Zoek.exe v5.0.0.0 Updated 22-08-2014 Tool run by Wilma on vr 22-08-2014 at 21:41:57,81. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wilma\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-8-2014 21:46:32 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\FLVM Player deleted successfully C:\Program Files\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Users\Wilma\AppData\Local\calibre-cache deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted successfully HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted successfully HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted successfully HKEY_CLASSES_ROOT\CLSID\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Wilma\AppData\Roaming\mozilla\firefox\Profiles\cccua7wj.default ---- Lines conduit removed from prefs.js ---- user_pref("browser.search.selectedEngine", "Conduit Search"); user_pref("browser.search.defaultenginename", "Conduit Search"); ---- FireFox user.js and prefs.js backups ---- user_22-08-2014_2212_.backup prefs_22-08-2014_2212_.backup ==== Deleting Files \ Folders ====================== C:\ProgramData\SSaVErAdddoon deleted C:\Users\Wilma\AppData\LocalLow\{96A69C90-4BF7-FFB5-59EC-FEF61C73D628} deleted C:\Program Files\iMesh Applications deleted C:\Users\Wilma\AppData\Roaming\systweak deleted C:\Windows\system32\config\systemprofile\AppData\Roaming\Systweak deleted C:\Users\Wilma\AppData\Local\avgchrome deleted C:\Users\Wilma\AppData\Local\iMesh deleted C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted C:\Users\Wilma\Searches deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\Wilma\Documents\Optimizer Pro deleted C:\Users\Wilma\AppData\Roaming\mozilla\firefox\Profiles\cccua7wj.default\searchplugins\trovi-search.xml deleted C:\Users\Wilma\AppData\Roaming\mozilla\firefox\Profiles\cccua7wj.default\extensions\staged deleted "C:\Users\Wilma\AppData\Roaming\driver\driver.html" deleted "C:\Program Files\eDealsPop\eDealsPop.exe" deleted "C:\Program Files\eDealsPop\msvcr100.dll" deleted "C:\Program Files\eDealsPop\eDealsPop.exe" deleted "C:\Program Files\eDealsPop\msvcr100.dll" deleted "C:\Users\Wilma\AppData\Roaming\driver" deleted "C:\Program Files\eDealsPop" deleted "C:\Program Files\eDealsPop" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Wilma\AppData\Local\Temp ==== 2014-08-19 20:18:44 C95CDDF65F9F8C9433AFF8F0A811375A 189320 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\psmachine_64.dll 2014-08-19 20:18:44 84180917AAB55EE4392C54E0E0BD4022 166792 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\psmachine.dll 2014-08-19 20:18:44 715CCB3F5EDA626198CCADC7AB8CE9A2 189320 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\psuser_64.dll 2014-08-19 20:18:44 3D58798BD1D1F96381C0B47CA859739D 166792 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\psuser.dll 2014-08-19 20:18:43 FB5621842FDABF9F8359775573498FBC 605064 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\npGoogleUpdate3.dll 2014-08-19 20:18:43 DEC1A40D0210FAD3BB67028B97F155A4 26112 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateHelper.msi 2014-08-19 20:18:43 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateBroker.exe 2014-08-19 20:18:43 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleCrashHandler64.exe 2014-08-19 20:18:43 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateOnDemand.exe 2014-08-19 20:18:43 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateSetup.exe 2014-08-19 20:18:43 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateComRegisterShell64.exe 2014-08-19 20:18:43 77E585EDD4C7EB7AB2ACC36BC1DC32A5 1696648 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\goopdate.dll 2014-08-19 20:18:43 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdate.exe 2014-08-19 20:18:43 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleCrashHandler.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-08-14 21:34:35 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-14 21:34:31 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-14 21:34:24 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-14 21:34:18 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-14 11:59:42 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-08-14 11:59:41 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-08-14 11:59:39 41A3A54603686FD437FA4E8EB95025F9 51200 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-08-14 11:59:39 004DFEA0B7AE3F8F438CD2D8C643DAEE 108032 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-08-14 11:59:38 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-08-14 11:59:37 87C2B5010779DF6BE4732751C5DB5D64 112128 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-14 11:59:37 7B051C4A70F23A84A09366999FE63CBD 