Zoek.exe v5.0.0.0 Updated 10-September-2014 Tool run by Janine on vr 12-09-2014 at 23:35:44,35. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Janine\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12-9-2014 23:40:18 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\CouppExTensaiuon deleted successfully C:\PROGRA~2\DeallEoxpress deleted successfully C:\PROGRA~2\Funi2Save deleted successfully C:\PROGRA~2\NetoCiouppOan deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\ReguLLaaRDeals deleted successfully C:\PROGRA~2\saFeeweb deleted successfully C:\PROGRA~2\SaveNewaApPZ deleted successfully C:\PROGRA~3\CouppExTensaiuon deleted successfully C:\PROGRA~3\DeallEoxpress deleted successfully C:\PROGRA~3\Funi2Save deleted successfully C:\PROGRA~3\NetoCiouppOan deleted successfully C:\PROGRA~3\ReguLLaaRDeals deleted successfully C:\PROGRA~3\saFeeweb deleted successfully C:\PROGRA~3\SaveNewaApPZ deleted successfully C:\Users\Janine\AppData\Roaming\Nosibay deleted successfully C:\Users\Janine\AppData\Roaming\Store deleted successfully C:\Users\Janine\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Janine\AppData\Local\PackageStaging deleted successfully C:\Users\Janine\AppData\Local\WeatherAlerts deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2544163091-2644434428-762857067-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-2544163091-2644434428-762857067-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe C:\Program Files (x86)\KPN\Mobiel Internet Software\LoggerServer.exe C:\Windows\SysWOW64\svchost.exe C:\ProgramData\KPN Mobile Connect\OnlineUpdate\ouc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\ProgramData\KPN Mobile Connect\OnlineUpdate\LiveUpd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Janine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Janine\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "mbot_fr_24"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\NetoCiouppOan not found C:\Program Files (x86)\Funi2Save not found C:\ProgramData\NetoCiouppOan not found C:\ProgramData\Funi2Save not found C:\ProgramData\c0ec5b6920bbac22 deleted C:\Users\Janine\AppData\LocalLow\{27F7C016-D440-8FF9-5DB6-1FD27EB98D38} deleted C:\Users\Janine\AppData\LocalLow\{9E2FF6EA-5205-81EB-8101-1A2BDDC021FB} deleted C:\Users\Janine\AppData\LocalLow\{A6315ED7-13BC-714F-D924-B416190E5CFE} deleted C:\Users\Janine\AppData\LocalLow\{E8E116BE-7369-46E9-757D-7461639AE8BD} deleted C:\Users\Janine\AppData\LocalLow\{F6F1D57E-A928-2763-90B0-33D8917EA135} deleted C:\Users\Janine\AppData\LocalLow\{F8DD2EDF-BD34-E57D-4FD5-6AB69B87EB10} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{27F7C016-D440-8FF9-5DB6-1FD27EB98D38} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{9E2FF6EA-5205-81EB-8101-1A2BDDC021FB} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{A6315ED7-13BC-714F-D924-B416190E5CFE} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{E8E116BE-7369-46E9-757D-7461639AE8BD} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{F6F1D57E-A928-2763-90B0-33D8917EA135} deleted C:\Users\Janine\AppData\Local\Packages\windows_ie_ac_001\AC\{F8DD2EDF-BD34-E57D-4FD5-6AB69B87EB10} deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\Janine\AppData\Roaming\Systweak deleted C:\Users\Janine\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\SuperbApp deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Janine\AppData\Local\Software deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Janine\Downloads\SoftonicDownloader_voor_avs-video-converter.exe deleted C:\Users\Janine\Downloads\SoftonicDownloader_voor_dvd-decrypter.exe deleted C:\Users\Janine\Downloads\SoftonicDownloader_voor_dvd-shrink.exe deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\end deleted C:\windows\SysNative\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}Gw64.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Public\Desktop\eBay.lnk deleted C:\Users\Janine\Downloads\lover-of-loser-dut-3627167.exe deleted C:\Users\Janine\Downloads\lover-of-loser-eng-4579443 (1).exe deleted "C:\Windows\Installer\219ad.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6057 MB CPU Info: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz CPU Speed: 2514,9 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #3 | Qualcomm Atheros AR956x Wireless Network Adapter | Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SU-208DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 454,9GB Hard Disks - Free: C: 325,3GB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | | TOSASU - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: TOSHIBA PT10S Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 34.0.1847.116 Internet Explorer Version: 11.0.9600.17278 Google Chrome version: 34.0.1847.116 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Janine\AppData\Local\Temp ==== 2014-09-02 09:28:01 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Users\Janine\AppData\Local\Temp\{511A3346-1370-4B6E-AA0F-F5DB98CADC31}\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\VC2008Redist\vcredist_x86_2008.