Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Esha on do 20-10-2016 at 13:42:27,29. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Esha\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 20-10-2016 13:46:17 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\HiSuiteOuc deleted successfully C:\Users\Esha\AppData\Roaming\Macromedia deleted successfully C:\Users\Esha\AppData\Local\DriverToolkit deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent Adobe Acrobat Reader DC - Nederlands Adobe Refresh Manager Ashampoo AppLauncher (Medion) v.1.0.0 Back2Life 2.9 Belgium e-ID middleware 4.1.16 (build 1723) Belgium e-ID middleware 4.1.18 (build 1730) CardRecovery 6.10 CCleaner Definition Update for Microsoft Office 2013 (KB3114731) 32-Bit Edition FileViewPro Google Chrome Google Drive Google Earth Google Update Helper HiSuite Intel Security True Key Intel(R) Biometric and Context Agent Intel(R) Biometric and Context Agent Redistributables Intel(R) Processor Graphics Intel© RealSenseT SDK 2014 Runtime (x64): Core IrfanView (remove only) McAfee Security Scan Plus Microsoft Access MUI (Dutch) 2013 Microsoft DCF MUI (Dutch) 2013 Microsoft Excel MUI (Dutch) 2013 Microsoft Groove MUI (Dutch) 2013 Microsoft InfoPath MUI (Dutch) 2013 Microsoft Lync MUI (Dutch) 2013 Microsoft Office 64-bit Components 2013 Microsoft Office Korrekturhilfen 2013 - Deutsch Microsoft Office OSM MUI (Dutch) 2013 Microsoft Office OSM UX MUI (Dutch) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (Dutch) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Nederlands Microsoft Office Shared 64-bit MUI (Dutch) 2013 Microsoft Office Shared MUI (Dutch) 2013 Microsoft OneNote MUI (Dutch) 2013 Microsoft Outlook MUI (Dutch) 2013 Microsoft PowerPoint MUI (Dutch) 2013 Microsoft Publisher MUI (Dutch) 2013 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft Word MUI (Dutch) 2013 Mozilla Firefox 42.0 (x86 nl) Mozilla Maintenance Service mydlink services plugin Opera Stable 40.0.2308.81 Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais ParetoLogic PC Health Advisor REALTEK Bluetooth Driver Realtek Card Reader Realtek USB 2.0 Card Reader REALTEK Wireless LAN Driver Recuva Security Update for Microsoft Excel 2013 (KB3114734) 32-Bit Edition Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3039734) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3039794) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3085572) 32-Bit Edition Security Update for Microsoft Office 2013 (KB3114486) 32-Bit Edition Security Update for Microsoft Publisher 2013 (KB3085561) 32-Bit Edition Security Update for Microsoft Word 2013 (KB3114724) 32-Bit Edition Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition SkypeT 7.3 Speccy Stuurprogrammapakket voor Windows - Fedict SmartCard (08/08/2015 4.1.5) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Update for Microsoft Access 2013 (KB3114505) 32-Bit Edition Update for Microsoft InfoPath 2013 (KB3039714) 32-Bit Edition Update for Microsoft InfoPath 2013 (KB3114353) 32-Bit Edition Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition Update for Microsoft Office 2013 (KB3023068) 32-Bit Edition Update for Microsoft Office 2013 (KB3039701) 32-Bit Edition Update for Microsoft Office 2013 (KB3039720) 32-Bit Edition Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition Update for Microsoft Office 2013 (KB3039778) 32-Bit Edition Update for Microsoft Office 2013 (KB3039800) 32-Bit Edition Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition Update for Microsoft Office 2013 (KB3054785) 32-Bit Edition Update for Microsoft Office 2013 (KB3054805) 32-Bit Edition Update for Microsoft Office 2013 (KB3054819) 32-Bit Edition Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition Update for Microsoft Office 2013 (KB3054941) 32-Bit Edition Update for Microsoft Office 2013 (KB3055006) 32-Bit Edition Update for Microsoft Office 2013 (KB3055007) 32-Bit Edition Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition Update for Microsoft Office 2013 (KB3085482) 32-Bit Edition Update for Microsoft Office 2013 (KB3085506) 32-Bit Edition Update for Microsoft Office 2013 (KB3085570) 32-Bit Edition Update for Microsoft Office 2013 (KB3085578) 32-Bit Edition Update for Microsoft Office 2013 (KB3101487) 32-Bit Edition Update for Microsoft Office 2013 (KB3114715) 32-Bit Edition Update for Microsoft Office 2013 (KB3114727) 32-Bit Edition Update for Microsoft Office 2013 (KB3114736) 32-Bit Edition Update for Microsoft OneDrive for Business (KB3114509) 32-Bit Edition Update