Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Dejonckheere on za 08/10/2016 at 16:49:26,05. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dejonckheere\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-07-04-090437.log 151363 bytes C:\zoek-results2015-07-04-094910.log 212785 bytes C:\zoek-results2015-07-05-103859.log 28441 bytes C:\zoek-results2015-07-09-205821.log 40018 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\IVTCopyMonitor {F40807E9-BFD1-44F6-AEB0-27E063BD14CA} C:\Windows\system32\BsShell.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Monitor {7842554E-6BED-11D2-8CDB-B05550C10000} C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 2009-10-05 22:38:45 d-----w- \Windows 2015-07-11 12:17:35 65 ----a-w- 5065F064921F0B90B43F21D15F7488CA \windows\0 2009-11-14 00:15:46 1658880 ----a-w- 4D9BA36CA3BBE49E5B7DA801B6B3A1BC \windows\Acer Crystal Eye webcam.EXE 2007-04-20 14:30:00 222382 ----a-w- 6E46242BCB8EBBD8B5D119266D73A9D3 \windows\Acer Crystal Eye webcam.ico 2010-02-21 06:47:30 11802 ----a-w- 0559E40EE80E086050F92D8E7316A295 \windows\AddLang_Done.tag 2009-09-14 18:57:56 30720 ----a-w- 420349CA1AD96A04B44D75E93D72725D \windows\agrdel64.exe 2009-06-09 21:28:36 64000 ----a-w- B68B8A53D9A149B24157967AA2D99F82 \windows\agrsmdel.exe 2015-12-11 08:57:04 1920624 ----a-w- 5C5F66B72868C46D9DC872AF5B2233B0 \windows\ampa.exe 2016-03-16 21:43:19 374 ----a-w- D617530BE65C1905FCADA9F5E8ED4D1F \windows\ampa.ini 2012-03-05 22:15:04 38159 ----a-w- 4D3066D6A96A1C3F4B5EC6C9536E4301 \windows\atiogl.xml 2010-02-21 07:02:09 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E \windows\ativpsrm.bin 2010-11-20 13:24:27 71168 ----a-w- 317CD1CE327B6520BF4EE007BCD39E61 \windows\bfsvc.exe 2016-03-16 19:07:52 67584 --s-a-w- 0417F89EEE195FDC1C59EF005E465B2D \windows\bootstat2.dat 2016-05-06 09:45:26 84 ----a-w- 08547233859D7598990EE275A4BB8AFC \windows\brdfxspd.dat 2016-05-06 09:35:17 66 ----a-w- 7D6E128FDC85D9EC2130ECAEC7FB7C76 \windows\Brfaxrx.ini 2016-05-06 09:36:16 2944 ----a-w- 5F607CF5B7B82D2D7FC1635CD6ECEC84 \windows\BRPARAM.INI 2016-05-06 09:36:15 130 ----a-w- BA6CD8287FC0205AEBEF0AAAC5E1DAD7 \windows\brpcfx.ini 2016-06-05 11:21:36 1073 ----a-w- F21BF71B671B8CEE32A37EEFF85DA0AD \windows\Brpfx04a.ini 2014-08-18 18:12:36 27 ----a-w- 75EA639395DD07D90ED78458C7916744 \windows\BRPP2KA.INI 2015-03-17 20:38:44 450 ----a-w- 4F58EDD047579D0BFEC212531863DE54 \windows\BRWMARK.INI 2007-04-11 10:11:20 511328 ----a-w- 9130CCE19B5DB3D2E31F9F789263FC4A \windows\capicom.dll 2009-10-20 14:49:51 333088 ----a-w- F145B8E5D2293C337D595521CA1D0132 \windows\Capsule.dll 2010-01-28 02:13:50 12 ----a-w- 0B937E6CF8F48619D4D7FAAC41E046A0 \windows\CSUP.txt 2012-02-05 11:36:07 219 ----a-w- 03BE44AC72727D13EF2DEE88B0B78FA2 \windows\DC_Manager.ini 2012-03-07 20:51:34 88 ----a-w- FE086EBBC0ACA4DA029F31F03E8C7FED \windows\DoubleCADManager.INI 2009-11-05 00:48:55 37 ----a-w- 51A3A8A49896756F42EBAF5C544615F2 \windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI 2011-02-25 06:19:30 2871808 ----a-w- 332FEAB1435662FC6C672E25BEB37BE3 \windows\explorer.exe 2015-03-30 20:12:07 36 ----a-w- 411D199D23C5C62897DE61746756909C \windows\ExtRefManager.INI 2010-04-08 07:48:08 213 ----a-w- 71394A9905FE47FA08FE06546A802997 \windows\Factory.xml 2009-07-14 01:39:10 15360 ----a-w- 92BB2E9AA28542C685C59EFCBAC2490B \windows\fveupdate.exe 2009-11-05 00:48:55 98 ----a-w- 5C8D3C9886E7FFB724C7AF2CFBDB6DAE \windows\GridV.UNI 2009-04-11 03:41:16 309768 ----a-w- 6B76CF93D9B98AB52465D85AB6007753 \windows\GVUni.exe 2009-07-14 01:39:12 733696 ----a-w- CD47548A52B02D254BF6D7F7A5F2BFD3 \windows\HelpPane.exe 2009-07-14 01:39:12 16896 ----a-w- 3D0B9EA79BF1F828324447D84AA9DCE2 \windows\hh.exe 2009-06-10 20:30:54 48223 ----a-w- 0D776C3A36F2B6E657939BB96096E070 \windows\HomeBasic.xml 2009-06-10 20:30:55 48265 ----a-w- 1AEB4967A760D6EC21A3270F1B004AC1 \windows\HomePremium.xml 2008-12-30 21:42:26 626688 ----a-w- B0AD95433FBEBE095BE12EEA3F8F3641 \windows\Image.dll 1998-10-29 13:45:06 306688 ----a-w- 515E4684008E955DE0C81E6A7AEA1C2A \windows\IsUninst.exe 2009-10-09 02:20:57 715552 ----a-w- 51B0B63AB7C010863B1E720DA88189DB \windows\LaunApp.exe 2015-12-20 09:49:41 1940 ----a-w- 004BEFCC22A1A15B95555E85D4AC9419 \windows\LkmdfCoInst.log 2010-02-21 07:07:17 89 ----a-w- D9DBB705371EA2800FFA796C709DEF53 \windows\LManager.UNI 2009-07-13 23:06:54 43131 ----a-w- 23AF90D2355D8C83AA4567EF1763B467 \windows\mib.bin 2009-10-06 02:15:34 2476 ----a-w- A1AF846CCDA467F7FBC5078E2CCF462E \windows\MOD01SET74EN0N0006.enc 2009-10-06 20:58:47 2476 ----a-w- 31AAD56CC5D4D5346999662BDE696AC2 \windows\MOD01SET74FR0N0003.enc 2009-10-06 21:00:50 2476 ----a-w- 74D9628FF9A29FA8ED0C6271B8D15EA3 \windows\MOD01SET74NL0N0003.enc 2010-04-08 07:33:55 925 ----a-w- AA7714F754DF8CD5C50C031BC718B8D3 \windows\MOD01SET74NL0N0003.XML 2009-07-26 18:21:44 2048 ----a-r- E221435AB4B92950CB155A8CB42FF7D8 \windows\MOD01SET75000N0006.enc 2014-07-10 16:36:56 335 ----a-w- C76C4569D2EE1DAA7F5EEFC9FA2C454D \windows\mozregistry.dat 2010-08-26 21:59:51 4 ----a-w- 359BD9238792D37A2E82CA3C45AAAF79 \windows\msandpl.bi_ 2009-06-10 20:36:48 1405 ----a-w- B9FB94A8DA62711C6955825DEFB25C5A \windows\msdfmap.ini 2009-09-18 01:02:55 741 ----a-w- 2852D5DC4DF9BF5390976C9890076DE1 \windows\NewDeployWinRE.cmd 2009-07-14 01:39:25 193536 ----a-w- F2C7BB8ACC97F92E987A2D4087D021B1 \windows\notepad.exe 2014-07-10 16:36:56 473 ----a-w- 8CC70EB9BC2021EBE801A202E4D273D2 \windows\nsreg.dat 2015-06-27 18:33:36 512652 ----a-w- AF6EFE4A974AF939472858A122659D97 \windows\ntbtlog.txt 2013-08-30 19:30:56 783 ----a-w- 83074839302CF6170881771B7899910E \windows\NTIWVEDT.INI 2009-10-27 18:46:42 342560 ----a-w- 6222D069102D98086CFEB9876E4F980F \windows\ParseModule_X64.exe 2009-10-27 18:46:44 231968 ----a-w- A577F28CA591DFB728AA3970EF59B8F6 \windows\ParseModule_X86.exe 2009-10-09 02:00:38 176416 ----a-w- 3CF7AA57469EEB4A2B8E8532461F5BCB \windows\PatchFul.exe 2016-10-03 17:55:16 71304 ----a-w- F6EE5863790B132D5023F6050A89AEDD \windows\PFRO.log 2009-05-12 01:39:16 323 ----a-w- 4358CA7B1E88994E2DF97F8DBB316A6D \windows\PidList.ini 2009-10-23 09:52:58 292640 ----a-w- 94A7E53C86209433EBF01796AB066DB2 \windows\PLaunch.exe 2009-11-20 23:34:08 200704 ----a-w- FBFA45B2D8ABB107C79E0CA0F8ED0A6D \windows\PLFSetI.exe 2009-11-05 03:01:45 193 ----a-w- FA6800933F1F79B2A83B0FF094AF5489 \windows\Prelaunch.ini 2009-07-14 01:39:29 427008 ----a-w- 2E2C937846A0B8789E5E91739284D17A \windows\regedit.exe 2000-07-14 22:00:00 30720 ----a-w- D66097F64F04F2B843F80B5A1EE79813 \windows\regtlib.exe 2009-08-19 01:16:52 831488 ----a-w- 8E7133E852ACAFC158725D5EFF635415 \windows\RtlExUpd.dll 2016-10-08 11:05:46 52678 ----a-w- BEC30E2246005F62C1461E57A4423763 \windows\setupact.log 2015-06-26 05:12:04 0 ----a-w- D41D8CD98F00B204E9800998ECF8427E \windows\setuperr.log 2012-02-11 06:36:01 67072 ----a-w- 127AA81343A7C6F665C22CB1293B0A90 \windows\splwow64.exe 2009-06-10 20:31:02 48201 ----a-w- 9060C3C745E7B2D8E1A81DD061021546 \windows\Starter.xml 2009-10-23 21:45:50 8362 ----a-w- D563B200D04760491E518D526D90C63A \windows\Suyin.reg 2009-06-10 21:08:04 219 ----a-w- 286A9EDB379DC3423A528B0864A0F111 \windows\system.ini 2009-06-10 21:41:17 94784 ----a-w- 0BEA3F79A36B1F67B2CE0F595524C77C \windows\twain.dll 2010-11-20 12:21:32 51200 ----a-w- 163A95975E1D8819E653AA3E961371CA \windows\twain_32.dll 2009-06-10 21:41:17 49680 ----a-w- F36A271706EDD23C94956AFB56981184 \windows\twunk_16.exe 2009-07-14 01:14:42 31232 ----a-w- 0BD6E68F3EA0DD62CD86283D86895381 \windows\twunk_32.exe 2009-09-09 22:41:28 348680 ----a-w- 35570EAE13BB445DD9D71AB3FB98226A \windows\UNINST32.EXE 2008-06-25 22:22:04 20480 ----a-w- 