Zoek.exe v5.0.0.1 Updated 30-09-2015 Tool run by Ward on zo 04/10/2015 at 19:39:17,68. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ward\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 4/10/2015 19:40:50 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Ward\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\SecretSauce deleted successfully C:\PROGRA~2\SqueakyChocolate deleted successfully C:\PROGRA~2\TornTV.com deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\WinZipSE deleted successfully C:\PROGRA~3\ZoomBrowser deleted successfully C:\Users\Karlien\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Ward\AppData\Roaming\Solvusoft deleted successfully C:\Users\Ward\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Ward\AppData\Roaming\ZoomBrowser EX deleted successfully C:\Users\Karlien\AppData\Local\VirtualStore deleted successfully C:\Users\Ward\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Ward\AppData\Local\EmieSiteList deleted successfully C:\Users\Ward\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\SearchScopes\{81188DB8-1AFF-49DC-8A3E-93401695746D} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\SearchScopes\{A9F6888E-E4F1-4788-935D-528F5577941B} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59297467-3DB6-4997-8E9B-2693E8CB9482} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ""=- "tsiVideo"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\SecretSauce not found C:\PROGRA~2\SqueakyChocolate not found C:\PROGRA~2\TornTV.com not found C:\ProgramData\SearchNewTab deleted C:\ProgramData\SAfie savei deleted C:\PROGRA~3\StarApp deleted C:\Users\Ward\AppData\LocalLow\Conduit deleted C:\Users\Ward\AppData\LocalLow\Vuze_Remote deleted C:\Users\Ward\daemonprocess.txt deleted C:\PROGRA~2\Vuze_Remote deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\Conduit deleted C:\Users\Ward\AppData\Roaming\SmileysWeLove deleted C:\Users\Ward\AppData\Roaming\BabSolution deleted C:\Users\Ward\AppData\Roaming\Babylon deleted C:\Users\Ward\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\Ward\AppData\Local\Mobogenie deleted C:\Users\Ward\AppData\Local\cache deleted C:\Users\Ward\AppData\Local\Conduit deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\Ward\Downloads\iLividSetup-r0-n-bi.exe deleted C:\Users\Ward\Downloads\iLividSetupV1.exe deleted C:\Users\Ward\AppData\LocalLow\SAfie savei deleted C:\Users\Ward\AppData\LocalLow\SearchNewTab deleted C:\Users\Ward\AppData\LocalLow\Delta deleted C:\Users\Ward\AppData\LocalLow\PriceGong deleted C:\WINDOWS\wininit.ini deleted C:\END deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Ward\Documents\Optimizer Pro deleted C:\Users\Ward\Documents\Add-in Express deleted C:\Users\Ward\Documents\BitLord deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Ward\AppData\Local\Temp ==== 2015-10-04 17:29:16 0AE9C56506E2F69B4DEB9D90C8297938 71168 ----a-w- C:\Users\Ward\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm8zvm8.dll 2015-10-02 14:33:36 67EDC5F6B09705DBB8AFCBEC4D52A96A 519680 ----a-w- C:\Users\Ward\AppData\Local\Temp\msupdate71\msvcrt.dll 2015-10-02 14:11:53 190CEAD1D3032877F791729FA1B26067 1457664 ----a-w- C:\Users\Ward\AppData\Local\Temp\mdi064.dll ====== Java Cache ===== 2015-10-04 17:34:20 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Ward\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-5c3061bb ====== C:\WINDOWS\SysWOW64 ===== 2015-10-04 17:33:32 C05114B0BDF2470F7F4A1B2128540062 97888 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-10-03 08:42:17 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2015-10-03 08:41:46 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2015-10-03 08:41:46 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2015-10-03 08:41:46 85CFE7AB85B43B6B7AC7961AA3983A9F 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2015-09-17 11:20:42 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\WINDOWS\Sysnative\drivers\nvvad64v.