for Microsoft OneNote 2013 (KB3114344) 32-Bit Edition Update for Microsoft Outlook 2013 (KB3114729) 32-Bit Edition Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition Update for Microsoft PowerPoint 2013 (KB3114716) 32-Bit Edition Update for Microsoft Project 2013 (KB3114739) 32-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition Update for Skype for Business 2015 (KB3039776) 32-Bit Edition Update for Skype for Business 2015 (KB3114732) 32-Bit Edition VLC media player Windows Media Player Firefox Plugin WinRAR 5.31 (32-bit) WinThruster WinZip Driver Updater Wondershare Data Recovery(Build 4.8.3.4) Wondershare Helper Compact 2.5.0 Wondershare Photo Recovery (build 3.1.1) ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE C:\Users\Esha\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\McAfee not found C:\windows\SysNative\Tasks\ParetoLogic Registration3 deleted C:\Windows\tasks\ParetoLogic Registration3.job deleted C:\Users\Esha\.android deleted C:\PROGRA~2\DriverFinder deleted C:\PROGRA~2\ParetoLogic deleted C:\PROGRA~2\COMMON~1\ParetoLogic deleted C:\PROGRA~2\Wondershare deleted C:\Program Files\FileViewPro deleted C:\MININT deleted C:\stat_log deleted C:\Users\Esha\AppData\Roaming\DriverFinder deleted C:\Users\Esha\AppData\Roaming\ParetoLogic deleted C:\Users\Esha\AppData\Roaming\DriverCure deleted C:\PROGRA~3\ParetoLogic deleted C:\PROGRA~3\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2} deleted C:\PROGRA~3\Package Cache deleted C:\Users\Esha\AppData\Local\BTServer.log deleted C:\Users\Esha\AppData\Local\FileViewPro deleted C:\Users\Esha\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Esha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\tasks\ParetoLogic Update Version3.job deleted C:\windows\SysNative\tasks\ParetoLogic Update Version3 deleted C:\Windows\tasks\PC Health Advisor Defrag.job deleted C:\Windows\tasks\PC Health Advisor.job deleted C:\windows\SysNative\tasks\PC Health Advisor deleted C:\windows\SysNative\tasks\PC Health Advisor Defrag deleted C:\Windows\tasks\WinThruster64-Esha-Notification.job deleted C:\Windows\tasks\WinThruster64-Esha-Startup.job deleted C:\windows\SysNative\tasks\WinThruster64-Esha-Notification deleted C:\windows\SysNative\tasks\WinThruster64-Esha-Startup deleted C:\Users\Esha\Documents\Add-in Express deleted C:\Users\Esha\Desktop\ParetoLogic PC Health Advisor.lnk deleted "C:\Windows\Installer\a7ad672.msi" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Solvusoft Suite\Logs\Client.log.txt" not deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Tray\Logs\Tray.log.txt" not deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\Users\Esha\AppData\Roaming\Solvusoft" not deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Solvusoft Suite" not deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Tray" not deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Solvusoft Suite\Logs" not deleted "C:\Users\Esha\AppData\Roaming\Solvusoft\Tray\Logs" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3987 MB CPU Info: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz CPU Speed: 1873,7 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC | Bluetooth-apparaat (Personal Area Network) | Realtek PCIe FE Family-controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GU90N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 403,6GB | D: 60,0GB Hard Disks - Free: C: 300,5GB | D: 12,6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: Medion Akoya E7226 Country: Nederland Language: NLD ==== System Specs (Software) ====================== AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 53.0.2785.143 Internet Explorer Version: 11.0.9600.17031 Mozilla Firefox version: 42.0 (x86 nl) Opera Browser version: 40.0.2308.81 Google Chrome version: 53.0.2785.143 Adobe Reader version: 15.20.20039.203716 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Esha\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-10-18 10:23:43 3331806A4E3026A4583C1565816CEA8E 9889352 ----a-w- C:\Windows\SysWOW64\RtsUVStoricon.