Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Jef on do 05/01/2017 at 11:38:59,33. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jef\Pictures\Xzoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2017-01-03-125507.log 95456 bytes C:\zoek-results2017-01-05-103434.log 49149 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 4.21 Adobe Flash Player 24 ActiveX Agatha Christie - Peril at End House AMD APP SDK Runtime Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support ATI Catalyst Install Manager AuthenTec TrueAPI Bejeweled 3 Blackhawk Striker 2 Blasterball 3 Bonjour Bounce Symphony Cake Mania Catalyst Control Center - Branding Catalyst Control Center Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chronicles of Albian Chuzzle Deluxe Contr“le ActiveX Windows Live Mesh pour connexions … distance Cradle of Rome 2 D3DX10 Definition Update for Microsoft Office 2010 (KB3054883) 64-Bit Edition DHTML Editing Component Farm Frenzy FATE File Scavenger 5.2 (nl) Final Drive: Nitro Galerie de photos Windows Live Google Chrome Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.2.3 HL-2250DN HP Auto HP Client Services HP Customer Experience Enhancements HP Games HP LinkUp HP Odometer HP Setup HP Setup Manager HP SimplePass PE 2011 HP Support Assistant HP Support Information HP Support Solutions Framework HP Update HP Vision Hardware Diagnostics HydraVision Intel(R) Identity Protection Technology 1.1.2.0 Intel(R) Management Engine Components Java 8 Update 31 Java Auto Updater Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update Magic Desktop Mah Jong Medley Mesh Runtime Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Mathematics Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 32-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD More Games from HP Games MSVCRT MSVCRT_amd64 Musicnotes Software Suite 1.7.2 Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN NWZ-E380 WALKMAN Guide PDF Complete Special Edition Penguins Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Poker Superstars III Polar Bowler Polar Golfer Ralink 802.11n Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Recuva Remote Graphics Receiver Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft Excel 2010 (KB3054845) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2863817) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3054834) 64-Bit Edition Security Update for Microsoft Office 2010 (KB3054848) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB3054835) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition Security Update for Microsoft Word 2010 (KB3054842) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition Slingo Supreme Speccy Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Update for Microsoft Access 2010 (KB2837601) 64-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition Update for Microsoft Office 2010 (KB2965291) 64-Bit Edition Update for Microsoft Office 2010 (KB2965296) 64-Bit Edition Update for Microsoft Office 2010 (KB2965301) 64-Bit Edition Update for Microsoft Office 2010 (KB3054875) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2965297) 64-Bit Edition Update for Microsoft Outlook 2010 (KB3054881) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553308) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition Update for Microsoft Visio 2010 (KB2965292) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands VIP Access SDK (1.0.1.4) Virtual Tour Expo 58 NL Virtual Villagers 5 - New Believers Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.1 Zuma Deluxe ==== Running Processes ====================== C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Users\Jef\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Program Files (x86)\vulpeculox\AX\AX.