Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by JEAN on wo 16/03/2016 at 17:48:29,97. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\JEAN\DOWNLOADS\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2016-02-15-145521.log 73894 bytes C:\zoek-results2016-03-14-205554.log 105705 bytes C:\zoek-results2016-03-15-135639.log 66960 bytes C:\zoek-results2016-03-16-090328.log 69541 bytes ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\lxeecoms.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Lexmark Pro700 Series\lxeemon.exe C:\Program Files\Lexmark Pro700 Series\ezprint.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\JEAN\DOWNLOADS\zoek.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D48C815-6FDD-496B-BC60-05546BE5AB61}] "AppName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC73968A-7EEA-4D47-8314-063D41D784A4}] "AppName"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\IncrediMail_TSA28XQR3.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\IncrediMail\\Data\\"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\IncrediMail\\"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\\ProgramData\\IncrediMail\\Data\\Licenses\\"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\065EFC441E38F9C47AE53FD0108F15DE] "00000000000000000000000000000000"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\286FB5A04FCEF1D4DB63DA74A77F000A] "00000000000000000000000000000000"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C9DF4B668FE918488AC070320498756] "00000000000000000000000000000000"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\617379C0DBC9761499BF26900208E6F7] "00000000000000000000000000000000"=- [-HKEY_USERS\.DEFAULT\Software\IncrediMail] [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\304946d4_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\319615a9_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\396592e_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\47ab7e5a_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5d562397_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\825bc952_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b2d0a585_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\df83932b_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\e2039603_0] @=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f166d079_0] @=- [-HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\IncrediMail] [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\JEAN\\DOWNLOADS\\su_8263.exe"=- [HKEY_USERS\S-1-5-21-3978713732-936569717-2525818349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Users\\JEAN\\DOWNLOADS\\su_8263.exe"=- [-HKEY_USERS\S-1-5-18\Software\IncrediMail]