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-10-18 10:23:43 28B356BAB74470786867BF4DC261E17C 329944 ----a-w- C:\Windows\Sysnative\drivers\RtsUVStor.sys ====== C:\Windows\Tasks ====== 2016-10-18 15:05:32 1F2F8DB3BBA10CCA15952E9C0BF3F5D3 3432 ----a-w- C:\Windows\Sysnative\Tasks\Start WinZip Driver Updater Schedule 2016-10-18 15:05:31 1FE5E129C5592775FFA6AF203E4F0037 3364 ----a-w- C:\Windows\Sysnative\Tasks\Start WinZip Driver Updater Update 2016-10-18 15:01:11 D686A04E61DCCF968BD3B4071E9F6C2D 296 ----a-w- C:\Windows\Tasks\Start WinZip Driver Updater for Erika@Esha(logon).job 2016-10-18 15:01:11 CDF8F7AE29784A915ABD004DAA8D0D30 2560 ----a-w- C:\Windows\Sysnative\Tasks\Start WinZip Driver Updater for Erika@Esha(logon) ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-10-19 21:20:51 -------- d-----w- C:\Program Files\trend micro 2016-10-19 14:32:56 -------- d-----w- C:\Program Files\Speccy 2016-10-18 14:52:24 -------- d-----w- C:\Program Files\WinZip Smart Monitor 2016-10-18 14:52:19 -------- d-----w- C:\Program Files\WinZip Driver Updater 2016-10-16 09:44:47 -------- d-----w- C:\Program Files\Solvusoft ======= C:\PROGRA~2 ===== 2016-10-19 21:22:50 -------- d-----w- C:\PROGRA~2\trend micro 2016-10-16 16:04:18 -------- d-----w- C:\PROGRA~2\Medion MediaPack 3 2016-10-16 09:44:48 -------- d-----w- C:\PROGRA~2\Solvusoft 2016-10-14 14:39:34 -------- d-----w- C:\PROGRA~2\CardRecovery ======= C: ===== 2016-10-18 12:51:34 51640404B1C18AEBBDF8403D719686CB 430 ----a-w- C:\0.bak ====== C:\Users\Esha\AppData\Roaming ====== 2016-10-17 08:48:36 -------- d-----w- C:\Users\Esha\AppData\Roaming\D-Link 2016-10-16 10:22:56 -------- d-----w- C:\Users\Esha\AppData\Roaming\IsolatedStorage 2016-10-16 09:45:47 -------- d-----w- C:\Users\Esha\AppData\Roaming\Solvusoft 2016-10-16 09:43:17 -------- d-----w- C:\Users\Esha\AppData\Local\IIIQF ====== C:\Users\Esha ====== 2016-10-19 21:22:33 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Esha\Downloads\RSIT.exe 2016-10-19 21:18:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Esha\Downloads\RSITx64.exe 2016-10-19 14:33:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-10-19 14:29:55 81064F9D184A00F9049E92AE21E40F10 5201280 ----a-w- C:\Users\Esha\Downloads\spsetup129 (1).exe 2016-10-19 14:29:44 81064F9D184A00F9049E92AE21E40F10 5201280 ----a-w- C:\Users\Esha\Downloads\spsetup129.exe 2016-10-18 16:58:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2016-10-18 14:52:19 -------- d-----w- C:\ProgramData\WinZip 2016-10-18 14:51:33 8BC851ED7DB0C7B42E938732CB07809E 12552896 ----a-w- C:\Users\Esha\Downloads\wzdu34.exe 2016-10-18 11:57:01 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl (2).exe 2016-10-18 11:57:01 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl (1).exe 2016-10-18 11:55:23 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl.exe 2016-10-18 10:44:51 FF705FCACBC099BDBFA7A3B916A8822F 8932000 ----a-w- C:\Users\Esha\Downloads\Setup_WinThruster_2016 (1).exe 2016-10-16 16:05:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medion MediaPack 3 2016-10-16 10:22:56 -------- d-----w- C:\ProgramData\IsolatedStorage 2016-10-16 10:22:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro 2016-10-16 10:19:34 8E43FDF4716E8C987AF495B8C899B705 1806720 ----a-w- C:\Users\Esha\Downloads\Setup_FileViewPro_2016.exe 2016-10-16 09:44:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft 2016-10-16 09:43:39 -------- d-----w- C:\ProgramData\Solvusoft 2016-10-16 09:36:17 FF705FCACBC099BDBFA7A3B916A8822F 8932000 ----a-w- C:\Users\Esha\Downloads\Setup_WinThruster_2016.exe 2016-10-16 09:15:52 4A9DD4647EEDD638EC1D6BD0B0E4111F 1064592 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full829.exe 2016-10-14 15:05:59 80DA4CFBF4F2952FE8CBC27DAE5CC337 1045136 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full542 (2).exe 2016-10-14 15:00:32 -------- d-----w- C:\Users\Public\Documents\Wondershare 2016-10-14 15:00:24 80DA4CFBF4F2952FE8CBC27DAE5CC337 1045136 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full542 (1).exe 2016-10-14 14:39:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery 2016-10-14 14:38:10 10E6FADE881750E6961A8890E67B1789 848760 ----a-w- C:\Users\Esha\Downloads\cardrecovery_setup.exe 2016-10-01 19:07:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ====== C: exe-files == 2016-10-19 21:22:50 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\Esha.exe 2016-10-19 21:22:33 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Esha\Downloads\RSIT.exe 2016-10-19 21:20:52 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Esha.exe 2016-10-19 21:18:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Esha\Downloads\RSITx64.exe 2016-10-19 14:32:35 5E4470F5E0B170877C606A0EB097E6FB 8270712 ----a-w- C:\Users\Esha\AppData\Local\Microsoft\Windows\INetCache\IE\VDK2OY0D\ccsetup[1].exe 2016-10-19 14:29:55 81064F9D184A00F9049E92AE21E40F10 5201280 ----a-w- C:\Users\Esha\Downloads\spsetup129 (1).exe 2016-10-19 14:29:44 81064F9D184A00F9049E92AE21E40F10 5201280 ----a-w- C:\Users\Esha\Downloads\spsetup129.exe 