Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jan on za 10/09/2016 at 11:00:43,35. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10/09/2016 11:01:55 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Jan\AppData\Local\ActiveSync deleted successfully C:\Users\Jan\AppData\Local\NetworkTiles deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Jan\AppData\Roaming\Profiles\pagpysherhientkanupy user.js not found ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.hp", "http://www.trotux.com/?z=d186b23529c80d040ffd44fg4zfmco4get5m7mcw8o&from=epf1&uid=SAMSUNGXMZNLF128HCHP-00 user_pref("browser.search.searchengine.sp", "http://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=SAMSUNGXMZNLF128HCHP-00004_S2DNNXAGC3 user_pref("browser.search.searchengine.uid", "SAMSUNGXMZNLF128HCHP-00004_S2DNNXAGC34881"); user_pref("browser.search.searchengine.url", "http://www.trotux.com/search/?from=epf1&q={searchTerms}&type=sp&uid=SAMSUNGXMZNLF128HCHP-00004_S2DNNXAGC ---- Lines searches removed from prefs.js ---- user_pref("browser.urlbar.suggest.searches", true); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- prefs_20161009_1111_.backup ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20161009_1111_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted "C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted "C:\PROGRA~2\Bonjour\mDNSResponder.exe" deleted "C:\PROGRA~3\Kingsoft\office6\mtfont\mtextra.ttf" deleted "C:\PROGRA~2\Bonjour" not deleted "C:\PROGRA~3\Kingsoft" not deleted "C:\PROGRA~3\Kingsoft\office6" not deleted "C:\PROGRA~3\Kingsoft\office6\mtfont" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Jan\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-08-28 17:50:07 F581E01FF5DB739412F174AECEB46D5A 805376 ----a-w- C:\Windows\SysWOW64\EditCtlsU.ocx 2016-08-28 17:50:07 D268668751EE22997D7EF1417034CB04 1071088 ----a-w- C:\Windows\SysWOW64\MSCOMCTL.OCX 2016-08-28 17:50:07 B73809A916E6D7C1AE56F182A2E8F7E2 140488 ----a-w- C:\Windows\SysWOW64\comdlg32.ocx 2016-08-28 17:50:07 AE47A8A5FE8193BB84FFCD338115D8EF 662288 ----a-w- C:\Windows\SysWOW64\MSCOMCT2.OCX 2016-08-28 17:50:07 62B0194F801F2AE74B8B70900DA50901 198456 ----a-w- C:\Windows\SysWOW64\MCI32.OCX 2016-08-28 17:50:07 54E10AD6EBBEDCB221ADED5D9F0C8F3F 554008 ----a-w- C:\Windows\SysWOW64\dao360.dll 2016-08-28 17:50:07 2A593F758FDE4D780000F4BD7CF178DA 1031168 ----a-w- C:\Windows\SysWOW64\ExLVwU.ocx 2016-08-28 17:50:07 2640AD05AB39321E6C9D3C71236CA0DF 1351392 ----a-w- C:\Windows\SysWOW64\comctl32.ocx 2016-08-28 17:50:07 1F2AEEA2FBD038AC97525CE8EF9F88C4 604672 ----a-w- C:\Windows\SysWOW64\ExTVwU.ocx 2016-08-28 17:50:07 045A16822822426C305EA7280270A3D6 212240 ----a-w- C:\Windows\SysWOW64\richtx32.ocx 2016-08-28 11:07:15 D16CF34B17899F90A8FCF2A3F77B4A27 15872 ----a-w- C:\Windows\SysWOW64\CNHMCA.dll 2016-08-28 11:07:15 38DD5362DF18A15DA5CED55A46BA968E 96000 ----a-w- C:\Windows\SysWOW64\CNC177FD.TBL 2016-08-28 11:07:15 0185D0C0752ABD4A1ED6CC37E4404D77 336896 ----a-w- C:\Windows\SysWOW64\CNC_CAL.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-08-28 11:04:31 9C1077DFB22B55A3CDB5DA309071E09C 105984 ----a-w- C:\Windows\Sysnative\CNC_CAI.dll ====== C:\Windows\Sysnative\drivers ===== 2016-08-27 08:31:04 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-08-27 08:30:41 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2016-08-27 08:30:41 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2016-08-27 08:30:41 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2016-08-28 09:37:19 EAD0CE65CC4A6F5C17F199DB1E774902 1092 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-28 09:37:19 D8DF52FD471C70E8305DBAF78A5940F5 1096 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-28 09:37:19 D4092FD2E6EC2C9433F4B0A055126ED6 4154 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2016-08-28 09:37:19 0E8A374B6E9A87B16C7C41B7E0ACAED5 3922 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2016-08-26 19:08:54 2FBACCF9BE9D2C628CE02BAAD962B2D2 214 ----a-w- C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-09-10 08:26:07 -------- d-----w- C:\Program Files\trend micro 2016-08-28 11:05:15 -------- d-----w- C:\Program Files\Canon 2016-08-28 11:04:19 -------- d--h--w- C:\Program Files\CanonBJ ======= C:\PROGRA~2 ===== 2016-09-08 13:01:27 -------- d-----w- C:\PROGRA~2\LibreOffice 5 2016-08-28 18:12:23 -------- d-----w- C:\PROGRA~2\Simnet 2016-08-28 10:56:23 -------- d-----w- C:\PROGRA~2\Canon 2016-08-28 09:37:18 -------- d-----w- C:\PROGRA~2\Google 2016-08-27 14:00:10 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2016-08-17 18:42:46 -------- d-----w- C:\PROGRA~2\WinRAR ======= C: ===== 2016-08-28 12:35:54 42FE1A358B3A6677D35DE90023990217 970 ----a-w- C:\DelFix.txt ====== C:\Users\Jan\AppData\Roaming ====== 2016-08-28 11:29:14 -------- d-----w- C:\Users\Jan\AppData\Local\IsolatedStorage 2016-08-28 09:37:19 -------- d-----w- C:\Users\Jan\AppData\Local\Google 2016-08-27 14:00:27 -------- d-----w- C:\Users\Jan\AppData\Local\Mozilla 2016-08-26 07:59:12 -------- d-----w- C:\Users\Jan\AppData\Local\Profiles 2016-08-22 17:15:56 -------- d-----w- C:\Users\Jan\AppData\Local\ElevatedDiagnostics 2016-08-21 08:34:51 -------- d-----w- C:\Users\Jan\AppData\Local\Diagnostics ====== C:\Users\Jan ====== 2016-09-10 08:24:33 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jan\Desktop\RSITx64.exe 2016-09-10 06:40:30 343F30DF1335642982A8550BBED410BF 1832744 ----a-w- C:\Users\Jan\Downloads\EpicSetup (1).exe 2016-09-10 06:39:47 343F30DF1335642982A8550BBED410BF 1832744 ----a-w- C:\Users\Jan\Downloads\EpicSetup.exe 2016-09-08 13:01:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2 2016-09-04 07:21:55 C75BB3D36DAED402A0965FC44506FB89 49712168 ----a-w- C:\Users\Jan\Downloads\torbrowser-install-6.0.4_en-US.exe 2016-09-03 07:31:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-28 18:12:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simnet 2016-08-28 18:12:05 89B348D37B6AA75DEEB8D9407291EAF9 1127944 ----a-w- C:\Users\Jan\Downloads\Setup_SimpleStickyNotes.exe 2016-08-28 18:06:06 46D90F815165BEF65E70E7BF1F3B143D 6154467 ----a-w- C:\Users\Jan\Downloads\Setup7StickyNotesv19 (2).exe 2016-08-28 17:57:31 46D90F815165BEF65E70E7BF1F3B143D 6154467 ----a-w- C:\Users\Jan\Downloads\Setup7StickyNotesv19 (1).exe 2016-08-28 17:52:16 46D90F815165BEF65E70E7BF1F3B143D 6154467 ----a-w- C:\Users\Jan\Downloads\Setup7StickyNotesv19.exe 2016-08-28 17:47:48 78D600ED5198F908973D75EE1C0D4CA4 5472381 ----a-w- C:\Users\Jan\Downloads\Setup7StickyNotesv17.exe 2016-08-28 12:33:55 50E985789DEE7C2AEBC93B70AAFD257A 797760 ----a-w- C:\Users\Jan\Downloads\delfix_1.013.exe 2016-08-28 11:28:18 -------- d--h--w- C:\ProgramData\CanonIJMIG 2016-08-28 11:26:58 -------- d--h--w- C:\ProgramData\CanonIJScan 2016-08-28 11:26:42 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu 2016-08-28 11:26:12 -------- d-----w- C:\ProgramData\CanonIJPLM 2016-08-28 11:07:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5600 series 2016-08-28 11:06:44 -------- d-----w- C:\ProgramData\CanonIJWSpt 2016-08-28 11:05:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2016-08-28 11:05:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual 2016-08-28 10:54:15 6228FCF2552533A30C2DB29D88B8A515 54718040 ----a-w- C:\Users\Jan\Downloads\win-mg5600-1_0-mcd.exe 2016-08-28 09:36:46 209298BEDB944459D4C9E72E8D6499E0 8227032 ----a-w- C:\Users\Jan\Downloads\ccsetup521 (1).exe 2016-08-28 09:36:38 209298BEDB944459D4C9E72E8D6499E0 8227032 ----a-w- C:\Users\Jan\Downloads\ccsetup521.exe 2016-08-27 13:57:52 7101FF0673F62B340D6C082039CF4487 1622528 ----a-w- C:\Users\Jan\Downloads\ResetBrowser.exe 2016-08-27 13:04:29 20871875AD5FE6CE6776A1AA519FDAF4 242264 ----a-w- C:\Users\Jan\Downloads\Firefox Setup Stub 48.0.2.exe 2016-08-26 07:49:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ====== C: exe-files == 2016-09-10 08:26:07 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Jan.exe 2016-09-10 08:24:33 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Jan\Desktop\RSITx64.exe 2016-09-10 07:17:09 C1B517C32354E4400C3E90CE97A42FAA 8879128 ----a-w- C:\Users\Jan\AppData\Local\NVIDIA\NvBackend\Packages\0000939f\DAO.21139240.exe 2016-09-10 07:15:11 F4CE84F405D04FAFC19FE97F2CD7BED1 53953216 ----a-w- C:\Users\Jan\AppData\Local\Epic Privacy Browser\Installer\Install\{D7D8C8A6-913D-49C4-B2DE-2A4C420C92BC}\mini_installer.exe 2016-09-10 06:40:30 343F30DF1335642982A8550BBED410BF 1832744 ----a-w- C:\Users\Jan\Downloads\EpicSetup (1).exe 2016-09-10 06:39:47 343F30DF1335642982A8550BBED410BF 1832744 ----a-w- C:\Users\Jan\Downloads\EpicSetup.exe 