Zoek.exe v5.0.0.1 Updated 27-December-2015 Tool run by Glowing Starter on di 29-12-2015 at 12:41:23,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Glowing Starter\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 29-12-2015 12:43:34 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Glowing Starter\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Users\Glowing Starter\AppData\Roaming\EncryptStick deleted successfully C:\Users\Glowing Starter\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Glowing Starter\AppData\Local\EmieSiteList deleted successfully C:\Users\Glowing Starter\AppData\Local\EmieUserList deleted successfully C:\Users\Glowing Starter\AppData\Local\FSP deleted successfully C:\Users\Glowing Starter\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ==== Deleting Files \ Folders ====================== C:\Program Files\Redirector deleted C:\Users\Glowing Starter\AppData\Roaming\appdataFr3.bin deleted C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted C:\Users\Glowing Starter\AppData\Local\Unity deleted C:\Users\Glowing Starter\AppData\LocalLow\Unity deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GLOWIN~1\AppData\Local\Temp ==== 2015-12-27 15:17:14 FE83607D20BAABEE64077EB17312B882 16556320 ----a-w- C:\Users\Glowing Starter\AppData\Local\Temp\liteUpdater\SanDiskSecureAccessV3_win.exe 2015-12-27 15:17:13 C2A9B5B1A81DBF91F9AB83750EF41ED5 10279200 ----a-w- C:\Users\Glowing Starter\AppData\Local\Temp\liteUpdater\encryptstickliteupgrade.exe 2015-12-20 15:21:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-6edd401e.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2015-12-09 20:06:26 AFA8CCAFC4A0983B09AC386E643F8F81 117760 ----a-w- C:\Windows\System32\drivers\rmcast.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-27 21:37:54 -------- d-----w- C:\Program Files\Popcorn Time 2015-12-27 18:47:38 -------- d-----w- C:\Program Files\trend micro 2015-12-22 08:17:31 -------- d-----w- C:\Program Files\Common Files\Skype 2015-12-22 08:17:30 -------- d-----r- C:\Program Files\Skype ======= C: ===== ====== C:\Users\Glowing Starter\AppData\Roaming ====== 2015-12-27 21:39:09 -------- d-----w- C:\Users\Glowing Starter\AppData\Local\PopcornTimeDesktop 2015-12-27 15:14:41 -------- d-----w- C:\Users\Glowing Starter\AppData\Local\SanDiskSecureAccessV2_win 2015-12-26 20:06:57 -------- d-----w- C:\Users\Glowing Starter\AppData\Local\CEF 2015-12-11 21:30:03 -------- d-----w- C:\Users\Glowing Starter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C:\Users\Glowing Starter ====== 2015-12-27 21:35:42 353B074802CE1B8FDD661144EF191427 48359224 ----a-w- C:\Users\Glowing Starter\Downloads\PopcornTime-latest (1).exe 2015-12-27 21:21:35 353B074802CE1B8FDD661144EF191427 48359224 ----a-w- C:\Users\Glowing Starter\Downloads\PopcornTime-latest.exe 2015-12-27 19:03:21 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Glowing Starter\Downloads\RSIT (1).exe 2015-12-27 18:47:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Glowing Starter\Downloads\RSIT.exe 2015-12-22 08:17:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-12 16:00:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ====== C: exe-files == 2015-12-27 21:38:54 BD93D1A0E0A7A96BEA4585F17C9B3307 339968 ----a-w- C:\Program Files\Popcorn Time\Updater.exe 2015-12-27 21:38:06 9985A09C2AD157ACD295254E86B605FF 5790432 ----a-w- C:\Program Files\Popcorn Time\chromecast\node.exe 2015-12-27 21:37:55 410C7F9CDFAEAF4674DA4690B8BB4680 4546560 ----a-w- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe 2015-12-27 21:37:54 6AD94E1D77A60C26D0020FED92F317F9 1353741 ----a-w- C:\Program Files\Popcorn Time\unins000.exe 2015-12-27 21:35:42 353B074802CE1B8FDD661144EF191427 48359224 ----a-w- C:\Users\Glowing Starter\Downloads\PopcornTime-latest (1).exe 2015-12-27 21:21:35 353B074802CE1B8FDD661144EF191427 48359224 ----a-w- C:\Users\Glowing Starter\Downloads\PopcornTime-latest.exe 2015-12-27 19:03:21 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Glowing Starter\Downloads\RSIT (1).exe 2015-12-27 18:47:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Glowing Starter.exe 2015-12-27 18:47:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Glowing Starter\Downloads\RSIT.exe 2015-12-27 15:17:14 FE83607D20BAABEE64077EB17312B882 16556320 ----a-w- C:\Users\Glowing Starter\AppData\Local\Temp\liteUpdater\SanDiskSecureAccessV3_win.exe 2015-12-27 15:17:13 C2A9B5B1A81DBF91F9AB83750EF41ED5 10279200 ----a-w- C:\Users\Glowing Starter\AppData\Local\Temp\liteUpdater\encryptstickliteupgrade.exe 2015-12-23 00:13:38 D3D7687C5CF440E78589C5438B389AB1 508360 ----a-w- C:\Users\Glowing Starter\AppData\Local\Logos\Data\vqothcal.jzj\UpdateManager\Installers\2402\LogosSetup.exe 2015-12-23 00:13:34 58D88886A42AEB5D17E8B232C2697899 1497400 ----a-w- C:\Users\Glowing Starter\AppData\Local\Logos\Data\vqothcal.jzj\UpdateManager\Installers\2402\NDP46-KB3045560-Web.