08-29 10:23:00 B32BD244B13DEC1DD050146B5F5466D7 1061888 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll 2015-08-29 10:23:00 ACA9EAA9CC52E8DA0784FE3B06E06265 609592 ----a-w- C:\WINDOWS\Sysnative\ci.dll 2015-08-29 10:23:00 A108F6D878F2B95EAA00A088EDE0E598 1294336 ----a-w- C:\WINDOWS\Sysnative\wcnwiz.dll 2015-08-29 10:23:00 62CFDB1741D700E2292242B50F1EC1A9 168960 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe 2015-08-29 10:23:00 5D046D71B18BEFB2E4D164C3DEEDD672 187392 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll 2015-08-29 10:23:00 5CE3C624FABA3154504DF9A2BD029A5E 50176 ----a-w- C:\WINDOWS\Sysnative\WcnNetsh.dll 2015-08-29 10:23:00 51F21A9A20563799AC159D22B316F5A9 77400 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-08-29 10:23:00 0F7067F069D502954F4E9E3D3378585B 79872 ----a-w- C:\WINDOWS\Sysnative\BthRadioMedia.dll 2015-08-29 10:22:59 E407B70B9D21CA3967485D464A01BAE5 140288 ----a-w- C:\WINDOWS\Sysnative\WcnApi.dll 2015-08-29 10:22:59 4F9CBB4B6FC2D9D0EAC8234343BAA29D 2178560 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll 2015-08-29 10:22:59 4814F85B61BB3FD9909F9E4726703ED4 1795072 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll 2015-08-29 10:22:59 3C6F2EF4541A9CD98EFED7B8CE9D061F 112640 ----a-w- C:\WINDOWS\Sysnative\fdWCN.dll 2015-08-29 10:22:59 26E5D4CA29A7B33EAD6E4C07D7DD3FBF 193024 ----a-w- C:\WINDOWS\Sysnative\EnterpriseModernAppMgmtCSP.dll 2015-08-29 10:22:59 1D57DD1A716A1C2C71F0A53BD00B6AFD 2226688 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll 2015-08-29 10:22:59 0ACF831DD03989CA9787621C04D73CFD 45568 ----a-w- C:\WINDOWS\Sysnative\wfdprov.dll 2015-08-29 10:22:59 0508F98561A23E184E653E3A61B49592 1234944 ----a-w- C:\WINDOWS\Sysnative\aitstatic.exe 2015-08-29 10:22:59 01F1D71F291A64266E3B0DF60E6B6CE7 117760 ----a-w- C:\WINDOWS\Sysnative\dafWCN.dll 2015-08-29 10:22:58 D4D17FB8E003050BA38B85F335B71222 322048 ----a-w- C:\WINDOWS\Sysnative\vaultsvc.dll 2015-08-29 10:22:58 6FBC6166E73518A8FEF03DCEB5BC4F34 246272 ----a-w- C:\WINDOWS\Sysnative\PackageStateRoaming.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-09-04 16:00:09 60F5579B6B33F509C52200207F79B795 79064 ----a-w- C:\WINDOWS\Sysnative\drivers\yntje.sys 2015-09-04 13:19:18 ADC443CC21A1685B810C6E8F8959B37E 43664 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys 2015-09-04 08:25:18 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2015-08-29 10:23:00 C67A03F54A1EA683F4880A481EE5FF6C 373072 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2015-08-19 14:02:42 AE7B7E1E95BFB9340B1956C98CA52C81 80720 ----a-w- C:\WINDOWS\Sysnative\drivers\stornvme.sys 2015-08-19 14:02:40 7680537006A420D7488E5057A8149F86 442208 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2015-08-12 14:01:52 310334DAF2C455744703E2D582942DF3 1983840 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2015-08-12 14:01:49 024E17D876211501EEC41503A797BDCE 505696 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2015-08-12 14:01:48 DAF957B25A35757E9D814611FAE8FE3B 237392 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys 2015-08-12 14:01:48 D5EC9413527B286CFEEB0294C53ABB95 102752 ----a-w- C:\WINDOWS\Sysnative\drivers\mountmgr.sys 2015-08-12 14:01:48 9B2039C5673EEBF1D4E34ABC0AFB88C7 685568 ----a-w- C:\WINDOWS\Sysnative\drivers\WdiWiFi.sys 2015-08-12 14:01:48 7E51F2AD1D729F5CDBB6BE21CB58FEB7 516960 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-08-12 14:01:47 78CA1FF6FE37EEFAFF99DD1C956AF60A 200528 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys 2015-08-12 14:01:46 988588C16A53C2581488C15FF18934BF 46432 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpiowin32.sys 2015-08-12 14:01:46 388F2A3C771B8BEE76FD1AAF9614D08E 52264 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys 2015-08-12 14:01:44 E1652E25178FB1D48A10DBF377F3A63D 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2015-08-07 04:47:33 466EC5659C02ED53DBD47DC1BC2B8086 2116448 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2015-08-07 04:47:27 647E2A425AD43637EAA01096A58B7089 65536 ----a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys 2015-08-07 04:47:27 14B46248612DF1B1A695040FFFBCFAFC 155136 ----a-w- C:\WINDOWS\Sysnative\drivers\tunnel.