307384 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-08-14 11:59:37 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-14 11:59:37 478824EC0BCE9968C0DC787164B1753B 32768 ----a-w- C:\Windows\System32\iernonce.dll 2014-08-14 11:59:37 3BB3D5D1CACD68BE8F7A16CCB3AADA93 646144 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-14 11:59:37 36B67392AFB8901CC442EA988AD4603D 43008 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-14 11:59:36 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-14 11:59:36 E8D46F442AB53A52BDBB3EA0C51BDABD 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-14 11:59:36 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-14 11:59:36 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-14 11:59:35 D7D412D3436CFB85B383CDD3C9B455F0 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-08-14 11:59:35 B91AA3BC8083E66925FAE29FDA485CEA 164864 ----a-w- C:\Windows\System32\msrating.dll 2014-08-14 11:59:35 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-14 11:59:35 7EFBB7A3C664A8DF93C9937DF76760A4 663040 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-14 11:59:35 4D0E91438CE181AF94C653B3BBE3C65A 61952 ----a-w- C:\Windows\System32\iesetup.dll 2014-08-14 11:59:34 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\Windows\System32\wininet.dll 2014-08-14 11:59:34 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-08-14 11:59:33 F48A1A114382AB4EF8000E1943E6CF1F 438784 ----a-w- C:\Windows\System32\ieui.dll 2014-08-14 11:59:33 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-14 11:59:33 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-14 11:59:32 49FFD37673BD20279A8BF27CC20040B3 1068032 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-08-14 11:59:32 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-14 11:59:31 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-14 11:59:31 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\Windows\System32\MshtmlDac.dll 2014-08-14 11:59:30 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-08-14 11:59:29 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-14 11:59:28 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-14 11:59:20 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-08-14 11:59:20 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-08-14 11:59:19 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-08-14 11:59:19 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-14 11:59:14 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-14 11:59:12 EB0AAAAC964609473049AF9A1AE26F42 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-08-14 11:59:12 8C192180F49B102626B6517E9B94645F 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-14 11:59:11 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-08-14 11:59:10 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-08-14 11:59:09 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\System32\locale.nls 2014-08-14 11:59:08 F1886C30C3E4A7C5513525CBA665AA31 6144 ----a-w- C:\Windows\System32\KBDTAT.DLL 2014-08-14 11:59:08 EB3D06A9EDFDFD12228AD7A9F24D15D6 5632 ----a-w- C:\Windows\System32\KBDRU.DLL 2014-08-14 11:59:08 40FFC65117C4AC69D33DEC6D567392FD 6144 ----a-w- C:\Windows\System32\KBDYAK.DLL 2014-08-14 11:59:08 33DB506498E0419CD50B144DE7CCFC75 6144 ----a-w- C:\Windows\System32\KBDBASH.DLL 2014-08-14 11:59:08 1235259E135F87BF4AE5864A818E1513 6144 ----a-w- C:\Windows\System32\KBDRU1.DLL 2014-08-14 11:59:07 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll ====== C:\Windows\system32\drivers ===== 2014-08-14 11:59:41 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-14 11:59:41 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-10 20:53:29 -------- d-----w- C:\Program Files\DVD Shrink 2014-08-09 20:21:58 -------- d-----w- C:\Program Files\iPod 2014-08-09 20:21:57 -------- d-----w- C:\Program Files\iTunes 2014-08-07 13:16:34 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Users\Wilma\AppData\Roaming ====== 2014-08-19 20:17:35 -------- d-sh--w- C:\Users\Wilma\AppData\Locallow\EmieUserList 2014-08-19 20:17:35 -------- d-sh--w- C:\Users\Wilma\AppData\Locallow\EmieSiteList 2014-07-28 20:28:48 -------- d-sh--w- C:\Users\Wilma\AppData\Local\EmieUserList 2014-07-28 20:28:48 -------- d-sh--w- C:\Users\Wilma\AppData\Local\EmieSiteList ====== C:\Users\Wilma ====== 2014-08-19 20:19:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-18 14:34:57 -------- d-----w- C:\ProgramData\d73e3106aab4ff38 2014-08-18 14:14:41 -------- d-----w- C:\ProgramData\WinSpeed 2014-08-14 12:56:43 -------- d--h--w- C:\ProgramData\CanonIJEGV 2014-08-14 12:53:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series Manual 2014-08-14 12:32:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series 