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== Soldiers D1 deleted Soldiers N deleted Soldiers W1 deleted Soldiers W2 deleted Soldiers WW1 deleted Soldiers WW2 deleted StormFall FM deleted StormFall TM deleted StormFall TW1 deleted StormFall TW2 deleted StormFall W1 deleted StormFall W2 deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-70928346-524487458-456366203-1000\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "f.lux"="C:\Users\Glowing Starter\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "Dropbox Update"="C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-70928346-524487458-456366203-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Glowing Starter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Glowing Starter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "fspuip"="C:\Program Files\FSP\fspuip.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "DeLay"="C:\Program Files\BisonCam\DeLay.exe" "BisonHK"="C:\Program Files\BisonCam\BisonHK.exe" "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "f.lux"="C:\Users\Glowing Starter\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "Dropbox Update"="C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Glowing Starter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Glowing Starter\AppData\Local\Microsoft\OneDrive\17.3.4604.0120" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norman ZANDA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norman ZANDA" "hkey"="HKLM" "command"="C:\\Norman\\Nvc\\BIN\\ZLH.EXE /LOAD /SPLASH" ==== Startup Folders ====================== 2010-06-13 12:57:52 1276 ----a-w- C:\Users\Glowing Starter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2015-07-13 13:44:34 1244 ----a-w- C:\Users\Glowing Starter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk 2010-06-01 12:53:53 835 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28-12-2015 23:17] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-70928346-524487458-456366203-1000Core.job --a------ C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [17-06-2015 18:29] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-70928346-524487458-456366203-1000UA.job --a------ C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [17-06-2015 18:29] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30-08-2015 22:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30-08-2015 22:20] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-70928346-524487458-456366203-1000Core" [C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-70928346-524487458-456366203-1000UA" [C:\Users\Glowing Starter\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~2 0-6 Months Old ====================== 2015-07-13 08:55:47 -------- d-----w- C:\PROGRA~2\regid.1991-06.com.microsoft 2015-07-13 09:03:42 -------- d-----w- C:\PROGRA~2\Microsoft OneDrive 2015-10-26 15:49:29 -------- d-----w- C:\PROGRA~2\Brother ==== Firefox Extensions ====================== ProfilePath: C:\Users\GLOWIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\b106xsnh.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\GLOWIN~1\AppData\Roaming\Thunderbird\Profiles\8o93blng.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Glowing Starter\AppData\Roaming\Mozilla\Firefox\Profiles\b106xsnh.default 2EB30FA328771AEF1DB534D29B5645C1 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat AC7A02A828C74F55AF678033495280AA - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Google Drive - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Docs Offline - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Google Wallet - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Glowing Starter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Glowing Starter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMZFZ0AR will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Glowing Starter\AppData\Local\Mozilla\Firefox\Profiles\b106xsnh.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Glowing Starter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=36 folders=19 34451508 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Glowing Starter\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GLOWIN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Glowing Starter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMZFZ0AR" not found ==== EOF on di 29-12-2015 at 13:15:44,37 ======================