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-09-04 13:23:05 -------- d-----w- C:\Program Files\trend micro 2015-08-15 10:34:37 -------- d-----w- C:\Program Files\iTunes 2015-08-15 10:34:37 -------- d-----w- C:\Program Files\iPod 2015-08-11 12:38:00 -------- d-----w- C:\Program Files\Image Resizer for Windows ======= C:\PROGRA~2 ===== 2015-08-30 15:35:00 -------- d-----w- C:\PROGRA~2\FreeCodecPack 2015-08-15 10:34:37 -------- d-----w- C:\PROGRA~2\iTunes 2015-08-11 12:38:00 -------- d-----w- C:\PROGRA~2\Image Resizer for Windows ======= C: ===== ====== C:\Users\Philippe\AppData\Roaming ====== 2015-08-30 15:35:58 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg 2015-08-30 15:35:47 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg 2015-08-30 15:35:37 -------- d-----w- C:\Users\Philippe\AppData\Local\Avg 2015-08-24 15:28:38 -------- d-----w- C:\Users\super_000\AppData\Local\Brice_Lambson 2015-08-11 12:38:31 -------- d-----w- C:\Users\Philippe\AppData\Local\Brice_Lambson ====== C:\Users\Philippe ====== 2015-09-04 13:22:50 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Philippe\Desktop\RSITx64.exe 2015-09-04 08:39:58 -------- d-----w- C:\ProgramData\HitmanPro 2015-09-04 08:39:40 C8893D65B0A4D78252F74398133FBC80 11352032 ----a-w- C:\Users\super_000\Desktop\HitmanPro_x64.exe 2015-09-04 08:34:40 2F4E1E2F3630243C76BE815FDDCBBFA8 1654272 ----a-w- C:\Users\super_000\Desktop\adwcleaner_5.005.exe 2015-09-04 08:24:44 9B22512845511901DE62BA05A5AC7D71 21545336 ----a-w- C:\Users\super_000\Desktop\mbam-setup-sem-2.1.6.1022.exe 2015-08-30 15:34:52 -------- d--h--w- C:\ProgramData\Common Files 2015-08-30 15:34:52 -------- d-----w- C:\ProgramData\AVG 2015-08-24 15:27:38 -------- d-----w- C:\Users\super_000\TFTB 2015-08-15 10:34:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-11 12:38:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows ====== C: exe-files == 2015-09-04 13:23:06 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Philippe.exe 2015-09-04 13:22:50 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Philippe\Desktop\RSITx64.exe 2015-09-04 08:39:40 C8893D65B0A4D78252F74398133FBC80 11352032 ----a-w- C:\Users\super_000\Desktop\HitmanPro_x64.exe 2015-09-04 08:34:40 2F4E1E2F3630243C76BE815FDDCBBFA8 1654272 ----a-w- C:\Users\super_000\Desktop\adwcleaner_5.005.exe 2015-09-04 08:24:44 9B22512845511901DE62BA05A5AC7D71 21545336 ----a-w- C:\Users\super_000\Desktop\mbam-setup-sem-2.1.6.1022.exe 2015-09-03 07:33:54 06CFCD864C25DBC2F4CED85066459355 8702032 ----a-w- C:\Program Files (x86)\Google\Update\Install\{BAA78591-CF9A-4D0D-8706-8515D1BFFCAF}\45.0.2454.85_44.0.2403.157_chrome_updater.exe 2015-09-03 07:33:54 06CFCD864C25DBC2F4CED85066459355 8702032 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.85\45.0.2454.85_44.0.2403.157_chrome_updater.exe 2015-08-30 15:35:01 EFEBA7B08CC277A4011187DCE1E0B823 357376 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\gdsmux.exe 2015-08-30 15:35:01 E0F1E384D2A644BEC77DF32EF8760874 480768 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\gdsmux.x64.exe 2015-08-30 15:35:01 AEBBD973D81C98EAB112E126A61F1C34 136704 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\dsmux.x64.exe 2015-08-30 15:35:01 A8411EC5384293B9559F5BDD763CD397 113152 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\dsmux.exe 2015-08-30 15:35:01 36A36D38B5A7A2F0B697057F26142699 160768 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\mkv2vfr.x64.exe 2015-08-30 15:35:01 1449B922DC29EDE8912F43521E5E6D62 137728 ----a-w- C:\Program Files (x86)\FreeCodecPack\Haali\mkv2vfr.exe 2015-08-30 15:34:58 9B141916311A6ABC824960091C55594F 1174888 ----a-w- C:\Program Files (x86)\DVDVideoSoft\unins000.exe 2015-08-30 15:29:17 80F8614F8525B0D6D95CCAAF3DDBBB6B 64939224 ----a-w- C:\Users\Philippe\AppData\Local\Temp\tmd_34013842.exe 2015-08-30 05:28:51 E2CD6F76B2E57B3D61DC21FB58A5EC10 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe 2015-08-30 05:28:51 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateSetup.exe 2015-08-30 05:28:51 0ECB154C98DD6A404B7DEB62C7425F60 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateBroker.exe 2015-08-30 05:28:51 000975A5E8399A6EB7104A31DA947279 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe 2015-08-30 05:28:50 93EA3D9300F9A4B29D12A60D50142D5B 