Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by desme on di 12/04/2016 at 9:09:48,05. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\desme\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12/04/2016 9:11:15 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\80de3da9 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\desme\AppData\Local\ActiveSync deleted successfully C:\Users\desme\AppData\Local\Adobe deleted successfully C:\Users\desme\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2651267546-2275186073-1641447734-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2651267546-2275186073-1641447734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2651267546-2275186073-1641447734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Adobe Flash Player 21 NPAPI Assassin's Creed Unity Assassins Creed IV Black Flag AudioFXSetup AVG AVG 2016 AVG Protection AVG Zen Battlefield Hardline / RePack by Baracuda Belfius Smart Card Reader Chrome-App BurnRecovery Canon iP6700D CheckDevicesConfigurator CyberLink PowerDVD 12 De Sims Middeleeuwen Enemy Front PROPER FMW 1 Gaming Center(x64) Google Chrome Google Update Helper Grand Theft Auto V Heroes & Generals HitmanPro 3.7 Intel(R) Chipset Device Software Intel(R) Management Engine Components Intel(R) ME UninstallLegacy Intel(R) PRO/Wireless Driver Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) Wireless Bluetooth(R) Intel© PROSet/Wireless Software Intel© PROSet/Wireless WiFi Software Intel© Security Assist Intel© Trusted Connect Service Client Java 8 Update 77 Java Auto Updater LauncherSetup Malwarebytes Anti-Malware versie 2.2.1.1043 Metro: Last Light Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft WSE 3.0 Runtime Mozilla Firefox 45.0.2 (x86 nl) Mozilla Maintenance Service MSI Afterburner 4.1.1 MSI Remind Manager Nahimic for MSI NVIDIA-configuratiescherm 364.72 NVIDIA 3D Vision controllerstuurprogramma 364.44 NVIDIA 3D Vision stuurprogramma 364.72 NVIDIA GeForce Experience 2.11.2.55 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 364.72 NVIDIA HD Audio-stuurprogramma 1.3.34.4 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 2.11.2.55 NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.11.2.55 NVIDIA Stereoscopic 3D Driver NVIDIA Update 2.11.2.55 NVIDIA Update Core NVIDIA Virtual Audio 1.2.37 OpenOffice 4.1.2 ProductDaemonSetup Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RivaTuner Statistics Server 6.3.0 Rockstar Games Social Club Sherlock Holmes: Crimes and Punishments SHIELD Streaming SHIELD Wireless Controller Driver Sleeping Dogs: Definitive Edition Sniper Ghost Warrior 2 Steam The Crew (Worldwide) The Settlers Online The Witcher 3: Wild Hunt TomTom HOME TomTom HOME Visual Studio Merge Modules Uplay VASCO Card Reader Plug-In (64-Bit) VASCO Smart Card Reader Plug-In (User) Verdun Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Vulkan Run Time Libraries 1.0.3.0 Vulkan Run Time Libraries 1.0.5.1 WinZip 19.5 XSplit Gamecaster ==== Running Processes ====================== C:\Program Files\WMIHook\WMIHookBtnFn\WMI_Hook_Service.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe D:\progs\Av\avgwdsvcx.exe C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\desme\AppData\Local\Microsoft\OneDrive\OneDrive.exe D:\progs\Framework\Common\avguix.exe D:\progs\Av\avgui.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe D:\progs\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\desme\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\desme\AppData\Roaming\Mozilla\Firefox\Profiles\2gjs6vn6.default ---- FireFox user.js and prefs.js backups ---- user_20161204_0919_.backup prefs_20161204_0919_.backup ProfilePath: C:\Users\desme\AppData\Roaming\TomTom\HOME\Profiles\e21k0umr.