Zoek.exe Version 4.0.0.5 Updated 09-November-2013 Tool run by frank welkenhuysen on za 09/11/2013 at 19:45:37,24. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\frank welkenhuysen\Desktop\zoek\zoek.exe [Script inserted] ==== Older Logs ====================== C:\zoek-results2013-11-09-173146.log 753 bytes ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies C:\PROGRA~2\MSXML 4.0 C:\PROGRA~2\Origin Games C:\Program Files\Google C:\ProgramData\DassaultSystemes C:\ProgramData\Oracle C:\Users\frank welkenhuysen\AppData\Roaming\DassaultSystemes C:\Users\frank welkenhuysen\AppData\Local\Conduit C:\Users\frank welkenhuysen\AppData\Local\DassaultSystemes C:\Users\frank welkenhuysen\AppData\Local\FEMAP ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Conduit deleted C:\Users\frank welkenhuysen\AppData\Roaming\Research In Motion deleted C:\ProgramData\Partner deleted C:\ProgramData\Package Cache deleted C:\Users\frank welkenhuysen\AppData\Local\uninst.tmp deleted C:\Users\frank welkenhuysen\AppData\Local\Conduit deleted C:\Users\frank welkenhuysen\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\Syswow64\tmp79C4.tmp deleted C:\Windows\Syswow64\tmp79D4.tmp deleted C:\Windows\Syswow64\tmpECFD.tmp deleted C:\Windows\Syswow64\tmpECFE.tmp deleted C:\Windows\Syswow64\tmpF7D.tmp deleted C:\Windows\Syswow64\tmpF7E.tmp deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-10-27 19:42:08 B43C6EC9790D580BE741C103172F6CF2 748849555 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\FRANKW~1\AppData\Local\Temp ==== ====== Java Cache ===== 2013-10-21 17:02:47 E98D5E09E7C64DE8134FF27492807C81 80 ----a-w- C:\Users\frank welkenhuysen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\57cfe2c1-6.0.lap 2013-11-05 11:47:06 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\frank welkenhuysen\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-59739134 2013-11-05 11:47:06 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\frank welkenhuysen\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-7ec2e414 ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-10-27 17:47:14 4B4050855236C4656EEBDF225E3480FA 328712 ----a-w- C:\Windows\Sysnative\MijFrc.dll ====== C:\Windows\Sysnative\drivers ===== 2013-10-27 17:47:14 C030F9E822A057C1A7A9BB4EA3E8877E 121416 ----a-w- C:\Windows\Sysnative\drivers\MijXfilt.sys ====== C:\Windows\Tasks ====== 2013-10-20 09:48:49 66D37B09FFA521E47B124E900FD00D01 3228 ----a-w- C:\Windows\Sysnative\Tasks\{F6CF41B9-C8B2-41EC-A84F-832A819BCD2F} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-27 17:47:14 -------- d-----w- C:\Program Files\MotioninJoy ======= C:\PROGRA~2 ===== 2013-10-27 16:42:46 -------- d-----w- C:\PROGRA~2\Serious Sam 3 2013-10-26 18:47:09 -------- d-----w- C:\PROGRA~2\Origin Games 2013-10-20 15:35:53 -------- d-----w- C:\PROGRA~2\Probit Software 2013-10-20 14:29:04 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2013-10-20 14:28:33 -------- d-----w- C:\PROGRA~2\Java 2013-10-12 15:00:00 -------- d-----w- C:\PROGRA~2\Origin ======= C: ===== ====== C:\Users\frank welkenhuysen\AppData\Roaming ====== 2013-10-27 17:47:16 -------- d-----w- C:\Users\frank welkenhuysen\AppData\Roaming\MotioninJoy 2013-10-12 16:02:20 -------- d-----w- C:\Users\frank welkenhuysen\AppData\Local\ESN 2013-10-12 15:04:15 -------- d-----w- C:\Users\frank welkenhuysen\AppData\Roaming\Origin 2013-10-12 15:04:13 -------- d-----w- C:\Users\frank welkenhuysen\AppData\Local\Origin ====== C:\Users\frank welkenhuysen ====== 2013-11-09 15:48:00 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\frank welkenhuysen\Downloads\RSITx64.exe 2013-10-27 17:47:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2013-10-27 16:42:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 3 2013-10-20 14:29:06 -------- d-----w- C:\ProgramData\Oracle 2013-10-20 14:28:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2013-10-20 14:28:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2013-10-12 15:00:03 -------- d-----w- C:\ProgramData\Origin 2013-10-12 15:00:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2013-10-12 15:00:02 -------- d-----w- C:\ProgramData\Electronic Arts ====== C: exe-files == === C: other files == 2013-11-09 17:11:01 78E39FA8F9C24F52AB0BE12C912FD841 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2775564192-1456224551-1656259370-1001\$I8GCHQY.com 2013-11-09 17:09:08 90BD324DA65A123553AB4759378B6596 1394331 ----a-w- C:\$Recycle.Bin\S-1-5-21-2775564192-1456224551-1656259370-1001\$R8GCHQY.com ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-05-20 21:40:57 -------- d-----w- C:\ProgramData\Siemens 2013-06-14 14:32:40 -------- d-----w- C:\ProgramData\RICOH 2013-07-01 14:18:05 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-07-01 14:19:37 -------- d-----w- C:\ProgramData\NVIDIA 2013-08-18 13:55:22 -------- d-----w- C:\ProgramData\Xilisoft 2013-09-10 10:12:38 -------- d-----w- C:\ProgramData\Steam 2013-10-12 15:00:02 -------- d-----w- C:\ProgramData\Electronic Arts 2013-10-12 15:00:03 -------- d-----w- C:\ProgramData\Origin 2013-10-20 14:29:06 -------- d-----w- C:\ProgramData\Oracle ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"="C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack" [02/07/2012 14:28] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\frank welkenhuysen\AppData\Roaming\Mozilla\Firefox\Profiles\e6cuvba3.default 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\frank welkenhuysen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[26/07/2012 02:23] ndibdjnfmopecpmkdieinmbadjfpblof - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx[20/04/2012 05:18] AdBlock - frank welkenhuysen - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom AVG Safe Search - frank welkenhuysen - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Facebook Invite All Friends PRO - frank welkenhuysen - Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec ==== Chrome Fix ====================== C:\Users\frank welkenhuysen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\frank welkenhuysen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\frank welkenhuysen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\frank welkenhuysen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\frank welkenhuysen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\frank welkenhuysen\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\FRANKW~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 09/11/2013 at 20:49:22,28 ======================