Zoek.exe v5.0.0.0 Updated 21-09-2015 Tool run by Wouter on di 22-09-2015 at 12:48:17,26. Microsoft Windows 10 Home 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wouter\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-9-2015 12:52:17 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\predm deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Default User\AppData\Local\Geschiedenis deleted successfully C:\Users\Wouter\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Wouter\AppData\Local\EmieSiteList deleted successfully C:\Users\Wouter\AppData\Local\EmieUserList deleted successfully C:\Users\Wouter\AppData\Local\MediaShow deleted successfully C:\Users\Wouter\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-983083467-3780027488-2977671989-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-983083467-3780027488-2977671989-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A286B42A-C007-4D67-928B-57674BC38564} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A286B42A-C007-4D67-928B-57674BC38564} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A286B42A-C007-4D67-928B-57674BC38564} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lehicewu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gyvixodu deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdsManPro deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFK deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NixSrv deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ospd_us_013010089"=- "gmsd_nl_005010089"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "IOPROTECT"=- "upgmsd_nl_005010093.exe"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\predm not found C:\Users\Wouter\AppData\Local\gmsd_nl_005010093 not found C:\Program Files (x86)\gmsd_nl_005010093 not found C:\PROGRA~2\VstPlugins deleted C:\Program Files (x86)\globalUpdate deleted C:\Program Files (x86)\SearchProtect deleted C:\ProgramData\Service1291 deleted C:\Program Files (x86)\SFK deleted C:\ProgramData\3WdsManPro3 deleted C:\Users\Wouter\AppData\Roaming\TuneUp Software deleted C:\Users\Wouter\AppData\Roaming\Super Optimizer deleted C:\ProgramData\eWdsManProe deleted C:\Users\Wouter\AppData\Roaming\mystartsearch deleted C:\Program Files (x86)\FastSearch deleted C:\ProgramData\28341ff220e0446c9fff27c4493d622e deleted C:\Program Files (x86)\942e2bb2-afda-4c31-a8fd-a1cf18795505 deleted C:\Users\Wouter\AppData\Roaming\oursurfing deleted C:\windows\SysNative\Tasks\VYBAJQPSNMYVXCIN deleted C:\windows\SysNative\tasks\bvxvdxvx deleted C:\Users\Wouter\AppData\Local\bvxvdxvx deleted C:\PROGRA~2\BitLord deleted C:\PROGRA~2\AnyProtectEx deleted C:\PROGRA~2\33444335-1442434422-3637-5438-A0D3C1697ED7 deleted C:\task.vbs deleted C:\install.exe deleted C:\PROGRA~3\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat deleted C:\PROGRA~3\Lavasoft\Web Companion deleted C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\PROGRA~3\Package Cache deleted C:\PROGRA~3\lWdsManProl deleted C:\Users\Wouter\AppData\Local\nsbFF52.tmp deleted C:\Users\Wouter\AppData\Local\nsuAFD1.tmp deleted C:\Users\Wouter\AppData\Local\nsyB182.tmp deleted C:\Users\Wouter\AppData\Local\MyBrowser deleted C:\Users\Wouter\AppData\Local\33444335-1442441721-3637-5438-A0D3C1697ED7 deleted C:\Users\Wouter\AppData\Local\SmartWeb deleted C:\Users\Wouter\AppData\Local\SearchProtect deleted C:\Users\Wouter\AppData\Local\globalUpdate deleted C:\Users\Wouter\AppData\Local\BitLord deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted C:\Users\Wouter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-1-6.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-1-7.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-10_user.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-13.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-14.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-3.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-5.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-5_user.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-6.job deleted C:\WINDOWS\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-7.job deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-1-6 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-1-7 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-10_user deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-13 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-14 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-3 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-5 deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-5_user deleted C:\windows\SysNative\Tasks\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-6 deleted C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb deleted C:\WINDOWS\wininit.ini deleted C:\windows\SysNative\tasks\Super Optimizer Schedule deleted C:\WINDOWS\tasks\APSnotifierPP3.job deleted C:\windows\SysNative\tasks\APSnotifierPP3 deleted C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted C:\windows\SysNative\tasks\SmartWeb Upgrade Trigger Task deleted C:\windows\SysNative\tasks\cfr3011 deleted C:\END deleted C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\WINDOWS\AppPatch\nbin\VC32Loader.dll deleted C:\windows\SysNative\acengine64.dll deleted C:\Users\Wouter\Documents\Super Optimizer deleted C:\Users\Wouter\Documents\BitLord deleted C:\Users\Wouter\Desktop\Continue Live Installation.lnk deleted "C:\WINDOWS\tasks\AH4vopPqMByENSVyLOVO85x.job" deleted "C:\WINDOWS\tasks\FYKwBuTfy.job" deleted "C:\Users\Wouter\AppData\Roaming\FYKwBuTfy.exe" deleted "C:\WINDOWS\tasks\VYBAJQPSNMYVXCIN.job" deleted "C:\Users\Wouter\AppData\Local\Temp\WIZZ\ioproduct_service.bat" deleted "C:\windows\Installer\1a960.msi" deleted "C:\Users\Wouter\AppData\Roaming\AH4vopPqMByENSVyLOVO85x" deleted "C:\WINDOWS\tasks\AH4vopPqMByENSVyLOVO85x.job" deleted "C:\WINDOWS\SysNative\tasks\AH4vopPqMByENSVyLOVO85x" deleted "C:\Users\Wouter\AppData\Roaming\FYKwBuTfy" deleted "C:\WINDOWS\tasks\FYKwBuTfy.job" deleted "C:\WINDOWS\SysNative\tasks\FYKwBuTfy" deleted "C:\Program Files (x86)\Cinem Plus 2.4cV16.09\5e227d67-8e29-45fb-9988-4dcc2d22a7dd-6.exe" deleted "C:\Program Files (x86)\Cinem Plus 2.4cV16.09" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Wouter\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-09-16 20:26:57 A26F27362144CCC0B062AA1A4B38E3F3 4 ----a-w- C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-09-09 19:14:07 3C670437DFA989E708D897D385517885 18806272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll 2015-09-09 19:14:04 D5C86731E14EB3C6A7FBB9D296A724FD 19324416 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-09-09 19:14:00 35CBA36E7A48260FC97E35010257F3F7 11262464 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-09-09 19:13:58 E59B00C9058EC451E85A14C877E143CA 2880032 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-09-09 19:13:56 BE9AA31EFDC5AF3605599A63AFD62B34 2153472 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2015-09-09 19:13:55 A429ED80A03D29F43E99A08CA76E3CFD 1612288 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2015-09-09 19:13:51 223F4A196FEDDC45F431D79B833521E6 484352 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll 2015-09-09 19:13:50 6B1F5CA61757844148C06E3F328C2913 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-09-09 19:13:50 1C0F275FC68BD670107D4782E09B9AA6 650752 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-09-09 19:13:49 E2A8B3E2B05C6C4C0FB6BC45655ED714 541248 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-09-09 19:13:47 C1B5BE074E1D85D4C1267B9678F9669D 139776 ----a-w- C:\WINDOWS\SysWOW64\shacct.dll 2015-09-09 19:13:47 2FA6AE2352567748CD332B2529756EC6 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll 2015-09-09 19:13:43 5C3D6ECECE28FA7883E44C8D89ED1933 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-09-22 10:43:11 F82DA4B51958943972AEF7B36880D784 16148 ----a-w- C:\WINDOWS\Sysnative\ZEEBAARS23_Wouter_HistoryPrediction.bin 2015-09-09 19:14:12 76631080B4F8E4A2CED80C1745FF0A20 24594944 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-09-09 19:14:09 6FB9D1EF8F6605615B6428DAF08CF4D6 21874688 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll 2015-09-09 19:14:02 3351F8C9B076F669501F4A84FE59F456 12503552 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-09-09 19:13:57 A43228FEF57CBB6BE0CDB0BC37CC0F83 2350592 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2015-09-09 19:13:57 90211F7475F525E7F9858C0CE3BBBBE7 1774592 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Immersive.dll 2015-09-09 19:13:54 19CC86CFFA2070173DA90D6396C2912C 3586560 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys 2015-09-09 19:13:52 C41583E696A64AB8A446F9DBF88CA9F1 826880 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-09-09 19:13:51 D2F7EF42F82CEA2545A7A8D103B57DF5 596480 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll 2015-09-09 19:13:51 26CE350482FB244047754BFA53C70603 3620736 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-09-09 19:13:50 1BFAC03B6422E878EFCDA934BF4C4823 1008640 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll 2015-09-09 19:13:49 8A8E708BECF0D832C6EAEFCA3773CC77 608936 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe 2015-09-09 19:13:49 84B1FE2E4615A89293F1FD4DE52EE26E 578560 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2015-09-09 19:13:49 811D1E970F74D018949F5DC85559B1FB 576000 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-09-09 