32F7AE7A79D802DDAAD23C003D443100 \windows\USB_VIDEO_REG.exe 2010-04-08 07:49:46 201 ----a-w- 8AB329EB2F39AD1907FE7919A193A1F3 \windows\USER.XML 2015-05-16 14:35:58 652 ----a-w- 529F97F7A4199DD6CF11288BBBC0723F \windows\win.ini 2009-11-05 03:18:41 10 ----a-w- EECA050AD241539371F902052E6D33C2 \windows\WIN7BASE_XX.TAG 2009-07-14 04:54:24 749 ---ha-r- 5A5CFF37F1BD0F86B9BDAAD7A9445882 \windows\WindowsShell.Manifest 2016-10-01 18:32:15 893427 ----a-w- 9AA6478B5DDB45F645F772346D768AB3 \windows\WindowsUpdate.log 2009-07-14 01:14:45 9728 ----a-w- 1D420D66250BCAAAED05724FB34008CF \windows\winhlp32.exe 2016-10-05 20:14:02 478 ----a-w- 7F6E107623D8B1DC16BA2949BA826328 \windows\wininit.ini 2009-10-09 18:08:50 326432 ----a-w- 749ACA9A0CCF9018964F54A47D10F48A \windows\WisGAPas.exe 2009-10-09 18:21:58 388384 ----a-w- 798097D01E64F0F29E322B708CC71457 \windows\WisGAPasx64.exe 2010-04-08 07:37:31 167 ----a-w- 2EF25989004B67762F51B8430CBF626B \windows\WisLangCode.ini 2009-11-04 12:25:46 484128 ----a-w- A3BEE5FC07CD3845041FCB5589AF2D9C \windows\WisMvImg.exe 2009-07-29 17:52:03 147 ----a-w- 3277EEFDEAF0557B327BB5418AB51D52 \windows\WisPriority.ini 2009-07-10 11:24:06 307568 ----a-w- 6F926E4FAB6BDBABC3D4F275A3CF2B4C \windows\WLXPGSS.SCR 2009-06-10 20:52:44 316640 ----a-w- DC17DD0189B0C36D863B4DD0A036C10F \windows\WMSysPr9.prx 2010-02-21 06:54:08 1277 ----a-w- 913DBE1295FA6E3C07D0009957437505 \windows\WPatchProgress.ini 2009-07-14 01:39:57 10240 ----a-w- F8ED3B4B209E2CB49028E36CF06CA851 \windows\write.exe 2016-02-09 12:39:43 10498 ----a-w- 4DBC7BD06EC105F7894BF10BEDF45440 \windows\ZonaUpdater.log ==== Empty Folders Check ====================== C:\Users\Dejonckheere\AppData\Roaming\postgresql deleted successfully C:\Users\Dejonckheere\AppData\Roaming\QuickScan deleted successfully C:\Users\Dejonckheere\AppData\Roaming\Seagate deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\bdwtxapps.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Bitdefender Agent\ProductAgentService.exe C:\Program Files (x86)\PDF Architect\ConversionService.exe C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Users\Dejonckheere\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [btwdins] - Bluetooth Service - c:\program files\widcomm\bluetooth software\btwdins.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [PDF Architect Service] - PDF Architect Service - c:\program files (x86)\pdf architect\conversionservice.exe R2 - [ProductAgentService] - ProductAgentService - c:\program files\bitdefender agent\productagentservice.exe R2 - [UPDATESRV] - Bitdefender Desktop Update Service - c:\program files\bitdefender\bitdefender 2016\updatesrv.exe R2 - [vsserv] - Bitdefender Virus Shield - c:\program files\bitdefender\bitdefender 2016\vsserv.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S2 - [AgereModemAudio] - Agere Modem Call Progress Audio - c:\program files\lsi softmodem\agr64svc.exe S2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe S2 - [Greg_Service] - GRegService - c:\program files (x86)\acer\registration\greghsrw.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [PDF Architect Helper Service] - PDF Architect Helper Service - c:\program files (x86)\pdf architect\helperservice.exe S2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe [x] S2 - [postgresql-8.4] - postgresql-8.4 - PostgreSQL Server 8.4 - c:\program files (x86)\postgresql\8.4\bin\pg_ctl.exe S2 - [ReflectService.exe] - Macrium Reflect Image Mounting Service - c:\program files\macrium\reflect\reflectservice.exe S2 - [RS_Service] - Raw Socket Service - c:\program files (x86)\acer\acer vcm\rs_service.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S2 - [UNS] - Intel(R) Management & Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe S2 - [UseSocketService] - UseSocketService - c:\program files (x86)\bouwsoft\usesocketservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [BrYNSvc] - BrYNSvc - c:\program files (x86)\browny02\brynsvc.