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-10-03 09:28:40 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-10-04 17:33:49 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Ward\AppData\Roaming ====== 2015-10-04 17:33:36 -------- d-----w- C:\Users\Ward\AppData\Roaming\Sun 2015-10-03 03:20:35 -------- d-----w- C:\Users\Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Ward ====== 2015-10-04 17:33:36 -------- d-----w- C:\Users\Ward\.oracle_jre_usage 2015-10-04 17:33:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-10-04 17:01:32 6E6FAC98AF9E39E9131A236F8DAC8C75 584288 ----a-w- C:\Users\Ward\Downloads\JavaSetup8u60.exe 2015-10-03 09:27:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ward\Downloads\RSITx64.exe ====== C: exe-files == 2015-10-04 17:33:34 BC949C957CEB9FAFDF0F3949CDDF1A72 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-10-04 17:33:34 7080B965215703EA1340C3C4903C7D73 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-10-04 17:33:34 5DC0128E8A2017E82289191820C736A5 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-10-04 17:33:14 E408E46C5DD2D03A7474AA12BAABEFEE 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\klist.exe 2015-10-04 17:33:14 D94C31E9C9C9A1273CC67DC6FFAF9984 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\policytool.exe 2015-10-04 17:33:14 BDFF5086FC1F20E631A070EEF43A7BEC 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\tnameserv.exe 2015-10-04 17:33:14 BC949C957CEB9FAFDF0F3949CDDF1A72 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe 2015-10-04 17:33:14 B9DE149653ED8B9C5C6CB68131AB66D2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jjs.exe 2015-10-04 17:33:14 B804A4E31F4BAD4D5BA05FE684756BA2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\servertool.exe 2015-10-04 17:33:14 8C6BDB56CD4DEED1AF2790D37B54CFE9 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe 2015-10-04 17:33:14 7A0DE452F677EF2971C7B75B0267B6ED 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssvagent.exe 2015-10-04 17:33:14 7080B965215703EA1340C3C4903C7D73 274016 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe 2015-10-04 17:33:14 6A5A2FDB6D09E02A3283C55237DA10F6 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\unpack200.exe 2015-10-04 17:33:14 606A24A64E164B345A79F8F22A5DAC6F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\pack200.exe 2015-10-04 17:33:14 5DC0128E8A2017E82289191820C736A5 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe 2015-10-04 17:33:14 5A503CFE5B553A9721A469FCC9CE8562 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmiregistry.exe 2015-10-04 17:33:14 3292748E640429C2682484BD23D43F6B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmid.exe 2015-10-04 17:33:14 30387BE3E5D04FE969B731441C89D2D8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ktab.exe 2015-10-04 17:33:14 21B5D297A9191E4D833BB39456CEDAD0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\kinit.exe 2015-10-04 17:33:14 0FCF9F3D9518B90FB58CC950FA33998C 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2launcher.exe 2015-10-04 17:33:14 0F6E0DD1263ACB2A1AC559BB7742B54D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\keytool.exe 2015-10-04 17:33:14 08427EADE480F21412696582170B1167 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\orbd.exe 2015-10-04 17:33:13 86CC77A8189758834CF83F7F2FEA5162 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java-rmi.exe 2015-10-04 17:33:13 262BBCE84B9C8784CC5A5E1975898022 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jabswitch.exe 2015-10-04 17:01:32 6E6FAC98AF9E39E9131A236F8DAC8C75 584288 ----a-w- C:\Users\Ward\Downloads\JavaSetup8u60.exe 2015-10-03 09:28:41 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ward.exe 2015-10-03 09:27:30 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Ward\Downloads\RSITx64.exe 2015-10-03 08:41:11 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Ward\mbam-setup-2.1.8.1057.exe 2015-10-03 03:19:20 29A95EA006B420C82BBE2415F0B1AE0C 50771064 ----a-w- C:\Users\Ward\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.10.7\DropboxClient_3.10.7.exe 2015-10-02 17:51:38 C73B06E7D0063713CDEE6C160B692603 6376136 ----a-w- C:\Users\Ward\AppData\Local\NVIDIA\NvBackend\Packages\00007f71\DAO.20019059.exe 2015-10-02 09:48:46 B27D83D274BFECEF8F79DB8366A8A5A2 630200 ----a-w- C:\Users\Ward\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-10-02 09:48:42 371AE2919C35094233EE40BA01FD02EF 172984 ----a-w- C:\Users\Ward\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-10-01 17:50:02 2C32056CB8E5C4F7A2CE7FF4588098B6 528632 ----a-w- C:\Users\Ward\AppData\Local\NVIDIA\NvBackend\Packages\00007f6a\CoProc update.20014793.exe 2015-09-30 07:28:08 008AE7228FAA525AF3970C441F4BD4DC 