Zoek.exe v5.0.0.0 Updated 06-August-2014 Tool run by Daan on do 14/08/2014 at 14:35:51,66. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Daan\Desktop\zoek.exe Script used: C:\Users\Daan\Desktop\zoekscript (1).txt ==== Older Logs ====================== C:\zoek-results2014-08-13-101251.log 42281 bytes C:\zoek-results2014-08-14-101203.log 16521 bytes C:\zoek-results2014-08-14-103206.log 16398 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Exports ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions] "mscoree.dll"=dword:00000001 "mscorwks.dll"=dword:00000001 "mso.dll"=dword:00000001 "msjava.dll"=dword:00000001 "msci_uno.dll"=dword:00000001 "jvm.dll"=dword:00000001 "jvm_g.dll"=dword:00000001 "javai.dll"=dword:00000001 "vb40032.dll"=dword:00000001 "vbe6.dll"=dword:00000001 "ums.dll"=dword:00000001 "main123w.dll"=dword:00000001 "udtapi.dll"=dword:00000001 "mscorsvr.dll"=dword:00000001 "eMigrationmmc.dll"=dword:00000001 "eProcedureMMC.dll"=dword:00000001 "eQueryMMC.dll"=dword:00000001 "EncryptPatchVer.dll"=dword:00000001 "Cleanup.dll"=dword:00000001 "divx.dll"=dword:00000001 "divxdec.ax"=dword:00000001 "fullsoft.dll"=dword:00000001 "NSWSTE.dll"=dword:00000001 "ASSTE.dll"=dword:00000001 "NPMLIC.dll"=dword:00000001 "PMSTE.dll"=dword:00000001 "AVSTE.dll"=dword:00000001 "NAVOPTRF.dll"=dword:00000001 "DRMINST.dll"=dword:00000001 "TFDTCTT8.dll"=dword:00000001 "DJSMAR00.dll"=dword:00000001 "xlmlEN.dll"=dword:00000001 "ISSTE.dll"=dword:00000001 "symlcnet.dll"=dword:00000001 "ppw32hlp.dll"=dword:00000001 "Apitrap.dll"=dword:00000001 "Vegas60k.dll"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_145_ActiveX.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_145_ActiveX.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe] "DisableExceptionChainValidation"=dword:00000000 "DisableUserModeCallbackFilter"=dword:00000001 "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe] "CWDIllegalInDllSearch"=dword:ffffffff [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe] "CWDIllegalInDllSearch"=dword:ffffffff ==== Registry Exports x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions] "mscoree.dll"=dword:00000001 "mscorwks.dll"=dword:00000001 "mso.dll"=dword:00000001 "msjava.dll"=dword:00000001 "msci_uno.dll"=dword:00000001 "jvm.dll"=dword:00000001 "jvm_g.dll"=dword:00000001 "javai.dll"=dword:00000001 "vb40032.dll"=dword:00000001 "vbe6.dll"=dword:00000001 "ums.dll"=dword:00000001 "main123w.dll"=dword:00000001 "udtapi.dll"=dword:00000001 "mscorsvr.dll"=dword:00000001 "eMigrationmmc.dll"=dword:00000001 "eProcedureMMC.dll"=dword:00000001 "eQueryMMC.dll"=dword:00000001 "EncryptPatchVer.dll"=dword:00000001 "Cleanup.dll"=dword:00000001 "divx.dll"=dword:00000001 "divxdec.ax"=dword:00000001 "fullsoft.dll"=dword:00000001 "NSWSTE.dll"=dword:00000001 "ASSTE.dll"=dword:00000001 "NPMLIC.dll"=dword:00000001 "PMSTE.dll"=dword:00000001 "AVSTE.dll"=dword:00000001 "NAVOPTRF.dll"=dword:00000001 "DRMINST.dll"=dword:00000001 "TFDTCTT8.dll"=dword:00000001 "DJSMAR00.dll"=dword:00000001 "xlmlEN.dll"=dword:00000001 "ISSTE.dll"=dword:00000001 "symlcnet.dll"=dword:00000001 "ppw32hlp.dll"=dword:00000001 "Apitrap.dll"=dword:00000001 "Vegas60k.dll"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_145_ActiveX.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_145_ActiveX.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe] "DisableExceptionChainValidation"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe] "DisableExceptionChainValidation"=dword:00000000 "DisableUserModeCallbackFilter"=dword:00000001 "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MovieMaker.exe] "CWDIllegalInDllSearch"=dword:ffffffff [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe] "MitigationOptions"=hex(b):00,01,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLXAlbumDownloadWizard.exe] "CWDIllegalInDllSearch"=dword:ffffffff ==== Firefox Extensions ====================== ProfilePath: C:\Users\Daan\AppData\Roaming\TomTom\HOME\Profiles\fzijek1q.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chrome Look ====================== ==== Chromium Startpages ====================== C:\Users\Daan\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/" ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Daan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Daan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Daan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1183 folders=142 182706684 bytes) ==== Empty Temp Folders ====================== C:\Users\Daan\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Daan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 14/08/2014 at 14:48:07,44 ======================