2016-09-09 10:40:46 3570FDB632EE77F139E9B60640D2534D 346552 ----a-w- C:\Users\Jan\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-09-09 10:40:44 249978DFAACBB5D5644F1DD78C8A4462 403896 ----a-w- C:\Users\Jan\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-09-08 06:41:25 82723CB5F70CAA2BE304D7EA4966A7A1 714472 ----a-w- C:\Users\Jan\AppData\Local\NVIDIA\NvBackend\Packages\00009385\CoProc update.21131216.exe 2016-09-07 18:21:31 D0B826193DFAA805C5ECAA4770A7FF33 930240 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\nvwirelesscontroller32.exe 2016-09-07 18:21:31 ACC230AF62FD8DCAFB66EBC8649FCB10 1163712 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\nvwirelesscontroller64.exe 2016-09-07 18:21:31 7E34BC9A9F8257BBE6134FF4BC11E9F8 695232 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvTmRep.exe 2016-09-07 18:21:31 76CCA56FBE80E8FA7158553F84264196 420800 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe 2016-09-07 18:21:31 2C07C1E9FBD02C5FE9C59DFCDFFD10C8 420288 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvTmMon.exe 2016-09-07 18:21:29 DC62D70583B8EE54BC7169989414C010 20820928 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamUserAgent.exe 2016-09-07 18:21:29 CDFD3643CA0AB56D78F6406842C089D0 3803072 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe 2016-09-07 18:21:29 BE2A90791977A3678194FEE02374DF75 485312 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvsphelper64.exe 2016-09-07 18:21:29 78451A372A190DE3AAAD683208C730D0 3265472 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe 2016-09-07 18:21:29 4DF8AD259FFF46931EF1E54CE601C628 457152 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvsphelper.exe 2016-09-07 18:21:29 1ADDF01E9A1E479DB6DED9E08094816A 18812864 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamUserAgent.exe 2016-09-07 18:21:28 DC077E98A21154286F7AAFCAABD76FEF 644544 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe 2016-09-07 18:21:28 CE21CAAC3C8FA0C972C7CFEEF87C2ABE 945088 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvSHIM.exe 2016-09-07 18:21:28 C2C889C776725E1A138A0C5662486CAC 506304 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvProfileUpdater32.exe 2016-09-07 18:21:28 9A8263B7706CBAFD9B9A7514CF7B6446 6392256 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps.exe 2016-09-07 18:21:28 88DA98F93C1AF4D072658C1C7A28E4A0 7467968 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps64.exe 2016-09-07 18:21:28 709917FA1EC36CCF8227126D75780C1A 609728 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvProfileUpdater64.exe 2016-09-07 18:21:28 2DA9C5AB66A817DB53E92ADCAD740009 781248 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\nodejs\nvnodejslauncher.exe 2016-09-07 18:21:26 DB985157F2D6CE186943BC3A11C32297 9188800 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\nodejs\NVIDIA Web Helper.exe 2016-09-07 18:21:26 8DFE019971E1FC613BDF9324BDA857AF 1411008 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\NVIDIA Share.exe 2016-09-07 18:21:26 711EAD0BF0F8852FD95B6B0692AD2A71 1411008 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\NVIDIA GeForce Experience.exe 2016-09-07 18:21:25 FE0C09D6C9848D007291FB0F4342DE6E 602560 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\7z.exe 2016-09-07 18:21:25 EF375E6A925F938F2FCEED3908708810 457152 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvContainer\x86_64\NvContainer.exe 2016-09-07 18:21:25 68376FE80C8E03C09E1F05218008B429 526784 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\DXSETUP.exe 2016-09-07 18:21:25 4D5D5CD05A46248EA290A6339099CB44 419776 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvContainer\x86\NvContainer.exe 2016-09-07 18:19:35 D21FE6F759F0A0D15310F7133E2CF3AF 68505280 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\e6e8b871-c1d2-4e03-b909-5de7914d1c12\GeForce_Experience_Update_2Xto3X_v3.0.5.22.exe 2016-09-04 07:21:55 C75BB3D36DAED402A0965FC44506FB89 49712168 ----a-w- C:\Users\Jan\Downloads\torbrowser-install-6.0.4_en-US.exe === C: other files == 2016-09-10 07:01:03 6EDBA41951E611920F7D218381483B72 64 ----a-w- C:\Users\Jan\AppData\Local\Microsoft\Windows\INetCache\IE\PS0XOBG6\N752VX[1].zip 2016-09-10 06:58:45 2CC7CB51551F1F03AE356E07593E970E 23373 ----a-w- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default\extensions\firefox-hotfix@mozilla.org.xpi 