Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Wouter on zo 25/12/2016 at 19:46:48,88. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wouter\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 25/12/2016 19:52:06 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\FreePDFReader deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\Program Files\Enigma Software Group deleted successfully C:\Users\Wouter\AppData\Roaming\PerformerSoft deleted successfully C:\Users\Wouter\AppData\Local\Adobe deleted successfully C:\Users\Wouter\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Wouter\AppData\Local\EmieSiteList deleted successfully C:\Users\Wouter\AppData\Local\EmieUserList deleted successfully C:\Users\Wouter\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2610777763-104077107-2974326002-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully HKEY_USERS\S-1-5-21-2610777763-104077107-2974326002-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B75FDE9-A250-DF68-EAAA-A78DDC1F49AC} deleted successfully HKEY_USERS\S-1-5-21-2610777763-104077107-2974326002-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Users\Wouter\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\O2FLASH deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\O2FLASH deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XAudioService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\XAudioService deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\FreePDFReader not found C:\PROGRA~2\predm not found C:\PROGRA~2\TomTom DesktopSuite not found C:\PROGRA~2\Total Uninstaller deleted C:\PROGRA~3\Package Cache deleted C:\Users\Wouter\AppData\LocalLow\Softonic deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\SysWow64\AI_RecycleBin deleted ==== System Specs ====================== Windows: Windows 7 Enterprise Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4091 MB CPU Info: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz CPU Speed: 2592,0 MHz Sound Card: Speakers (High Definition Audio | Digital Audio (S/PDIF) (High De | Display Adapters: ATI Mobility Radeon HD 3650 | ATI Mobility Radeon HD 3650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Marvell Yukon 88E8040T PCI-E Fast Ethernet Controller | Intel(R) WiFi Link 5100 AGN CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GSA-T50N Ports: COM3 | COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 | COM40 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 298,0GB | E: 149,4GB | G: 1,5GB | H: 147,2GB Hard Disks - Free: C: 115,0GB | E: 149,3GB | G: 1,4GB | H: 88,4GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 11/28/08 | TOSQCI - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA Satellite P300 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 54.0.2840.71 Internet Explorer Version: 11.0.9600.18376 Google Chrome version: 54.0.2840.71 Sun Java version: 1.8.0_111 (32-bit) Sun Java version: 1.8.0_111 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Wouter\AppData\Local\Temp ==== 2016-12-24 20:25:46 F4DD84D498464C6041A404CB6A017CDB 753664 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-855fc707.exe 2016-12-24 16:49:07 8A993F7058D75B7782D51D5B54A384F1 90112 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-d1dcfaf9.exe 2016-12-24 06:52:05 188634430993F26521F976ADE51C31A8 1458176 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-91580e1.exe 2016-12-23 19:44:51 8C7F55E12CC46D6E7F6190D118A4702D 720896 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-5d3e7399.exe 2016-12-23 16:03:35 9101D46A4BCB4D890B58DB7D02284636 294912 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-bd41f95a.exe 2016-12-23 06:30:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-497f580.exe 2016-12-21 20:23:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-18648e7f.exe 2016-12-21 18:26:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-8df8cb23.exe 2016-12-21 17:41:31 DD947291D3A6C20FD631BCC7C4ADBBB2 237568 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-f1f4fc2e.exe 2016-12-21 13:43:34 28964F981AFC7336DE8AFD3575D4B15E 1179648 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-9681902b.exe 2016-12-19 16:30:57 7F90C98662423377E2257F2B83718CC6 499712 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-39de25a7.exe 2016-12-18 19:27:35 0BBE2DDD93244ADBAEAD39CBDBA73180 4833280 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-5391c145.exe 2016-12-17 21:43:45 4DC0858F37744282331BBE9E835389B2 606208 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-7b8571e8.exe 2016-12-17 20:15:58 C2A49CF87EAEEDD510A48CD9E4B89C14 1482752 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-9126275b.exe 2016-12-16 16:10:24 5BF5036908C765E460363E99ACC39368 1949696 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-d5b2abcc.exe 2016-12-15 20:05:13 688A117ACD81CF33CF64AA79D18A2988 516096 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-b36be51d.exe 2016-12-15 19:36:28 3088C3AC13C9CC2446F2EE2A3D2CEB08 1089536 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-bc898b4b.exe 2016-12-15 06:28:53 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-970ce0c7.exe 2016-12-14 20:32:16 D06600B298B5E2D960CC44F79740E13B 966656 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-777307a9.exe 2016-12-14 13:08:42 70D2EDB818E63B5831526DD54BB199B9 3391488 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-14c3b02.exe 2016-12-14 11:53:37 715C98AA5955E7E07FB99D87F522E73A 200192 ------w- C:\Users\Wouter\AppData\Local\Temp\jna\jna2958895457403106373.dll 2016-12-13 20:01:04 5EDEE52666B43AC9BE0C6F9BE7CB3837 876544 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-b8ede43a.exe 2016-12-13 13:42:43 C0F3E3D32D89FD24DEBB0F19119AEBC2 204800 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-1ccc0aa6.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-12-05 18:28:01 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-12-05 18:27:18 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2016-12-05 18:27:18 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2016-12-05 18:27:18 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2016-11-29 19:38:51 9E4F6C131443AD9B3F447B69EA09A229 3032 ----a-w- C:\Windows\Sysnative\Tasks\{F3A7F863-2307-494F-A610-B55D651E06C5} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-12-22 17:48:37 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-11-29 19:42:00 -------- d--h--w- C:\PROGRA~2\InstallShield Installation Information ======= C: ===== ====== C:\Users\Wouter\AppData\Roaming ====== ====== C:\Users\Wouter ====== 2016-12-25 18:41:00 6401CEADA81BDD42CC8FA60A02DC2BC0 737344 ----a-w- C:\Users\Wouter\Downloads\chromeinstall-8u111.exe 2016-12-22 17:48:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Wouter\Downloads\RSITx64.exe 2016-11-29 20:15:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade 2016-11-29 