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe 2015-08-30 05:28:50 3ED2B00729E2D4F974C1418F1B2CDF60 245064 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe 2015-08-30 05:28:50 042ED5CED9032D093CACF785BFA39D65 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe 2015-08-30 05:28:49 DD7423ABBE2913E70D50E9318AD57EE4 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdate.exe 2015-08-30 05:28:49 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Install\{FD2A9715-6EC4-4CF6-954C-9363A9579BC9}\GoogleUpdateSetup.exe 2015-08-30 05:28:49 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe 2015-08-29 10:23:05 8F486D955F90CF6FE1EABE2CC0C1B967 6258528 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 2015-08-29 10:23:01 8A74C66ECB29E05C4324B29536CB12EE 8019296 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-08-29 10:23:00 90B9FDEB80471212F08D996A1C4FFBD6 143360 ----a-w- C:\Windows\System32\oobe\windeploy.exe 2015-08-29 10:23:00 62CFDB1741D700E2292242B50F1EC1A9 168960 ----a-w- C:\Windows\System32\InstallAgent.exe 2015-08-29 10:22:59 227EDE423D40B3BC2B1A0FC99225DF76 67072 ----a-w- C:\Windows\System32\oobe\oobeldr.exe 2015-08-29 10:22:59 0508F98561A23E184E653E3A61B49592 1234944 ----a-w- C:\Windows\System32\aitstatic.exe === C: other files == 2015-09-04 16:00:09 60F5579B6B33F509C52200207F79B795 79064 ----a-w- C:\Windows\System32\drivers\yntje.sys 2015-09-04 13:19:18 ADC443CC21A1685B810C6E8F8959B37E 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys 2015-09-04 08:25:18 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-08-30 15:44:59 DFF1D9C954D9236AE28178F2B4BCB0AF 9168 ----a-w- C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default\extensions\{a45bb529-abe2-4278-8885-1b479cf97bfe}.xpi 2015-08-29 10:23:00 C67A03F54A1EA683F4880A481EE5FF6C 373072 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1213392334-3750927741-3239499489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_5F19CE0E3876D65F2E134058DD369C87"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT EPLTarget\P0000000000000000 /M XP-402 403 405 406 Series" "PrtScr by FireStarter"="C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "EPLTarget\P0000000000000001"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT EPLTarget\P0000000000000001 /M XP-402 403 405 406 Series" "Spotify Web Helper"="C:\Users\Philippe\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Philippe\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "OneDrive"="C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-1213392334-3750927741-3239499489-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_8F2BC704B0F25548BA6E2932789EAFF4"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "OneDrive"="C:\Users\super_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-1213392334-3750927741-3239499489-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" [HKEY_USERS\S-1-5-21-1213392334-3750927741-3239499489-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\super_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\super_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\super_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\super_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_5F19CE0E3876D65F2E134058DD369C87"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT EPLTarget\P0000000000000000 /M XP-402 403 405 406 Series" "PrtScr by FireStarter"="C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "EPLTarget\P0000000000000001"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT EPLTarget\P0000000000000001 /M XP-402 403 405 406 Series" "Spotify Web Helper"="C:\Users\Philippe\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\Philippe\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "OneDrive"="C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Philippe\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio8788"="C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cmicnfgp.dll,CMICtrlWnd" "Cmaudio8788GX"="C:\WINDOWS\syswow64\HsMgr.exe Envoke" "Cmaudio8788GX64"="C:\WINDOWS\system\HsMgr64.exe Envoke" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 17:41] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/03/2015 19:13] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/03/2015 