2016-09-07 18:21:42 A97A270805944FB7C77650FFFEE61773 46016 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad64v.sys 2016-09-07 18:21:42 4A055860D52E676B5704025F1A8511A1 26560 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter64.sys 2016-09-07 18:21:42 347B778A029E36D82F48669C358C75A3 40384 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad32v.sys 2016-09-07 18:21:41 D583DF30DA2FFC223DC555835E1CFE66 27584 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamKms.sys 2016-09-07 18:21:41 BCD87821DAF1ED2CF5D4F59B72B8CE9E 22976 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter32.sys 2016-09-07 18:21:41 93492C778494AAABE20F5E0B3281B09E 21440 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService32.sys 2016-09-07 18:21:41 5F6753CA31E1A5EF0B5D3CFD6C5F6558 22464 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService64.sys 2016-09-07 18:21:41 361E8F0004C78D71A5C021A0C27BDC95 26048 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamKms.sys 2016-09-07 18:21:20 74F28574BB8F61FFC7DD419FE6B6E0D5 1951 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvContainer\NvContainerRecovery.bat 2016-09-05 15:06:52 8923003ACCA092A8EE8939B52C7531B0 2034437 ----a-w- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default\features\{457b56ce-68ad-4cdd-932d-6d584a181812}\loop@mozilla.org.xpi 2016-09-05 15:06:52 57E44B5FBC1A39AEAFF4371DDF725E6D 6321 ----a-w- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default\features\{457b56ce-68ad-4cdd-932d-6d584a181812}\e10srollout@mozilla.org.xpi 2016-09-05 15:06:52 42910AD54D5C1E030808FE0871BF87B1 781661 ----a-w- C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default\features\{457b56ce-68ad-4cdd-932d-6d584a181812}\firefox@getpocket.com.xpi 2016-09-05 15:02:53 41901C86E62C38B9C850176E4F5015AF 175753730 ----a-w- C:\Users\Jan\Downloads\wetransfer-6baae5.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3609427630-1143254443-2860237718-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Epic Privacy Browser Installer"="C:\Users\Jan\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Simple Sticky Notes"="C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [HKEY_USERS\S-1-5-21-3609427630-1143254443-2860237718-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Epic Privacy Browser Installer"="C:\Users\Jan\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Simple Sticky Notes"="C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebStorage"="C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\ASUSWSLoader.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Reader Application Helper"="C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" "CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Jan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Epic Privacy Browser Installer"="C:\Users\Jan\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Simple Sticky Notes"="C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BExnCBak] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dowidoly] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\lfsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pugisemezbt] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\rijufoze] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RsgBuilderCefaph.exe] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\explorer.exe [01/07/2016 06:33] C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [15/07/2016 10:16] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [15/07/2016 10:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/08/2016 11:42] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] C:\Windows\tasks\WpsNotifyTask_Administrator.job --a-------- C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [24/11/2015 07:06] C:\Windows\tasks\WpsUpdateTask_Administrator.job --a-------- C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [24/11/2015 07:06] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ASUS Live Update1" [C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe] "C:\Windows\SysNative\tasks\ASUS Live Update2" [C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe] "C:\Windows\SysNative\tasks\ASUS Smart Gesture Launcher" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\ATK