3016272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{218F2461-54BD-438A-BDB8-076FCC4310BC}\45.0.2454.101_45.0.2454.93_chrome_updater.exe 2015-09-30 07:28:08 008AE7228FAA525AF3970C441F4BD4DC 3016272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.101\45.0.2454.101_45.0.2454.93_chrome_updater.exe === C: other files == 2015-10-04 17:33:15 4E221C69F3B103481534D1B6CB6A90DD 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\lib\deploy\ffjcext.zip 2015-10-03 08:42:17 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-10-03 08:41:46 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-10-03 08:41:46 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-10-03 08:41:46 85CFE7AB85B43B6B7AC7961AA3983A9F 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Windows\CurrentVersion\Run] "BrowserChoice"="C:\Windows\BrowserChoice\browserchoice.exe /run" "Dropbox Update"="C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BrowserChoice"="C:\Windows\BrowserChoice\browserchoice.exe /run" "Dropbox Update"="C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" "BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll ,C:\\WINDOWS\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-07-14 17:46:43 1182 ----a-w- C:\Users\Ward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-01-30 14:45:50 1275 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk 2015-08-13 11:27:59 1167 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3128890177-2687465254-2083287530-1004Core.job --a-------- C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 08:49] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3128890177-2687465254-2083287530-1004UA.job --a-------- C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 08:49] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/06/2015 19:57] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\WINDOWS\SysNative\tasks\4579" [wscript.exe C:\Users\Ward\AppData\Local\Temp\launchie.vbs //B] "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\WINDOWS\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3128890177-2687465254-2083287530-1004Core" [C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3128890177-2687465254-2083287530-1004UA" [C:\Users\Ward\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9C81BE86-C040-4601-8ECB-E7CFFF085844}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-06-18 06:49:38 -------- d-----w- C:\PROGRA~3\Dropbox 2015-06-18 07:50:57 -------- d-----w- C:\PROGRA~3\boost_interprocess 2015-06-19 12:21:30 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation 2015-06-19 12:23:11 -------- d-----w- C:\PROGRA~3\NVIDIA 2015-06-26 12:43:26 -------- d-----w- C:\PROGRA~3\NokiaInstallerCache 2015-06-26 12:48:42 -------- d-----w- C:\PROGRA~3\Nokia 2015-06-26 12:49:00 -------- d-----w- C:\PROGRA~3\PC Suite 2015-08-13 11:26:09 -------- d-----w- C:\PROGRA~3\Canon_Inc_IC 2015-10-03 08:41:46 -------- d-----w- C:\PROGRA~3\Malwarebytes ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ward\AppData\Roaming\old_TomTom\HOME\Profiles\kdc9ulac.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Ward\AppData\Roaming\BabSolution\CR\Delta.crx[] Google Slides - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Delta Toolbar - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Google Sheets - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/?gws_rd=ssl" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{B50E3601-1EBC-44CF-B4ED-BCFBBC165D04}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {B50E3601-1EBC-44CF-B4ED-BCFBBC165D04} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-3128890177-2687465254-2083287530-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B96DA227-C2F2-A77E-EFC7-2BAD5DDE034B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Karlien\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ward\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Ward\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Karlien\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Ward\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Ward\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=808 folders=143 34268535 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Karlien\AppData\Local\Temp emptied successfully C:\Users\Ward\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Ward\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 04/10/2015 at 20:27:25,69 ======================