2014-08-10 20:53:30 -------- d-----w- C:\ProgramData\DVD Shrink 2014-08-09 20:22:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-08-09 20:21:57 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-08-07 13:16:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-28 20:49:28 -------- d-----w- C:\ProgramData\2308189059 2014-07-28 20:29:12 -------- d-----w- C:\ProgramData\Systweak ====== C: exe-files == 2014-08-22 12:08:00 5FBBCFA03CEBA817A53DADEE84F8DCAD 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1758853393-2436170717-870028114-1000\$IDL6073.exe 2014-08-22 12:06:58 47811D50390A86A17102D7496E6EABB9 388608 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1758853393-2436170717-870028114-1000\$RDL6073.exe 2014-08-19 20:19:19 A31EEE18FD822AB0F976E30AC7595210 39734352 ----a-w- C:\Program Files\Google\Update\Install\{13E3B31C-F8E1-462C-95C8-4DB923EB833D}\36.0.1985.143_chrome_installer.exe 2014-08-19 20:19:18 A31EEE18FD822AB0F976E30AC7595210 39734352 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\36.0.1985.143\36.0.1985.143_chrome_installer.exe 2014-08-19 20:18:43 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateBroker.exe 2014-08-19 20:18:43 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleCrashHandler64.exe 2014-08-19 20:18:43 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateOnDemand.exe 2014-08-19 20:18:43 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateSetup.exe 2014-08-19 20:18:43 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdateComRegisterShell64.exe 2014-08-19 20:18:43 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleUpdate.exe 2014-08-19 20:18:43 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Users\Wilma\AppData\Local\Temp\{3F496088-DDB3-4609-B87F-DB89BC8A1C43}\GoogleCrashHandler.exe 2014-08-15 20:33:42 C56CB929FDC62BA6AFA025C0DF95CA73 1836624 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe === C: other files == 2014-08-19 20:18:14 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C31M6XKA\themedia-player[1].com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S7F3D.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB2FA.tmp /EF HKCU" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "uTorrent"="C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IJNetworkScannerSelectorEX"="C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "eDealsPop"="C:\Program Files\eDealsPop\eDealsPop.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S7F3D.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB2FA.tmp /EF HKCU" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "uTorrent"="C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\docume~1\\ settings\\all users\\application data\\browserdefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} c:\\progra~2\\winspeed\\winspeed.dll" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-05-2013 17:44] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-05-2013 17:44] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{F0B974D7-9310-4C36-A787-1E8256832FD1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== ExtDir: C:\Users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\cccua7wj.default 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 075394F75303286C2FA91908CB781609 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox ==== Deleted Firefox Extensions ====================== C:\Users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted ==== Chrome Look ====================== Google Docs - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Paste It - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln Google Wallet - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://google.nl/" ], ==== Chrome Fix ====================== C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln deleted successfully C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flkmjdnckhfkjkldogocpnmljokfnbln_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.aldi.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {28D707D5-8C07-46AF-B9CE-546BC99D958C} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:40304" "ProxyOverride"="*origin.com;*ea.com;*akamaihd.net;" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\eDealsPop_is1 deleted successfully ==== Empty IE Cache ====================== C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQL62ZAV will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=323 folders=58 106065879 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Wilma\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wilma\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQL62ZAV" not found ==== EOF on vr 22-08-2014 at 22:28:39,30 ======================