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Jef\Pictures\Xzoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4077 MB CPU Info: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz CPU Speed: 2964.6 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: AMD RADEON HD 6450 | AMD RADEON HD 6450 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVD-RAM GH80N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 916.7GB | D: 14.8GB Hard Disks - Free: C: 843.2GB | D: 1.2GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | 10/21/11 | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Foxconn 2ABF Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 43.0.2357.134 Internet Explorer Version: 11.0.9600.17843 Google Chrome version: 43.0.2357.134 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Jef\AppData\Local\Temp ==== 2017-01-05 10:44:59 B457D2C9B9EA71C4AD47388E02278E43 141312 ----a-w- C:\Users\Jef\AppData\Local\Temp\Crc32C.NET-1.0.5.0\crc32c64.dll 2017-01-05 10:44:59 5F6B1906760AFAD625E139C2F8449D6A 270336 ----a-w- C:\Users\Jef\AppData\Local\Temp\Snappy.NET-1.1.1.8\snappy64.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2016-12-08 20:34:51 3BAE9DC87982E64599788D2DA6668AF2 324 ----a-w- C:\Windows\Tasks\HPCeeScheduleForJef.job 2016-12-08 20:34:51 324723442B362BD8812FCD0C57F30DE8 3174 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForJef ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-12-31 15:22:18 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2016-12-11 23:11:35 -------- d-----w- C:\PROGRA~2\EasyBits For Kids ======= C: ===== ====== C:\Users\Jef\AppData\Roaming ====== 2017-01-05 10:33:28 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2017-01-05 10:33:28 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2017-01-05 10:33:28 -------- d-----w- C:\Users\Jef\AppData\Local\Temp 2017-01-05 10:33:28 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2017-01-05 10:33:28 -------- d-----w- C:\Users\Default User\AppData\Local\Temp ====== C:\Users\Jef ====== 2017-01-04 09:34:10 77388F14CF6F3E9B1739E8F53B34B3CF 3977168 ----a-w- C:\Users\Jef\Downloads\AdwCleaner.exe 2017-01-02 19:22:17 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jef\Pictures\DroskeRSITx64.exe 2016-12-31 15:22:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy ====== C: exe-files == 2017-01-04 09:41:33 99A5EC46ACF979644E9A6568392E4FE1 2089472 ----a-w- C:\AdwCleaner\quarantine\files\gtvjfzhoztzldthyirislbqzmqlibbps\set.exe 2017-01-04 09:34:10 77388F14CF6F3E9B1739E8F53B34B3CF 3977168 ----a-w- C:\Documents and Settings\Jef\Downloads\AdwCleaner.exe 2017-01-02 19:22:17 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Documents and Settings\Jef\Pictures\DroskeRSITx64.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 CA93C49AEE4069C7BEC0F488A7AD6450 150048 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{541EE798-5471-70CC-421F-ECC5A4903397}-HPSAObjUtil8.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe 2016-12-29 22:00:10 B5AB82D6DC995A51E9222D0E35E8AFA6 41320 ----a-w- C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F5643CB8-831C-947F-833A-B8BCD27F2C9E}-Detect_SpectrePreEOL.exe === C: other files == 2017-01-04 09:41:15 396DF671AE889BD422535C2FA76C49CB 5442 ----a-w- C:\AdwCleaner\quarantine\files\wsnajqtopjyxqskypdfwmhfepcmgdmzh\Extensions\lihnbgdcmmjekicadchelngbopabgpbn.crx ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3538665699-716225954-3718293510-1001\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "BingSvc"="C:\Users\Jef\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "Easybits Recovery"="C:\Program Files (x86)\Easybits For Kids\ezRecover.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "BingSvc"="C:\Users\Jef\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" ==== Startup Folders ====================== 2013-10-06 11:10:14 1106 ----a-w- C:\Users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk 2015-09-21 15:49:41 1072 ----a-w- C:\Users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/12/2016 22:06] C:\Windows\tasks\HPCeeScheduleForJef.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe [] C:\Windows\tasks\{1161F58D-E3E4-278D-AAA6-0A2722C32598}.job --a------ C:\Users\Jef\AppData\Roaming\1161F1\SyncTask.