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IAANTMON] - Intel(R) Matrix Storage Event Monitor - c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [MWLService] - MyWinLocker Service - c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe S3 - [TOSHIBA Bluetooth Service] - TOSHIBA Bluetooth Service - c:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtsrv.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [TurboBoost] - TurboBoost - c:\program files\intel\turboboost\turboboost.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [pgsql-8.2] - pgsql82 - c:\program files (x86)\postgresql\8.2\bin\pg_ctl.exe S4 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S4 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\Dejonckheere\AppData\Roaming\Zona deleted C:\Users\Dejonckheere\AppData\Local\Unity deleted C:\Users\Dejonckheere\AppData\Local\CrashRpt deleted C:\Users\Dejonckheere\Downloads\iLividSetup-r20-n-bc.exe deleted C:\Users\Dejonckheere\AppData\LocalLow\Unity deleted C:\Windows\wininit.ini deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3957 MB CPU Info: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz CPU Speed: 2318.6 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: AMD Mobility Radeon HD 5000 Series | AMD Mobility Radeon HD 5000 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth PAN Network Adapter | Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR5B93 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT30N Ports: COM3 | COM13 | COM14 | COM15 | COM16 | COM17 | COM18 | COM19 | COM20 | COM21 | COM22 | COM9 | COM23 | COM24 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 292.8GB | E: 291.5GB Hard Disks - Free: C: 153.4GB | E: 224.9GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 12/25/09 | ACRSYS - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7740 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Bitdefender Antivirus *Disabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371} SP: Bitdefender Antispyware *Disabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Bitdefender Firewall *Disabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A} Default Browser: Google Chrome 53.0.2785.143 Internet Explorer Version: 11.0.9600.17843 Google Chrome version: 53.0.2785.143 Adobe Reader version: 15.17.20050.192152 Flash Player version: 21.0.0.242 Shockwave Player version: 12.1.6r156 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\DEJONC~1\AppData\Local\Temp ==== 2016-10-03 20:41:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Dejonckheere\AppData\Local\Temp\bf6fd61c534be1a700920553a3061423BSMain.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-10-02 10:33:34 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys ====== C:\Windows\Tasks ====== 2016-09-10 18:38:43 0571807C11C3E42E47CC74EBAF2A4732 3268 ----a-w- C:\Windows\Sysnative\Tasks\AutoShutdown ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Dejonckheere\AppData\Roaming ====== 2016-10-08 11:23:43 -------- d-----w- C:\Users\Dejonckheere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-09-12 20:36:13 -------- d-----w- C:\Users\Dejonckheere\AppData\Local\Chromium ====== C:\Users\Dejonckheere ====== 2016-10-08 11:22:12 00686CAEC1A7552F92FDFF0EED790BBD 26268 ----a-w- C:\ProgramData\agent.1475925689.bdinstall.bin 2016-10-06 19:14:51 09095FF823D35EE6FB462687764AB286 26268 ----a-w- C:\ProgramData\agent.1475781283.bdinstall.bin 2016-10-05 20:53:33 DBDA9E18DF1680C4E82AB3E4A3091A79 26268 ----a-w- C:\ProgramData\agent.1475700807.bdinstall.bin 2016-10-03 18:22:24 -------- d-----w- C:\ProgramData\Dumps 2016-10-03 17:25:11 B391E9F8EE08B9C9EC061A51D8FC4D2A 2405376 ----a-w- C:\Users\Dejonckheere\Desktop\FRST64.exe 