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20161204_0919_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fahconsole.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iastorui.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javacpl.exe] "Debugger=- Options\javaw.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javaws.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdvdlaunchpolicy.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tomtomhome.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcompanion.exe] "Debugger=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winzip64.exe] "Debugger=- Execution Options\wzpreloader.exe] "Debugger=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "vProt"=- ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\AVG Web TuneUp not found C:\Program Files (x86)\Common Files\AVG Secure Search not found C:\Users\desme\AppData\Roaming\Mozilla\Firefox\Profiles\2gjs6vn6.default\searchplugins\avg-secure-search.xml not found C:\ProgramData\AVG Web TuneUp not found C:\Program Files\AVG Web TuneUp not found D:\progs\AVG PC TuneUp deleted C:\extensions deleted C:\PROGRA~3\adaware-installer-reboot-required.tmp deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\Package Cache deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Public\Documents\dmp deleted C:\END deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted "C:\Users\desme\AppData\Roaming\MSI" deleted "C:\Users\desme\AppData\Roaming\Braid" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8120 MB CPU Info: Intel(R) Core(TM) i7-4790S CPU @ 3.20GHz CPU Speed: 3284,1 MHz Sound Card: Speakers (Realtek High Definiti | LG IPS FULLHD-4 (NVIDIA High De | Display Adapters: NVIDIA GeForce GTX 960 | NVIDIA GeForce GTX 960 | NVIDIA GeForce GTX 960 | NVIDIA GeForce GTX 960 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) Dual Band Wireless-AC 3160 | Realtek PCIe GBE Family Controller | Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth PAN HelpText CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208FB Ports: COM5 | COM4 | COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 118,2GB | D: 906,6GB Hard Disks - Free: C: 75,6GB | D: 487,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: MICRO-STAR INTERNATIONAL CO., LTD MS-78511 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Default Browser: Firefox 45.0.2 Internet Explorer Version: 11.162.10586.0 Mozilla Firefox version: 45.0.2 (x86 nl) Google Chrome version: 49.0.2623.110 Sun Java version: 1.8.0_77 (32-bit) Sun Java version: 1.8.0_77 (64-bit) Flash Player version: 21.0.0.213 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\desme\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-04-08 18:20:01 1515CCB4E4431338B3FF255D9F91F952 5934784 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-03-29 12:30:34 1B1B6BBF0E170627F3BDCC67A7AE61FA 110528 ----a-w- C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-03-29 12:29:18 70207A22C0E7FB05B2A44C6144969105 448824 ----a-w- C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-03-29 12:29:18 36858420B62AB8509E91CCECABC5C0B7 8659472 ----a-w- C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2016-03-29 12:29:18 15931354E5CE5881602FF04E27D89C7B 17328008 ----a-w- C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-03-29 12:29:17 5DF411C5D96D54DA5B503D1222B32CEB 25350080 ----a-w- C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-03-29 12:29:17 2CC2D53E4FF3951938FE21D9454F5F86 17755928 ----a-w- C:\WINDOWS\SysWOW64\nvopencl.dll 2016-03-29 12:29:17 2B7FE4F547CFC42623858AA479F67C73 129208 ----a-w- C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-03-29 12:29:16 EF4A6AA537DE2C29689BCC0C8440D564 153392 ----a-w- C:\WINDOWS\SysWOW64\nvinit.dll 2016-03-29 12:29:16 ED43DA952FCBD06BAD44FD756930C519 751552 ----a-w- C:\WINDOWS\SysWOW64\NvFBC.dll 2016-03-29 12:29:16 D8AE2FB2EA7F1D8FCE090DB0F9490222 630776 ----a-w- C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2016-03-29 12:29:16 927D5BF2C4232C9E651054FF0440A6A3 317656 ----a-w- C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2016-03-29 12:29:16 6FDD042C571D88328C0572FF91DD9EBF 632336 ----a-w- C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2016-03-29 12:29:16 43C794E8C63688B318FB24BDC7351426 379448 ----a-w- C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2016-03-29 12:29:16 3161B1B223B55E858DEECE8CA319E5F8 695864 ----a-w- C:\WINDOWS\SysWOW64\NvIFR.dll 2016-03-29 12:29:16 1A59482AA555BD30C1554B7EE8033A49 572096 ----a-w- C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2016-03-29 12:29:15 E4D8B5AE9CBA89485B1BEEB1930724A2 2260024 ----a-w- C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-03-29 12:29:15 CB48843367FB282A35C5C3745D396C0F 348216 ----a-w- C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2016-03-29 12:29:15 962F54BA08E5EFBCC9A3D8764FE11499 17349776 ----a-w- C:\WINDOWS\SysWOW64\nvcuda.dll 2016-03-29 12:29:14 B9CE2A8EB2BDE3A1367D2E8D5166418F 37567424 ----a-w- C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-03-29 12:29:14 55F5310A6E6C38D93CD3F5D3B39FA1BB 139 ----a-w- C:\WINDOWS\SysWOW64\nv-vk32.json 2016-03-29 11:40:42 8C43C8C6A7AD00226AF6EE6B73979652 100416 ----a-w- C:\WINDOWS\SysWOW64\nvaudcap32v.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-03-29 12:29:18 62589B3ED74E3E2574AE5D0D6F87FA8A 10550552 ----a-w- C:\WINDOWS\Sysnative\nvptxJitCompiler.dll 2016-03-29 12:29:18 04048AD1FED35B764FA68D539DED2459 546328 ----a-w- C:\WINDOWS\Sysnative\nvumdshimx.dll 2016-03-29 12:29:17 DDFC38A4E7FF37CA5BE589224D741804 601936 ----a-w- C:\WINDOWS\Sysnative\nvmcumd.dll 2016-03-29 12:29:17 8201A482FD19E620D4419205A70BE534 151368 ----a-w- C:\WINDOWS\Sysnative\nvoglshim64.dll 2016-03-29 12:29:17 51632D0B0F3823BAAD8D96ADECFE67C7 31594432 ----a-w- C:\WINDOWS\Sysnative\nvoglv64.dll 2016-03-29 12:29:17 269602B22D59D52D42BD6E51A6F71BCC 21364536 ----a-w- C:\WINDOWS\Sysnative\nvopencl.dll 2016-03-29 12:29:16 DE245215FACBBF6E8BA91A39F0A3AD91 960056 ----a-w- C:\WINDOWS\Sysnative\NvFBC64.dll 2016-03-29 12:29:16 B214F80B9AA7E1844157B394132977DB 425016 ----a-w- C:\WINDOWS\Sysnative\NvIFROpenGL.dll 2016-03-29 12:29:16 9A10ACD83F7EB4A38604E87DC0173CDF 786872 ----a-w- C:\WINDOWS\Sysnative\nvEncMFTH264.dll 2016-03-29 12:29:16 7278471BC1F69510E56313E38FE48268 1922496 ----a-w- C:\WINDOWS\Sysnative\nvdispco6436472.dll 2016-03-29 12:29:16 4BFC703A79EA782F103680BD99521BF4 176064 ----a-w- C:\WINDOWS\Sysnative\nvinitx.dll 2016-03-29 12:29:16 3C0CF41CD09F6DD8B7FA863FBC143361 784824 ----a-w- C:\WINDOWS\Sysnative\nvEncMFThevc.dll 2016-03-29 12:29:16 3279651B894F195AFD1CC2D95C753922 889400 ----a-w- C:\WINDOWS\Sysnative\NvIFR64.dll 2016-03-29 12:29:16 2F2D6F481DED7F96B335258034726191 379296 ----a-w- C:\WINDOWS\Sysnative\nvEncodeAPI64.dll 2016-03-29 12:29:16 2E4270BE33B1F74E509F747D4E1EBE77 678520 ----a-w- C:\WINDOWS\Sysnative\nvfatbinaryLoader.dll 2016-03-29 12:29:16 150C0B8892466DCE9790C50F5936E46E 1571776 ----a-w- C:\WINDOWS\Sysnative\nvdispgenco6436472.dll 2016-03-29 12:29:15 BFBACA1B2F7B5CDCC5A95E743DFD7FDD 385080 ----a-w- C:\WINDOWS\Sysnative\nvDecMFTMjpeg.dll 2016-03-29 12:29:15 B1D73334D0F2E6EF7AA11C38FBD7F597 2614208 ----a-w- C:\WINDOWS\Sysnative\nvcuvid.dll 2016-03-29 12:29:15 A8F1D9AC83D7E13CEC5932B187439B97 20906168 ----a-w- C:\WINDOWS\Sysnative\nvcuda.dll 2016-03-29 12:29:14 A335A9D14E978AF910113986DECF611C 42923576 ----a-w- C:\WINDOWS\Sysnative\nvcompiler.dll 2016-03-29 12:29:14 2BBE2D0BD765E81FD17DF2F8DE298EF5 139 ----a-w- C:\WINDOWS\Sysnative\nv-vk64.json 2016-03-29 11:40:42 46303B15595E34973D3C89E03AF8D739 109632 ----a-w- C:\WINDOWS\Sysnative\nvaudcap64v.dll ====== C:\WINDOWS\Sysnative\drivers ===== ====== C:\WINDOWS\Tasks ====== 2016-03-25 16:54:55 CDB91DFECEDB4905816A2CDD966C0EA0 3926 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2016-03-25 16:54:55 ABF0C513981399FFD8C5DBD5D0518270 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-04-11 13:14:18 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-04-12 07:59:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-03-25 16:47:45 -------- d-----w- C:\PROGRA~2\HeroesAndGenerals ======= C: ===== ====== C:\Users\desme\AppData\Roaming ====== 2016-04-10 08:26:18 -------- d-----w- C:\Users\TEMP\AppData\Local\TileDataLayer 2016-04-10 08:26:18 -------- d-----w- C:\Users\TEMP\AppData\Local\Packages 2016-04-10 08:26:17 -------- d-----w- C:\Users\TEMP\AppData\Local 2016-03-30 15:55:57 -------- d-----w- C:\Users\Default\AppData\Local\AVG 2016-03-30 15:55:57 -------- d-----w- C:\Users\Default User\AppData\Local\AVG 2016-03-16 15:38:22 -------- d-----w- C:\Users\desme\AppData\Local\SKIDROW ====== C:\Users\desme ====== 2016-04-10 20:43:47 3241C423EC63CEE2E07B8268FF6B34B9 2523920 ----a-w- C:\Users\desme\Desktop\SimsMedievalLauncher.exe 2016-04-10 20:43:17 BB3320BF0A79A8CDC0D5EEA3318A8036 27877376 ----a-w- C:\Users\desme\Desktop\SniperGhostWarrior2.exe 2016-04-10 08:26:17 -------- d--h--w- C:\Users\TEMP\AppData 2016-03-29 12:30:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 2016-03-25 16:47:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes & Generals 2016-03-16 15:32:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics ====== C: exe-files == 2016-04-12 08:07:13 63282F5EB7E5BFB58FD1EC93C6ADB457 146888 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2016-04-12 08:02:53 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{4BF085DB-AFBA-4E7A-9354-36C2B5E3A620}\ISBEW64.exe 2016-04-12 08:02:49 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{1166AD28-23D1-447D-8A3B-85F4CBAE4FF7}\ISBEW64.exe 2016-04-12 08:02:47 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{48D0247A-0180-4AF4-9FF4-E6400B0EB12C}\ISBEW64.exe 2016-04-12 08:02:46 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{E21B4AA9-9151-4001-8819-47672059603B}\ISBEW64.exe 2016-04-12 08:02:44 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{1541E549-7D7E-424F-AACA-6C161890795F}\ISBEW64.exe 2016-04-12 08:02:40 962B85D5BC8945D80B4839E47EFE8FDD 152456 ------w- C:\Users\desme\AppData\Local\Temp\{365F6AE4-5607-4F9F-8EB5-28C3ADED7A4F}\ISBEW64.exe 2016-04-12 07:59:26 F85C40988E94C2F463508FBEE94025BF 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\kinit.exe 2016-04-12 07:59:26 F4E94CBB9DEF622171D8943F2160B214 51776 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssvagent.exe 2016-04-12 07:59:26 E2AF676759086BAE2F16D6B5033E7F46 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\policytool.exe 2016-04-12 07:59:26 D763E321831C859D9195ADF15A951E95 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\java-rmi.exe 2016-04-12 07:59:26 D709404CB67D09946628987244B98A60 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\servertool.exe 2016-04-12 07:59:26 D62B10425DC16A177CB64D6B0356F915 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jjs.exe 2016-04-12 07:59:26 C558C87F624CF96F812028165190EEDE 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\pack200.exe 2016-04-12 07:59:26 