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForJef" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3490FE78-24AF-4068-8AD7-9636467DEAD0}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1161F58D-E3E4-278D-AAA6-0A2722C32598}" [C:\Users\Jef\AppData\Roaming\{1161F~1\SyncTask.exe] "C:\Windows\SysNative\tasks\{3A08F9D0-0CB6-4720-BAF7-023A3504BEE6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.111.396/nl/abandoninstall?page=tsOptions&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\{44D0136F-5D45-04BD-AE25-B501328DFF31}" [C:\Windows\system32\regsvr32.exe] "C:\Windows\SysNative\tasks\{8F019D86-10C6-46FD-961C-07FC7956453B}" [C:\Program Files (x86)\iTunes\iTunes.exe] "C:\Windows\SysNative\tasks\{96173316-4A47-47D6-B771-91331E07E264}" [C:\Program Files (x86)\iTunes\iTunes.exe] "C:\Windows\SysNative\tasks\{C0E25795-49F7-4003-BA10-EC2DD5AAEB16}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{C7FE3587-C69B-4696-993E-3C81B09F14D8}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{CE49D6AB-A7BE-4A7C-B6C9-176DC46D6C98}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{DAC7358E-1B82-42DA-8DAA-EF3535E882F0}" [C:\Program Files (x86)\iTunes\iTunes.exe] "C:\Windows\SysNative\tasks\{F875F7A2-2141-4FDF-BCED-E365856FD89A}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.111.396/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Product Configurator" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.134 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jpgfhihjicjofdejkbjgnjlaglaciobe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[03/06/2011 12:55] Search Web Know - Jef\AppData\Local\Google\Chrome\User Data\Default\Extensions\homjgaaogabmlnkipbmbpbjnhikddkhj Innovate Direct - Jef\AppData\Local\Google\Chrome\User Data\Default\Extensions\lihnbgdcmmjekicadchelngbopabgpbn ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://goggle.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://goggle.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{1A95AFB2-2514-4835-9855-4F0BB2B96ADE} - http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/1553-111073-34115-7?mpre=http://shop.ebay.com/?_nkw={searchTerms} HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== shortcuts on Users Desktops ====================== C:\Users\Jef\Desktop\AdwCleaner.exe - Snelkoppeling.lnk - C:\Users\Jef\Downloads\AdwCleaner.exe C:\Users\Jef\Desktop\BBW - Snelkoppeling.lnk - C:\My Music\BBW.EXE C:\Users\Jef\Desktop\Dit zijn de volgende Single song avonden.docx - Snelkoppeling.lnk - C:\Users\Jef\Documents\Dit zijn de volgende Single song avonden.docx C:\Users\Jef\Desktop\JAZZICS - Dirk Schreurs & Walter Baeken[1] - Snelkoppeling.lnk - G:\jazzbooks\JAZZICS - Dirk Schreurs & Walter Baeken[1].pdf C:\Users\Jef\Desktop\Xzoek.exe - Snelkoppeling.lnk - C:\Users\Jef\Pictures\Xzoek.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Brother Creative Center.lnk - C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /p 2 C:\Users\Public\Desktop\Internetbrowser selecteren.lnk - C:\Windows\System32\browserchoice.exe /launch C:\Users\Public\Desktop\Magic Desktop.lnk - C:\Program Files (x86)\EasyBits For Kids\ezMDLauncher.exe C:\Users\Public\Desktop\NWZ-E380 WALKMAN Guide.lnk - C:\Program Files (x86)\Sony\WALKMAN Guide\NWZ-E380\WALKMANGuide.exe C:\Users\Public\Desktop\Skype.lnk - C:\Program Files (x86)\Online Services\Skype\SkypeLauncher.exe C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Jef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk - C:\Program Files (x86)\EasyBits For Kids\ezMDLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare Data Recovery.lnk - C:\Program Files (x86)\Wondershare\DataRecovery\WSDataRecovery.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1" C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BBW - Snelkoppeling.lnk - C:\My Music\BBW.EXE C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Jef\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\Easybits For Kids\ezRecover.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [BingSvc] C:\Users\Jef\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: AX.lnk = C:\Program Files (x86)\vulpeculox\AX\AX.exe O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.cbc.be O15 - Trusted Zone: *.isabel.be O15 - Trusted Zone: *.isabel.eu O15 - Trusted Zone: *.myisabel.be O15 - Trusted Zone: *.myisabel.eu O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.143.176 82.163.142.178 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jef\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jef\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Jef\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=484 folders=175 291876089 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jef\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jef\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 05/01/2017 at 12:00:56,05 ======================