2016-09-21 19:49:25 D696617C23632A27A810A93420706DF9 26844 ----a-w- C:\ProgramData\agent.1474487305.bdinstall.bin 2016-09-11 11:07:35 -------- d-----w- C:\Users\Dejonckheere\My Documents ====== C: exe-files == 2016-10-08 11:23:31 E7C644B09ABBC50B39AE4E41DA80FB8F 36648 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_x86\dbxsvc.exe 2016-10-08 11:23:31 C5BDE5038484FD9EC7CFA9207E534976 25243040 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\Dropbox.exe 2016-10-08 11:23:31 6C064D8EAD954F14609CA1DDA475005A 174048 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe 2016-10-08 11:23:31 2A98519A9486CEB4D0A513A2AD09C2A0 42792 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_amd64\dbxsvc.exe 2016-10-08 11:21:18 2734B5C716CFE714151D8ED0399F0280 70395576 ----a-w- C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\Install\{5FE615B1-39F4-4706-BDF7-D4A0A8B70F5E}\DropboxClient_11.4.22.exe 2016-10-08 11:21:17 2734B5C716CFE714151D8ED0399F0280 70395576 ----a-w- C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\11.4.22\DropboxClient_11.4.22.exe 2016-10-05 20:12:03 B391E9F8EE08B9C9EC061A51D8FC4D2A 2405376 ----a-w- C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CO3O0TI6\FRST64[1].exe 2016-10-05 20:12:02 FDA44910DEB1A460BE4AC5D56D61D837 5 ----a-w- C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21VIE7JT\FRST64[1].exe 2016-10-05 19:50:50 45D5FE26AE1406B30400B0FCF8B36D13 1266792 ----a-w- C:\Windows\Temp\CR_3BE13.tmp\setup.exe 2016-10-05 19:50:41 565E9617713095392FE8BAA91AB9A238 1246584 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\53.0.2785.143\53.0.2785.143_53.0.2785.116_chrome_updater.exe 2016-10-03 20:41:58 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Dejonckheere\AppData\Local\Temp\bf6fd61c534be1a700920553a3061423BSMain.exe 2016-10-03 17:25:11 F8F2F429584DB7156302BE2351719B28 2404864 ----a-w- C:\Users\Dejonckheere\Downloads\FRST-OlderVersion\FRST64.exe 2016-10-03 17:25:11 B391E9F8EE08B9C9EC061A51D8FC4D2A 2405376 ----a-w- C:\Users\Dejonckheere\Desktop\FRST64.exe === C: other files == 2016-10-08 11:23:31 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys 2016-10-08 11:23:31 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys 2016-10-08 11:23:31 9516B0A2506DFAD604A0CDC42E21650D 73840 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys 2016-10-08 11:23:31 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys 2016-10-08 11:23:31 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys 2016-10-08 11:23:31 7D564ACBF730162DFFB3552A84022B15 62064 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys 2016-10-03 18:36:10 1D3CA0846C9E6D27D610DAA947BDFDE9 40089787 ----a-w- C:\Users\Dejonckheere\Desktop\BDSP_DEJONCKHEERE-PC_2016_10_03_20_36.zip 2016-10-02 10:33:34 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1676756398-211950510-2368295547-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BtTray"="C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acer ePower Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsMon00] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrStsMon00" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter4] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter4" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ControlCenter4\\BrCcBoot.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecLiveUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Dejonckheere^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bouwsoft Beheer.lnk] "item"="Bouwsoft Beheer" "path"="C:\\Users\\Dejonckheere\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bouwsoft Beheer.lnk" "backup"="C:\\Windows\\pss\\Bouwsoft Beheer.