19:13:48 F744A4B0CF296EFF8A64F526C3610476 1382912 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys 2015-09-09 19:13:47 E280D20B0AD017F78290C39CB27006AB 187904 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.PicturePassword.dll 2015-09-09 19:13:47 4CF70EA2E9B2DF1F942B357DCC0E33E8 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll 2015-09-09 19:13:46 1E4B6E4DB127F1964166B458060C4223 184320 ----a-w- C:\WINDOWS\Sysnative\shacct.dll 2015-09-09 19:13:45 B8DEC7C31052120B258F58C000B362C9 77400 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll 2015-09-09 19:13:43 C9B6A1DF4767507904C65654725372ED 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-09-11 13:59:08 D670EA803C3D2B93A0FCC866ECF2CCD5 312752 ------w- C:\WINDOWS\Sysnative\drivers\avgidsdrivera.sys 2015-09-11 10:40:04 76F7D7217FBDAB77798A2A244ACD641F 206080 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudserd.sys 2015-09-11 10:39:50 5252D7BC56E5E0ED715AEA8FE173A455 206080 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudmdm.sys 2015-09-11 10:37:29 73BDD44A6088916964945886F9025409 108800 ----a-w- C:\WINDOWS\Sysnative\drivers\ssudbus.sys 2015-08-31 21:45:14 915200A7FDD946E51CF77EC62EA2D0E9 314800 ------w- C:\WINDOWS\Sysnative\drivers\avgwfpa.sys 2015-08-30 21:25:46 C67A03F54A1EA683F4880A481EE5FF6C 373072 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2015-08-30 21:25:46 A9991032F00FDE9D344FF95C01DBD390 929280 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys ====== C:\WINDOWS\Tasks ====== 2015-09-21 14:14:50 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Safer-Networking 2015-09-16 21:44:47 B6FD58F89C176DB6B8368F4C30882F79 3390 ----a-w- C:\WINDOWS\Sysnative\Tasks\{3CB76B78-E534-4358-BCA8-C988B4D2C520} 2015-09-16 21:14:52 9B6D8B1568D4A17B5BB80D28DA3249D9 3954 ----a-w- C:\WINDOWS\Sysnative\Tasks\Install Java ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-09-21 17:03:52 -------- d-----w- C:\Program Files\trend micro 2015-09-21 14:21:52 -------- d-----w- C:\Program Files\Common Files\AV 2015-09-18 05:29:47 -------- d-----w- C:\Program Files\SpaceSoundPro 2015-09-16 20:13:20 -------- d-----w- C:\Program Files\NixSrv ======= C:\PROGRA~2 ===== 2015-09-21 12:53:45 -------- d-----w- C:\PROGRA~2\AVG 2015-09-16 20:13:36 -------- d-----w- C:\PROGRA~2\Cinem Plus 2.4cV16.09 2015-09-16 20:12:59 -------- d-----w- C:\PROGRA~2\Opera 2015-09-07 18:21:04 -------- d-----w- C:\PROGRA~2\Avanquest update ======= C: ===== ====== C:\Users\Wouter\AppData\Roaming ====== 2015-09-21 14:21:02 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs 2015-09-21 13:00:09 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg 2015-09-21 12:54:20 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg 2015-09-21 12:52:37 -------- d-----w- C:\Users\Wouter\AppData\Local\AvgSetupLog 2015-09-21 12:52:37 -------- d-----w- C:\Users\Wouter\AppData\Local\Avg 2015-09-16 20:14:26 -------- d-----w- C:\Users\Wouter\AppData\Local\Opera Software 2015-09-07 18:11:15 -------- d-----w- C:\Users\Wouter\AppData\Local\Sony Ericsson 2015-08-27 20:55:08 -------- d-----w- C:\Users\Wouter\AppData\Local\Programs 2015-08-27 19:38:52 -------- d-----w- C:\Users\Wouter\AppData\Local\MicrosoftEdge ====== C:\Users\Wouter ====== 2015-09-21 17:02:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Wouter\Downloads\RSITx64.exe 2015-09-21 12:53:45 -------- d--h--w- C:\ProgramData\Common Files 2015-09-21 12:53:45 -------- d-----w- C:\ProgramData\Avg 2015-09-16 20:10:50 4826A979419D65334E2F3CA84F10E4D6 564368 ----a-w- C:\Users\Wouter\Downloads\Social-Downloader.exe 2015-09-16 19:49:06 -------- d-----r- C:\Users\Wouter\3D Objects 2015-09-10 23:35:21 -------- d-----w- C:\ProgramData\Sony 2015-09-07 18:21:02 -------- d-----w- C:\ProgramData\Avanquest 2015-09-07 18:11:16 -------- d-----w- C:\ProgramData\BVRP Software 2015-09-07 18:08:55 -------- d-----w- C:\ProgramData\Sony Ericsson ====== C: exe-files == 2015-09-22 11:02:53 F5C7560B7C36FA09B1D2C8DC8F842632 595279 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\IE\5OS7B53F\Setup[1].exe 2015-09-21 17:03:52 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Wouter.exe 2015-09-21 14:33:23 F5151B77C799DFCAD631F5A4EB7B2EE2 98304 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\IE\WKB9F003\AnyProtectSetup[1].exe 2015-09-18 20:43:37 FAC17E42199598C0352B9F5DC2EFFC85 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe 2015-09-18 20:43:37 77352A5A0833B1CA3B771148DA535CB6 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateWebPlugin.exe 2015-09-18 20:43:37 61A77DDEF5E8D85E8B0955C4E5127B39 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateBroker.exe 2015-09-18 20:43:30 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateSetup.exe 2015-09-18 