Package 36D18D69AFC3" ["C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"] "C:\Windows\SysNative\tasks\ATK Package A22126881260" ["C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec" ["C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"] "C:\Windows\SysNative\tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon" ["C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe"] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\Windows\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe] "C:\Windows\SysNative\tasks\RtHDVBg_ListenToDevice" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\Windows\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"] "C:\Windows\SysNative\tasks\Update Checker" [C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe] "C:\Windows\SysNative\tasks\WpsNotifyTask_Administrator" [C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe] "C:\Windows\SysNative\tasks\WpsUpdateTask_Administrator" [C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS GIFTBOX" [C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS Product Register Service" [C:\Program Files (x86)\ASUS\APRP\aprp.exe] "C:\Windows\SysNative\tasks\Intel\Intel Telemetry 2" [C:\Program Files\Intel\Telemetry 2.0\lrio.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Jan\AppData\Roaming\Profiles\pagpysherhientkanupy user_pref("browser.startup.homepage", "http://www.trotux.com/?z=d186b23529c80d040ffd44fg4zfmco4get5m7mcw8o&from=epf1&uid=SAMSUNGXMZNLF128HCHP-00004_S2DNNXAGC34881&type=hp"); user_pref("browser.newtab.url", "http://www.trotux.com/?z=d186b23529c80d040ffd44fg4zfmco4get5m7mcw8o&from=epf1&uid=SAMSUNGXMZNLF128HCHP-00004_S2DNNXAGC34881&type=hp"); user_pref("browser.search.defaultenginename", "trotux"); user_pref("browser.search.selectedEngine", "trotux"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default - Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\i22md25d.default 4DD36616DCCCB299EEF3E997D2CCA1AD - C:\Users\Jan\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll - Epic Privacy Browser Installer ==== Chromium Look ====================== Video Downloader - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\aldeandmbaoendamcmacfaogcgolnfop Proxy Service - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\bfnhnefchjpncddinphaaghojhkdiicd Encrypted Connection Preference - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\gldbhgnhlaiagaifjoilpoldndcgnkfd EpicYouTubeDownloader - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\gpdfcpdadibbfkjkhfhmjmfibjmnfclb Umbrella Button - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\lnbljomoelmhegncbidenhndbelgdahg Epic Filter - Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\ojmkmloghldahkpgloknaapbpembjija Google Slides - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Sheets - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Extensions\aldeandmbaoendamcmacfaogcgolnfop deleted successfully C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Local Storage\chrome-extension_aldeandmbaoendamcmacfaogcgolnfop_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus15.msn.com/?pc=ASTE" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://asus15.msn.com/?pc=ASTE" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Jan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\i22md25d.default\Cache emptied successfully C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\i22md25d.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache will be emptied at reboot C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=160 folders=49 91671007 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Jan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\data_0" deleted "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\data_1" deleted "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\data_2" deleted "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\data_3" deleted "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\index" deleted "C:\PROGRA~2\Bonjour" not found "C:\PROGRA~3\Kingsoft" not found "C:\Users\Jan\AppData\Local\Epic Privacy Browser\User Data\Default\Local Storage\chrome-extension_aldeandmbaoendamcmacfaogcgolnfop_0.localstorage" not deleted ==== EOF on za 10/09/2016 at 11:35:55,21 ======================