2016-10-18 14:51:33 8BC851ED7DB0C7B42E938732CB07809E 12552896 ----a-w- C:\Users\Esha\Downloads\wzdu34.exe 2016-10-18 11:57:01 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl (2).exe 2016-10-18 11:57:01 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl (1).exe 2016-10-18 11:55:23 F0EE0FE6CC055FCEBE2B417D6ACAEF57 5239920 ----a-w- C:\Users\Esha\Downloads\ParetoLogic PC Health Advisor_nl.exe 2016-10-18 10:44:51 FF705FCACBC099BDBFA7A3B916A8822F 8932000 ----a-w- C:\Users\Esha\Downloads\Setup_WinThruster_2016 (1).exe 2016-10-18 10:24:39 5E0458CFB499C7641F35CB1FFD5F69BD 400456 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe 2016-10-18 10:23:45 9B9939DE3454A62A8B450C2937266462 90696 ----a-w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\revcon64.exe 2016-10-18 10:23:45 57C5A20DA6D63CBFAB28A0EDFE911CD3 86600 ----a-w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\revcon32.exe 2016-10-18 10:23:44 BCE3974EB6C6A535062A8D1EAF757513 55840 ------w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\SetEHCIKey.exe 2016-10-18 10:23:44 8B23FB9DD8CDF72B7C8A598FE9E1336C 563416 ------w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\Rmb.exe 2016-10-18 10:23:43 BA9F72B06199A2E92852D77F74354377 2474056 ----a-w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\RIconMan.exe 2016-10-16 16:07:45 D44C09FD1DE9D7BB9EE164A70923F638 106888 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Snap\updateMediator.exe 2016-10-16 16:07:29 47C397FBCBA056D37BEEEE11905713E6 3053976 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Snap\ashsnap.exe 2016-10-16 16:07:29 331F8D0123A513A413B195441B715603 1266024 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Snap\unins000.exe 2016-10-16 16:07:08 9042096B52C1C88FC27C779F655581AD 6004136 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Optimizer\photooptimizer.exe 2016-10-16 16:07:05 D44C09FD1DE9D7BB9EE164A70923F638 106888 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Optimizer\updateMediator.exe 2016-10-16 16:07:03 5322E4CF57E52252082FE159191D361C 1266024 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Optimizer\unins000.exe 2016-10-16 16:06:58 1B4DEA929D1F77D777D1C03D0840B17D 37288 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Commander\CancelAutoplay.exe 2016-10-16 16:06:55 1588D524033CE762DF3EEA50709B40B3 581632 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Commander\ashDriverSetup.exe 2016-10-16 16:06:54 8AD89CA7D80BAA98B7D4A36098A5EBED 4827048 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Commander\apc.exe 2016-10-16 16:06:15 D44C09FD1DE9D7BB9EE164A70923F638 106888 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Commander\updateMediator.exe 2016-10-16 16:06:11 D032938D7B236A354964D955842DD180 1266024 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Photo Commander\unins000.exe 2016-10-16 16:05:22 A34CD7808CC0915FB569A60E71DE561A 3750312 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\backupextractor.exe 2016-10-16 16:05:19 D0FDA597C374EFB4374AB1C397494C1D 134056 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\CancelAutoplay2.exe 2016-10-16 16:05:19 41C8A86C30BB1229C572954F991FF53D 1861544 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\autorun.exe 2016-10-16 16:05:18 F8A8BEC98AF18B0C115C522DD50F253B 140200 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\amf_slv.exe 2016-10-16 16:05:16 A48B76DA7066F8B481FDB3180A4F1CB3 3297704 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\burningstudio.exe 2016-10-16 16:05:15 D44C09FD1DE9D7BB9EE164A70923F638 106888 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\updateMediator.exe 2016-10-16 16:05:13 9054215BE95DC9BCFC8349DDFE9057AD 1266024 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\unins000.exe 2016-10-16 16:04:23 8FF659F8F2958E5A56B9CBE18DFEA76D 969656 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe 2016-10-16 16:04:22 D44C09FD1DE9D7BB9EE164A70923F638 106888 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\updateMediator.exe 2016-10-16 16:04:19 B456C2FA12F8F6D855E140611C40A550 1266024 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\unins000.exe 2016-10-16 10:19:34 8E43FDF4716E8C987AF495B8C899B705 1806720 ----a-w- C:\Users\Esha\Downloads\Setup_FileViewPro_2016.exe 2016-10-16 09:36:17 FF705FCACBC099BDBFA7A3B916A8822F 8932000 ----a-w- C:\Users\Esha\Downloads\Setup_WinThruster_2016.exe 2016-10-16 09:16:25 7B16633CF0E18497ACCED5CEBF1639F3 26116024 ------w- C:\Users\Public\Documents\Wondershare\data-recovery_full829.exe 2016-10-16 09:15:52 4A9DD4647EEDD638EC1D6BD0B0E4111F 