C31F1BDBB1902458FA15515BD0D8340B 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\java.exe 2016-04-12 07:59:26 C1F46A7656D1DED6326D8E28B1CF1862 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\rmiregistry.exe 2016-04-12 07:59:26 AC4F3A4F853070419C9E8479B3868103 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\tnameserv.exe 2016-04-12 07:59:26 AAADCD8DA5BCE8986D6FEC09FAB7B70D 68672 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe 2016-04-12 07:59:26 A756D5633F6596B0E4711E60D3F61BCA 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\orbd.exe 2016-04-12 07:59:26 A5AECC1529B64CB123B1880D3AD0F1AE 268352 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaws.exe 2016-04-12 07:59:26 A48BDE309534612FBA41D58E754A38BE 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\unpack200.exe 2016-04-12 07:59:26 8DF0EA1993F98096557A4AFA6235DE4E 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\rmid.exe 2016-04-12 07:59:26 724998551979EB4E0DF53CA3994AF035 77888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2launcher.exe 2016-04-12 07:59:26 6101EC702C56D5F688AA578AC457A440 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jabswitch.exe 2016-04-12 07:59:26 5192C3656176D1D21D21372E1061D1A4 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\ktab.exe 2016-04-12 07:59:26 4CC7AA4DCC143BB06999A62B8763EA6C 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\keytool.exe 2016-04-12 07:59:26 2AD9EFBB015490AA315707BAC2BFD816 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaw.exe 2016-04-12 07:59:26 26E779D9D96192E312E5DC042E993DED 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\klist.exe 2016-04-11 19:14:33 CC079B17C59F11B2FC193732C3301A59 621288 ----a-w- C:\Users\desme\AppData\Local\NVIDIA\NvBackend\Packages\00008949\CoProc update.20631836.exe 2016-04-11 19:14:33 75C4CD819BA6DB4C8A4A062DA0448C7C 7719080 ----a-w- C:\Users\desme\AppData\Local\NVIDIA\NvBackend\Packages\00008952\DAO.20633384.exe 2016-04-11 16:07:04 9CC9228546B79ED8DE22ADCFB16E06A8 686520 ----a-w- C:\Users\desme\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-04-11 16:07:00 D57310505F207A707AE67B95EFE4CF3E 254904 ----a-w- C:\Users\desme\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-04-11 13:14:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\desme.exe 2016-04-10 20:43:47 3241C423EC63CEE2E07B8268FF6B34B9 2523920 ----a-w- C:\Users\desme\Desktop\SimsMedievalLauncher.exe 2016-04-10 20:43:17 BB3320BF0A79A8CDC0D5EEA3318A8036 27877376 ----a-w- C:\Users\desme\Desktop\SniperGhostWarrior2.exe 2016-04-10 09:31:30 BA728CECBB7A14A4EDBD625B9AA6E7F2 1879488 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{D6A7B6A8-5C5B-40BC-B0A1-35B64028E6FD}\NVNetworkService.exe 2016-04-10 09:31:30 5C985041974069E43952EAEAAE915270 422456 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{DA25FF33-0890-4644-8F7F-5CAB1FF589D7}\setup.exe 2016-04-10 08:31:19 570193297A02D9332C1122C1C7B756EF 1959424 ----a-w- C:\Users\desme\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe 2016-04-08 18:20:01 1515CCB4E4431338B3FF255D9F91F952 5934784 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-04-08 15:08:38 845C94C35431FD2CD8DA3D770DE8E35B 179624 ----a-w- C:\Users\desme\AppData\Local\Temp\avguirn_08889515756.exe 2016-04-06 16:22:39 4E95AB8BEB2C8FD53B348EF4AD5121C5 149184 ----a-w- C:\Users\desme\AppData\Local\Temp\C84D39D5-23DF-48FE-BF7D-137A055BF3B1\DismHost.exe 2016-04-06 09:31:20 76E5FCCD0A63CF90436ADE9AAABC4D5E 446248 ----a-w- C:\Program Files (x86)\HeroesAndGenerals\live\retoxexe.exe 2016-04-05 08:45:37 ACDDDCD662CF23936178DCDCE4473D18 3225688 ----a-w- C:\Program Files (x86)\Google\Update\Install\{EF150218-4DA2-4098-BD48-F8C882D8B5D7}\49.0.2623.110_49.0.2623.87_chrome_updater.exe 