20:43:23 E337785DA1958E9AB02DDB2369EF46E8 307016 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe 2015-09-18 20:43:23 BFDCC0375C492C524E78647CEED3F77D 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdateComRegisterShell64.exe 2015-09-18 20:43:23 A72BB48D9014A7D7C05F02F595F52D60 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe 2015-09-18 20:43:23 053EEEE1ABAE53F044F1E386E22AE525 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleUpdate.exe 2015-09-18 20:43:14 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Install\{2890EA35-D495-4508-B4B0-6A8552DE5BFF}\GoogleUpdateSetup.exe 2015-09-18 20:43:09 D9A15F83CB6E5901A63F24CD7D58DBAF 929872 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.15\GoogleUpdateSetup.exe 2015-09-16 21:29:52 E94926832E258984179770AF38E8DC92 672451 ----a-w- C:\Program Files\NixSrv\packages\282eb20b-2411-4453-b912-21c755982959\setup\VLCUpdate.2.2.1.exe 2015-09-16 21:14:25 91D834AF301FE0ED41CC9FABA14070AA 672423 ----a-w- C:\Program Files\NixSrv\packages\282eb20b-2411-4453-b912-21c755982959\setup\7ZipUpdate.9.38.exe 2015-09-16 21:14:06 63260D1606CE8540206B25B6B03DEE95 855040 ----a-w- C:\Program Files\NixSrv\packages\282eb20b-2411-4453-b912-21c755982959\NixHost.exe 2015-09-16 09:43:56 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Install\{91B0B913-3ED2-4E8E-B8D9-5FD126654B4F}\45.0.2454.93_45.0.2454.85_chrome_updater.exe 2015-09-16 09:43:56 9E919FC6F2B5ED86E4726697136B3F5F 1072720 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.93\45.0.2454.93_45.0.2454.85_chrome_updater.exe 2015-09-15 18:24:33 E3EC81D634A09EAD6155E9F6F5ABFA18 7846992 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2015-09-15 18:24:33 E3EC81D634A09EAD6155E9F6F5ABFA18 7846992 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\OneDriveSetup.exe 2015-09-15 18:24:24 F4601CDFF7E3F1100BBB00B2FF76DB56 147632 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncConfig.exe === C: other files == 2015-09-22 10:44:37 6B79A47B124F375AD22338CB08378CE6 16741 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\IE\MU4UFW8E\cloud-capability[1].zip 2015-09-15 18:24:23 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\CollectOneDriveLogs.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-983083467-3780027488-2977671989-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Wouter\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" "Spotify"="C:\Users\Wouter\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "GoogleChromeAutoLaunch_214C8F788BE3D667FB07BDBD0D369B42"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "OneDrive"="C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" "AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Wouter\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" "Spotify"="C:\Users\Wouter\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" "GoogleChromeAutoLaunch_214C8F788BE3D667FB07BDBD0D369B42"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "OneDrive"="C:\Users\Wouter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\VC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui" "OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe" "OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe" "SpaceSoundPro"="C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-08-2015 20:37] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28-08-2015 20:37] C:\WINDOWS\tasks\HPCeeScheduleForWouter.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13-09-2010 22:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForWouter" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\Install Java" [C:\Program Files\NixSrv\packages\282eb20b-2411-4453-b912-21c755982959\NixHost.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{7D042F7F-7281-40C6-8208-0E792DAA1764}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Docs - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Download FB Album mod - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok Google Search - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi AdBlock - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Drive App Launcher - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Fast searchable email with less spam. - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF158a299c.TMP was reset successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE41B493270B044459017897C71B3217 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Wouter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=606 folders=233 326835501 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Wouter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Cinem Plus 2.4cV16.09" not found ==== EOF on di 22-09-2015 at 13:34:22,20 ======================