1064592 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full829.exe 2016-10-14 15:05:59 80DA4CFBF4F2952FE8CBC27DAE5CC337 1045136 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full542 (2).exe 2016-10-14 15:00:32 B0EF777A6BD0FF0FCF941E530A565572 6144 ----a-w- C:\Users\Public\Documents\Wondershare\NFWCHK.exe 2016-10-14 15:00:24 80DA4CFBF4F2952FE8CBC27DAE5CC337 1045136 ----a-w- C:\Users\Esha\Downloads\data-recovery_setup_full542 (1).exe 2016-10-14 14:39:35 CC6F3DBA2C49F7A37D2A2A7B78006BCE 2171312 ----a-w- C:\Program Files (x86)\CardRecovery\CardRecovery.exe 2016-10-14 14:39:34 1BA52CA5BD01FE0644E413529B294D17 708456 ----a-w- C:\Program Files (x86)\CardRecovery\unins000.exe 2016-10-14 14:38:10 10E6FADE881750E6961A8890E67B1789 848760 ----a-w- C:\Users\Esha\Downloads\cardrecovery_setup.exe === C: other files == 2016-10-19 15:10:34 C905F4A484A119EBE7B88EC901ADB731 94145 ----a-w- C:\Users\Esha\AppData\Local\HiSuite\log\Common_20161019_00.zip 2016-10-19 09:20:26 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-r- C:\Users\Esha\AppData\Local\Temp\_MEI39882\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2016-10-19 09:20:25 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-r- C:\Users\Esha\AppData\Local\Temp\_MEI39882\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2016-10-18 11:25:58 DB8C0DAD6AFB86366B763FE06A60067A 17522100 ----a-w- C:\Users\Esha\Downloads\testdisk-7.1-WIP.win.zip 2016-10-18 10:23:43 28B356BAB74470786867BF4DC261E17C 329944 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys 2016-10-18 10:23:42 28B356BAB74470786867BF4DC261E17C 329944 ----a-w- C:\Program Files (x86)\REALTEK\Realtek Card Reader\RtsUVStor.sys 2016-10-16 16:05:52 E1A03C4D7162DD2AAB843584E4C8EE26 18825 ----a-w- C:\Program Files (x86)\Medion MediaPack 3\Ashampoo Burning Studio\skins\wxpreview\anim_encoding.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2184741788-1571991834-3038178036-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\skype\phone\skype.exe /minimized /regrun" "uTorrent"="c:\users\esha\appdata\roaming\utorrent\utorrent.exe /minimized" "GoogleDriveSync"="c:\program files (x86)\google\drive\googledrivesync.exe /autostart" "AppLauncher"="c:\program files (x86)\medion mediapack 3\ashampoo applauncher (medion)\applauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wondershare Helper Compact.exe"="c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\skype\phone\skype.exe /minimized /regrun" "uTorrent"="c:\users\esha\appdata\roaming\utorrent\utorrent.exe /minimized" "GoogleDriveSync"="c:\program files (x86)\google\drive\googledrivesync.exe /autostart" "AppLauncher"="c:\program files (x86)\medion mediapack 3\ashampoo applauncher (medion)\applauncher.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtServer"="c:\program files (x86)\realtek\realtek bluetooth\btserver.exe" "CommonToolkitTray_Solvusoft"="c:\program files (x86)\solvusoft\tray\solvusofttray.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DriverToolkit Autorun.job --a-------- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-11-2015 12:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-11-2015 12:01] C:\Windows\tasks\Start WinZip Driver Updater for Erika@Esha(logon).job --a-------- C:\Program Files\WinZip Driver Updater\DriverUpdater.exe [28-09-2016 12:47] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1456328391" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Start WinZip Driver Updater for Erika@Esha(logon)" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe] "C:\Windows\SysNative\tasks\Start WinZip Driver Updater Schedule" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe] "C:\Windows\SysNative\tasks\Start WinZip Driver Updater Update" [C:\Program Files\WinZip Driver Updater\DriverUpdater.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{181494F0-C2AA-4162-ADDC-10D62AD09149}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Esha\AppData\Roaming\Mozilla\Firefox\Profiles\7ewxgb3v.default user_pref("browser.startup.homepage", "about:home|about:preferences"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [02-06-2016 22:33] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Slides - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Esha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi mydlink plugin - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb Google Drive App Launcher - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh FromDocToPDF - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk FilmFanatic - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niojcggonafbneajjmkpkcigabaobmge Chrome Web Store Payments - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm TelevisionFanatic - Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh ==== Chromium Fix ====================== C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.lyricsmania.