19:13] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9CCC7200-5A0D-44C2-98F6-A291755207F9}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default user_pref("browser.newtab.url", "chrome://fvd.speeddial/content/fvd_about_blank.html"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/08/2015 14:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default - Speed Dial [FVD] - New Tab Page Sync... - %ProfilePath%\extensions\pavel.sherbakov@gmail.com - Undetermined - %ProfilePath%\extensions\expire-history-by-days@bonardo.net.xpi - Pin It Button - %ProfilePath%\extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi - Share Button for Pinterest - %ProfilePath%\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi - Great Find - %ProfilePath%\extensions\{a45bb529-abe2-4278-8885-1b479cf97bfe}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Philippe\AppData\Roaming\Mozilla\Firefox\Profiles\fwsmechw.default EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.85 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/03/2015 19:18] GeoGebra - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee Telegram - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno NoFollow - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid Avast Online Security - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki bol-part - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgenemciogcgmpcahfbfcdamgcjfbpp Grammarly Spell Checker & Grammar Checker - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen Booktrack - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog WeVideo Next - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\limlkeaboocfcfncjkkghclkjidbedem Email Backgrounds Email Stationery - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepmejfbdnfgkkeklbhejggabembdfmo Pub Toolbar - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc Instagram for Chrome - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb App Launcher Customizer for Google™ - Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm GeoGebra - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee Telegram - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno NoFollow - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid Assassin's Creed III - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\geadmffjboclimmeiaimcafapjaefnfn Avast Online Security - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki bol-part - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkgenemciogcgmpcahfbfcdamgcjfbpp Booktrack - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidknbkmfcapkiepmhchinffchkjglog WeVideo Next - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\limlkeaboocfcfncjkkghclkjidbedem Email Backgrounds Email Stationery - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepmejfbdnfgkkeklbhejggabembdfmo Pub Toolbar - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc Instagram for Chrome - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb App Launcher Customizer for Google™ - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponjkmladgjfjgllmhnkhgbgocdigcjm ==== Chromium Fix ====================== C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage deleted successfully C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage-journal deleted successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage deleted successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage-journal deleted successfully C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc deleted successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\IE\1DERH9RI will be deleted at reboot C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\IE\5OROWAX5 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Philippe\AppData\Local\Mozilla\Firefox\Profiles\fwsmechw.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Philippe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1233 folders=134 136649190 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Philippe\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\IE\1DERH9RI" not found "C:\Users\Philippe\AppData\Local\Microsoft\Windows\INetCache\IE\5OROWAX5" not found ==== EOF on vr 04/09/2015 at 18:24:11,73 ======================