19:42:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters ====== C: exe-files == 2016-12-25 18:42:37 ED141A08605AF568747C8F418170FC06 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\unpack200.exe 2016-12-25 18:42:37 6DDA1D127FD0C4B8F93307E6D52B1ABD 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\tnameserv.exe 2016-12-25 18:42:37 5F2D0025CB3C078E0AAB83E1430827C6 52800 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssvagent.exe 2016-12-25 18:42:37 490D67C45EE587B06833ADA0811F241B 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\servertool.exe 2016-12-25 18:42:36 F38FB008B3816D9585F10A7D2CC22DF1 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\orbd.exe 2016-12-25 18:42:36 EBF20DDA7DDA14BBD1F6F2F1B37BC113 83008 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2launcher.exe 2016-12-25 18:42:36 B8EDC4631E2B5D7AE9E626690F6506FF 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\rmid.exe 2016-12-25 18:42:36 A1AD424B821EB9878B985AB43253DCA0 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\keytool.exe 2016-12-25 18:42:36 8448994199BEE00F4C40A561AE77672F 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\kinit.exe 2016-12-25 18:42:36 65E94EC48AE31838C8F6F2F4FC59AB44 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\pack200.exe 2016-12-25 18:42:36 487C48AA28B0DC99A387F31E7764ABFB 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jjs.exe 2016-12-25 18:42:36 3FAF0C9A1D59F5D196C0578839A00EFE 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\policytool.exe 2016-12-25 18:42:36 391D35229BF096E04FEE6F8520DC3B21 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\klist.exe 2016-12-25 18:42:36 1D623A885163D6BA50175987B4BB9450 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\rmiregistry.exe 2016-12-25 18:42:36 09C754EFAEE0DA93817D5DC0A5FFE8B4 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\ktab.exe 2016-12-25 18:42:35 C2B897032A8604E1827B0CD07EBB3306 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\java-rmi.exe 2016-12-25 18:42:35 C07D4839606118BBF7C5153FF171301C 70208 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe 2016-12-25 18:42:35 A90E29C3839ED2141F80670A3DB32F69 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaw.exe 2016-12-25 18:42:35 5A92988B4DEC8EAFE62F7D2DBE8AB620 269888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\javaws.exe 2016-12-25 18:42:35 1B7F15EA9DA5322698988698C7D58959 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe 2016-12-25 18:42:35 1598CF2FAD014E95975560929F578E05 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\bin\jabswitch.exe 2016-12-25 18:41:00 6401CEADA81BDD42CC8FA60A02DC2BC0 737344 ----a-w- C:\Users\Wouter\Downloads\chromeinstall-8u111.exe 2016-12-24 20:25:46 F4DD84D498464C6041A404CB6A017CDB 753664 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-855fc707.exe 2016-12-24 16:49:07 8A993F7058D75B7782D51D5B54A384F1 90112 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-d1dcfaf9.exe 2016-12-24 06:52:05 188634430993F26521F976ADE51C31A8 1458176 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-91580e1.exe 2016-12-23 19:44:51 8C7F55E12CC46D6E7F6190D118A4702D 720896 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-5d3e7399.exe 2016-12-23 16:03:35 9101D46A4BCB4D890B58DB7D02284636 294912 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-bd41f95a.exe 2016-12-23 06:30:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-497f580.exe 2016-12-22 17:48:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Wouter.exe 2016-12-22 17:48:08 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Wouter\Downloads\RSITx64.exe 2016-12-21 20:23:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-18648e7f.exe 2016-12-21 18:26:13 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-8df8cb23.exe 2016-12-21 17:41:31 DD947291D3A6C20FD631BCC7C4ADBBB2 237568 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-f1f4fc2e.exe 2016-12-21 13:43:34 28964F981AFC7336DE8AFD3575D4B15E 1179648 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-9681902b.exe 2016-12-19 16:30:57 7F90C98662423377E2257F2B83718CC6 499712 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-39de25a7.exe 2016-12-18 19:27:35 0BBE2DDD93244ADBAEAD39CBDBA73180 4833280 ----a-w- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-5391c145.exe === C: other files == 2016-12-25 18:42:38 467720B73E839ED66826EAF59C9A59E7 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_111\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2610777763-104077107-2974326002-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Wouter\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn GUI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn GUI" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn\\x64\\LogMeInSystray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpybotPostWindows10UpgradeReInstall" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\AV\\Spybot - Search and Destroy\\Test.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] ==== Startup Folders ====================== 2016-11-07 08:16:31 956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:03] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:03] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8E05FDA0-9362-4B2E-A7E4-815B326E8F8A}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wouter\AppData\Roaming\TomTom\HOME\Profiles\w0rk5cy2.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions poimdfnhgefmnkeefbjibbiemlimdnof - No path found[] Chrome Web Store Payments - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - Wouter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyrics.cat_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyrics.cat_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.songlyrics.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.songlyrics.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_windows-defender.nl.softonic.com_0.localstorage deleted successfully C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_windows-defender.nl.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKCU\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} - No_Url_Value HKCU\SearchScopes\{42B87CD3-B1F9-4B73-8308-6CC088A705A8} - No_Url_Value HKCU\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} - No_Url_Value ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wouter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Wouter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=45 folders=81 15153782 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\LogMeInRemoteUser\AppData\Local\Temp emptied successfully C:\Users\Wouter\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wouter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-18-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on zo 25/12/2016 at 20:22:30,22 ======================