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\Bouwsoft\\Tools\\WERKST~1\\beheer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Akamai] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc] ==== Startup Folders ====================== 2016-02-18 16:32:35 1122 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-06-26 18:29:34 1028 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core.job --a------ C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 21:10] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA.job --a------ C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 21:10] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/07/2015 10:15] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/07/2015 10:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AutoShutdown" [shutdown] "C:\Windows\SysNative\tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" [C:\Program Files\Bitdefender Agent\WatchDog.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core" [C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA" [C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 user_pref("browser.startup.homepage", "www.ddejonckheere.be"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [16/03/2016 21:48] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "bdwteffv20@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff" [16/03/2016 21:48] ==== Firefox Extensions ====================== ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 - Undetermined - C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\adremoveext@adremoveext.net - Undetermined - C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\iobitascsurfingprotection@iobit.com ==== Firefox Plugins ====================== Profilepath: C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 AD76B0F3348914E133455E52743C839D - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll - Shockwave for Director / Shockwave for Director 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhhejlifdlcgcmogbggeomfodgklfaem - No path found[] Google Slides - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Bitdefender Wallet - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem Google Sheets - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.streamfinder.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.streamfinder.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.save-on-crafts.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.save-on-crafts.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.dfiles.eu_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.dfiles.eu_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads5a.dfiles.eu_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads5a.dfiles.eu_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads6x.dfiles.eu_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads6x.dfiles.eu_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage deleted successfully C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms} HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms} HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_nlBE533BE377 HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe O23 - Service: UseSocketService - Use It Group NV - C:\Program Files (x86)\Bouwsoft\UseSocketService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\postgres.DEJONCKHEERE-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\POSTGR~1.DEJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Dejonckheere\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1986 folders=323 634224054 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dejonckheere\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Users\postgres.DEJONCKHEERE-PC\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\POSTGR~1.DEJ\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DEJONC~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 08/10/2016 at 19:47:41,50 ======================