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.lyricsmania.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.stlyrics.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.stlyrics.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_filmfanatic2.dl.myway.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_filmfanatic2.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_fromdoctopdf.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_televisionfanatic.dl.myway.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_televisionfanatic.dl.myway.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_huizen.trovit.be_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_huizen.trovit.be_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_adsomenoise.cdn01.rambla.be_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_adsomenoise.cdn01.rambla.be_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_filmfanatic2.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_filmfanatic2.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_superdeals.aliexpress.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_superdeals.aliexpress.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.twinkledeals.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.twinkledeals.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mallpejgeafdahhflmliiahjdpgbegpk deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niojcggonafbneajjmkpkcigabaobmge deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_niojcggonafbneajjmkpkcigabaobmge_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_niojcggonafbneajjmkpkcigabaobmge_0.localstorage-journal deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_ppgplhcfmaadpnkmnkhgadmaekeldbnh_0.localstorage deleted successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_ppgplhcfmaadpnkmnkhgadmaekeldbnh_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61F70108E2BCBA24BAD9C61145D0A5B8 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Driver Updater deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\61F70108E2BCBA24BAD9C61145D0A5B8 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 0.0.0.1 mssplus.mcafee.com O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe O4 - HKCU\..\Run: [Skype] "c:\program files (x86)\skype\phone\skype.exe" /minimized /regrun O4 - HKCU\..\Run: [uTorrent] "c:\users\esha\appdata\roaming\utorrent\utorrent.exe" /minimized O4 - HKCU\..\Run: [GoogleDriveSync] "c:\program files (x86)\google\drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [AppLauncher] c:\program files (x86)\medion mediapack 3\ashampoo applauncher (medion)\applauncher.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} (Camera Stream Client Control Object) - https://192.168.0.118/camclictrl.cab O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Service Installer TrueKey (InstallerService) - Unknown owner - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing) O23 - Service: Intel(R) Biometric and Context Agent Service (IntelBCAsvc) - Intel(R) Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe O23 - Service: Intel Security True Key Helper Service (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: WinZipSmartMonitorService - Unknown owner - C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Esha\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Esha\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Esha\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Esha\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Esha\AppData\Local\Mozilla\Firefox\Profiles\7ewxgb3v.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Esha\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Esha\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1775 folders=454 328029237 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Esha\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Esha\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Esha\AppData\Roaming\Solvusoft\Solvusoft Suite\Logs\Client.log.txt" not found "C:\Users\Esha\AppData\Roaming\Solvusoft\Tray\Logs\Tray.log.txt" not found "C:\Users\Esha\AppData\Roaming\Solvusoft" not found ==== EOF on do 20-10-2016 at 14:26:35,07 ======================