2016-04-05 08:45:36 ACDDDCD662CF23936178DCDCE4473D18 3225688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.110\49.0.2623.110_49.0.2623.87_chrome_updater.exe === C: other files == 2016-04-12 07:59:26 4EDC09D3151E434741F50E8F7210D162 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\lib\deploy\ffjcext.zip 2016-04-10 09:31:34 9D9CAD70EA640AB8D3EB77BFAE6CABE2 28344 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{5A214D00-A096-4472-BA41-F3BBE97E6971}\NVSWCFilter64.sys 2016-04-10 09:31:34 7ABD081BB7A1A8CF7E3B1E64183AB812 24760 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{5A214D00-A096-4472-BA41-F3BBE97E6971}\NVSWCFilter32.sys 2016-04-10 09:31:34 0BAF8B3DF77EFF04CC0BEA5F2C3657F9 56384 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C7BA70B2-DF3F-4188-9C87-1E64989A55CB}\nvvad64v.sys 2016-04-10 09:31:33 EFBE8FAA664796E1595274D1868883DC 50752 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C7BA70B2-DF3F-4188-9C87-1E64989A55CB}\nvvad32v.sys 2016-04-10 09:31:30 ED5FCC6DACF2973386629BC4ABF3DD60 21440 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{DA25FF33-0890-4644-8F7F-5CAB1FF589D7}\NVI2SystemService32.sys 2016-04-10 09:31:30 6E00D4113254F2397A246F9B98CEBA84 22464 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{DA25FF33-0890-4644-8F7F-5CAB1FF589D7}\NVI2SystemService64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2651267546-2275186073-1641447734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\desme\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "TomTomHOME.exe"="D:\progs\\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\S-1-5-21-2651267546-2275186073-1641447734-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\desme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\desme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SilentFanControl"="C:\Program Files\WMIHook\WMIHookBtnFn\SilentFanController.exe" "AvgUi"="D:\progs\Framework\Common\avguirnx.exe /lps=fmw" "AVG_UI"="D:\progs\Av\avuirunnerx.exe D:\progs\Av\avgui.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\desme\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "TomTomHOME.exe"="D:\progs\\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\desme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\desme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "NahimicMSIUILauncher"="C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe /noUI" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2016 19:20] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/12/2015 07:35] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/12/2015 07:35] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AVGPCTuneUp_Task_BkGndMaintenance" [D:\progs\AVG PC TuneUp\tuscanx.exe] "C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Java Platform SE Auto Updater" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\NahimicMSIsvc32Run" ["C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe"] "C:\WINDOWS\SysNative\tasks\NahimicMSIsvc64Run" ["C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe"] "C:\WINDOWS\SysNative\tasks\NahimicMSIUILauncherRun" ["C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe"] "C:\WINDOWS\SysNative\tasks\PDVDServ12 Task" [C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{023C0CCD-65DF-4231-8097-595B4135158B}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{E9469E6F-2470-D801-5E84-9F03D3E99F7F}" [C:\WINDOWS\system32\regsvr32.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\desme\AppData\Roaming\Mozilla\Firefox\Profiles\2gjs6vn6.default user_pref("browser.startup.homepage", "https://www.google.be/|about:preferences");