Zoek.exe v5.0.0.0 Updated 05-February-2015 Tool run by Gerdy on do 05-02-2015 at 21:51:24,75. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gerdy\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 5-2-2015 22:29:04 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\GUM2E.tmp deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Users\Gerdy\AppData\Roaming\Download Manager deleted successfully C:\Users\Gerdy\AppData\Roaming\QuickScan deleted successfully C:\Users\Gerdy\AppData\Roaming\TP deleted successfully C:\Users\Gerdy\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_CLASSES_ROOT\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_CLASSES_ROOT\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_CLASSES_ROOT\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_CLASSES_ROOT\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_CLASSES_ROOT\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_CLASSES_ROOT\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_CLASSES_ROOT\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cd90bf73-20f6-44ef-993d-bb920303bd2e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Allin1Convert_8hService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\VideoDownloadConverter_4zService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\VideoDownloadConverter_4zService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Gerdy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Allin1Convert Search Scope Monitor"=- "Allin1Convert_8h Browser Plugin Loader"=- "VideoDownloadConverter Search Scope Monitor"=- "VideoDownloadConverter_4z Browser Plugin Loader"=- "FromDocToPDF EPM Support"=- "FromDocToPDF AppIntegrator 32-bit"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Delta not found C:\Program Files\ConduitEngine deleted C:\Users\Gerdy\appdata\locallow\ConduitEngine deleted C:\Program Files\Veoh_Web_Player deleted C:\Users\Gerdy\appdata\locallow\Veoh_Web_Player deleted C:\Users\Gerdy\AppData\Local\Allin1Convert_8h deleted C:\Users\Gerdy\appdata\locallow\Allin1Convert_8h deleted C:\Users\Gerdy\AppData\Local\FromDocToPDF_65 deleted C:\Users\Gerdy\appdata\locallow\FromDocToPDF_65 deleted C:\Users\Gerdy\AppData\Local\VideoDownloadConverter_4z deleted C:\Users\Gerdy\appdata\locallow\VideoDownloadConverter_4z deleted C:\Users\Gerdy\AppData\LocalLow\Conduit deleted C:\Program Files\Photo Notifier and Animation Creator deleted C:\Program Files\Conduit deleted C:\Program Files\PC Drivers HeadQuarters deleted C:\Program Files\Video Download Converter deleted C:\Users\Gerdy\AppData\Roaming\Babylon deleted C:\Users\Gerdy\AppData\Roaming\OpenCandy deleted C:\Users\Gerdy\AppData\Local\onlysearch deleted C:\Users\Gerdy\AppData\Local\PC_Drivers_Headquarters deleted C:\Users\Gerdy\AppData\Local\PutLockerDownloader deleted C:\Users\Gerdy\AppData\Local\Conduit deleted C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences deleted C:\Users\Gerdy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com deleted C:\Users\Gerdy\AppData\LocalLow\AVG Security Toolbar deleted C:\Users\Gerdy\AppData\LocalLow\IAC deleted C:\Users\Gerdy\AppData\LocalLow\Delta deleted C:\Windows\system32\Tasks\BrowserProtect deleted C:\Windows\System32\ConduitEngine.tmp deleted C:\Windows\System32\sho17C4.tmp deleted C:\Windows\System32\sho2F9B.tmp deleted C:\Windows\System32\sho42FD.tmp deleted C:\Windows\System32\sho4A0A.tmp deleted C:\Windows\System32\sho5E0D.tmp deleted C:\Windows\System32\sho98AB.tmp deleted C:\Windows\System32\sho9C8C.tmp deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\Gerdy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi deleted C:\Users\Gerdy\Desktop\FTDownloader.lnk deleted C:\Users\Gerdy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\8hffxtbr@Allin1Convert_8h.com deleted "C:\Windows\Installer\38b252.msi" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\HPG.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\HPG.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll" deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65dlghk.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\HPG.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\Allin1Convert_8h" not deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\FromDocToPDF_65" not deleted "C:\Program Files\Allin1Convert_8h" not deleted "C:\Program Files\FromDocToPDF_65" not deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\Allin1Convert_8h" not deleted "C:\Program Files\VideoDownloadConverter_4z" not deleted "C:\Program Files\FromDocToPDF_65" not deleted "C:\Program Files\Allin1Convert_8h\bar" not deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\Allin1Convert_8h\bar" not deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\Allin1Convert_8h\bar" not deleted "C:\Program Files\Allin1Convert_8h\bar\1.bin" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar" not deleted "C:\Program Files\VideoDownloadConverter_4z\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\assists\ie_default_search_provider" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Gerdy\AppData\Local\Temp ==== 2015-02-05 19:05:14 B0F6507F8666E89DD9F192313D88EB98 389632 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\uninst1.exe 2015-02-05 19:04:02 D7AD0AD3162BCD50E1D2E462E8C748EA 264488 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes.dll 2015-02-05 19:04:02 7A5A07D9A323DFD9097C9CF39E6802E6 153760 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes_LD.dll 2015-02-05 19:04:01 9BD51360CB8F1A2206642599D40FD258 419048 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\mcbrwsr2.dll 2015-02-05 19:04:01 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe 2015-02-05 19:04:01 26FD227409FB73C4D958602B8A3EFFA0 577632 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\McInstallerStartup.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2015-01-16 21:40:06 B0584CA7DEF55929FDB5169BD28B2484 115200 ----a-w- C:\Windows\System32\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-02-05 16:01:30 FE3D2FC1162FC07F9C22F0A37166120F 3950 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000UA1d0415d14bfa38 2015-02-05 16:01:30 D964CB718A2642DB679FFE2991E67DE4 1066 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000UA1d0415d14bfa38.job 2015-02-05 16:01:29 4E428F71B9CF0CEA948B73576F26291B 1014 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000Core1d0415dc9ffa0.job 2015-02-05 16:01:29 3F486CAB34B42D806E972A1727EA511F 3554 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000Core1d0415dc9ffa0 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-05 15:56:40 -------- dc----w- C:\Program Files\trend micro 2015-02-04 22:55:15 -------- d-----w- C:\Program Files\Common Files\Java(10) ======= C: ===== ====== C:\Users\Gerdy\AppData\Roaming ====== ====== C:\Users\Gerdy ====== 2015-02-05 15:55:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gerdy\Downloads\RSIT.exe ====== C: exe-files == 2015-02-05 21:06:31 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\Install\{E1290D58-46E3-4363-9463-50C4BDEA5612}\40.0.2214.111_chrome_installer.exe 2015-02-05 21:06:30 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_chrome_installer.exe 2015-02-05 19:05:14 B0F6507F8666E89DD9F192313D88EB98 389632 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\uninst1.exe 2015-02-05 19:04:01 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Users\Gerdy\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe 2015-02-05 16:06:46 E27AD0924EB10E712E11DC5AE5DF4CB0 7386192 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\Install\{E848F029-F71E-44D0-9DAC-3347A64BA527}\40.0.2214.94_39.0.2171.95_chrome_updater.exe 2015-02-05 16:01:28 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-05 16:01:28 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-05 16:01:27 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-05 16:01:21 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-05 16:00:32 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-05 16:00:23 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-05 15:59:45 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-05 15:56:44 9A2347903D6EDB84C10F288BC0578C1C 388608 -c--a-w- C:\Program Files\trend micro\Gerdy.exe 2015-02-05 15:55:13 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gerdy\Downloads\RSIT.exe 2015-02-05 15:54:03 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Users\Gerdy\AppData\Local\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-05 15:53:38 70D09276FE2AAA808813399245A2F493 1542696 ----a-w- C:\Windows\Temp\contentDATs.exe 2015-02-05 15:53:34 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\Install\{83DFC57B-BBA1-422D-A6F2-3317DC2CA21C}\GoogleUpdateSetup.exe 2015-02-05 15:53:34 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Users\Gerdy\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe === C: other files == 2015-02-05 15:49:09 48BCF976A1CEBAE73F8A7E807D539322 96 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2015-02-04 22:53:54 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files\Java\jre1.8.0_31\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "VeohPlugin"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "Advanced SystemCare 5"="C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart" "Google Update"="C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup" "Google EULA Launcher"="C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE" "Update 2100C"="C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\update.exe 2100C+" "EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe" "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "VeohPlugin"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "Advanced SystemCare 5"="C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart" "Google Update"="C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe /c" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe -update activex" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Google Update"="\"C:\\Users\\Gerdy\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "ArcSoft Connection Service"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2015 21:51] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19-10-2014 11:33] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000Core1d0415dc9ffa0.job --a------ C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe [21-09-2012 12:04] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000UA1d0415d14bfa38.job --a------ C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe [21-09-2012 12:04] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\ArcSoft Connect Daemon" [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Google Updater and Installer" [C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000Core1d0415dc9ffa0" [C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1599998681-4031457003-3899913062-1000UA1d0415d14bfa38" [C:\Users\Gerdy\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\RunAsStdUser Task for VeohWebPlayer" [C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "8hffxtbr@Allin1Convert_8h.com"="C:\Program Files\Allin1Convert_8h\bar\1.bin" [05-02-2015 22:43] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bbffdhejhaoiflnpooogkckfdcmmjppn - C:\Program Files\FTDownloader.com\FTDownloader10.crx[] jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx[] Delta Toolbar - Gerdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Google Wallet - Gerdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.golsearch.com_0.localstorage deleted successfully C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.golsearch.com_0.localstorage-journal deleted successfully C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.aldi.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search/?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {422AB165-0B21-4D87-8502-9BAC1D839A5D} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_nl" {75b4241f-171e-44a3-bf44-23613b6e3e03} Unknown Url="Not_Found" {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully HKEY_USERS\S-1-5-21-1599998681-4031457003-3899913062-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE8A1275F03A66F40964F3044CA31ECD deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5721A8EA-A30F-4F66-9046-3F40C43AE1DC} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AE8A1275F03A66F40964F3044CA31ECD deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gerdy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gerdy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gerdy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Gerdy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1023 folders=233 133892791 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gerdy\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Gerdy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gerdy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\Allin1Convert_8h" not found "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\FromDocToPDF_65" not found "C:\Program Files\Allin1Convert_8h" not found "C:\Program Files\FromDocToPDF_65" not found "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\Allin1Convert_8h" not found "C:\Program Files\VideoDownloadConverter_4z" not found "C:\Program Files\FromDocToPDF_65" not found ==== EOF on do 05-02-2015 at 22:56:24,70 ======================