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-09-10 14:54:22 1E2AEB0238F0FE156FC1E4EE918446DD 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 14:54:18 B9361205DC3168E724E6288F64D0D867 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 14:54:16 1C9DF9ABA72C6F6ED0AAAD9AC3F0DAC5 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-09-10 14:54:11 332E39115D7AE6071357E453574FCD48 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 14:54:10 089A1B20B83F147184D28E8633DC0F5E 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 14:54:07 734FB412C293001F7777DEF89BC510BF 603136 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 14:54:07 6A89CC35530F7021B91571D2C2DF7009 312320 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 14:54:05 96C9E7D834583F5F48CC0390F7755CE1 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 14:54:05 4E9D7F3948E0B1DB2F861A0C9BA186AB 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 14:54:05 2BFB1103B7D2B45A094B0600CDD775F3 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 14:53:54 A98F492B4C63CA5E11DAAEB36A0CEFCE 2185728 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-09-10 14:53:54 1A03F9B1D9F0493B18B1E648F4F82D4F 1812992 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-09-10 14:53:53 6DBE009D0DECBD8F1F170366332BE432 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-09-10 14:53:53 26E85EDDE755D489A20CC67C4DAAD8BC 2014208 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 14:53:50 7E1AB823D5F57E18392A2C6BC7466B07 11769856 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-09-10 14:53:49 FA5275F6BE4D2615B754F06E7CF228DB 17455104 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-09-10 14:53:47 6D6E5210CA43AAC67082C69A8BA53705 4232704 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-09-10 14:23:41 4C48253C6A21CCEBA071B58A5CDF17C1 875688 ----a-w- C:\Windows\SysWOW64\msvcr120_clr0400.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-09-10 17:55:06 888FC771B2D081EB39677868C882FB76 738816 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-09-10 17:55:06 5F776A54E4B7C5D54E96D2FF8D580706 527360 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-09-10 17:55:05 5C809DB631BEB5DCC63C23203102D91A 97280 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-09-10 14:54:22 343A53C71F8CE8DE172880F210BF50CB 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-09-10 14:54:19 E7852ACED4314BF475DE89C388247CAD 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-09-10 14:54:17 550531ED60E7AD5CA02EDB0FAFA6280B 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-09-10 14:54:16 19FB8104F320C31BB0E34D5A926ECD1C 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-09-10 14:54:16 0B52D185504457310D42B5413783D6DC 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-09-10 14:54:11 7F733479C6DC92B649B2B1298EE6D6B6 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-09-10 14:54:10 910AAE6634F7C809E93EE0341C850180 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-09-10 14:54:08 F519886D6075BFF0286793B3891E0675 727040 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-09-10 14:54:08 B2AA93A6FC3BB1EFBF25410DAA6BB1D2 359424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-09-10 14:54:08 1FA34F04CB4529000AD818268F059D3E 707072 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-09-10 14:54:04 E86022F8AE3F9251459C744E175309F9 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-09-10 14:54:02 47942CCF5A5CD57AE1BB44F17725A912 23591424 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-09-10 14:53:55 30C355249224173151874A7B86A8BB66 2310656 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-09-10 14:53:54 7F88F6790401199B2C9C932FD91965F9 2793984 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-09-10 14:53:53 4C56EBB6A31E8323D3CBBC476C81B998 1447424 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-09-10 14:53:52 4EBE88D6CC494B9BE3705B400562A587 2104832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-09-10 14:53:51 3EC77C4625862483BFCF4CEE1231EED7 13588480 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-09-10 14:53:48 5107C9AEF01636FF8A04E8F28CF7C316 5833728 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-09-10 14:23:41 8BB7548307EE6147137993A410D64387 869544 ----a-w- C:\Windows\Sysnative\msvcr120_clr0400.dll 2014-09-10 14:20:33 D3AE5DB16EAF913860EC28654CE00E6B 1212928 ----a-w- C:\Windows\Sysnative\schedsvc.dll ====== C:\Windows\Sysnative\drivers ===== 2014-09-02 09:28:17 7CC1BB2CA5A01D3AD844E6476B026733 137728 ----a-w- C:\Windows\Sysnative\drivers\ZTEusbnet.sys 2014-09-02 09:28:17 3762B4C538B9D710F85042849C20319F 123520 ----a-w- C:\Windows\Sysnative\drivers\ZTEusbser6k.sys 2014-09-02 09:28:17 3762B4C538B9D710F85042849C20319F 123520 ----a-w- C:\Windows\Sysnative\drivers\ZTEusbnmeaext2.sys 2014-09-02 09:28:17 3762B4C538B9D710F85042849C20319F 123520 ----a-w- C:\Windows\Sysnative\drivers\ZTEusbnmea.sys 2014-09-02 09:28:17 3762B4C538B9D710F85042849C20319F 123520 ----a-w- C:\Windows\Sysnative\drivers\ZTEusbmdm6k.sys 2014-09-02 09:28:17 035C83CD72E06C47000793D32B1A642D 11776 ----a-w- C:\Windows\Sysnative\drivers\massfilter.sys 2014-08-14 18:53:29 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2014-08-14 18:51:31 F572B7467B5CB4FA8FB6319575902E41 32768 ----a-w- C:\Windows\Sysnative\drivers\ewdcsc.sys 2014-08-14 18:51:31 CACBDF30051DFB383E24B3E731D82BDE 22016 ----a-w- C:\Windows\Sysnative\drivers\ew_hwupgrade.sys 2014-08-14 18:51:31 AE2808DB3338ED24650F8BC7A861ACA5 455680 ----a-w- C:\Windows\Sysnative\drivers\ewusbwwan.sys 2014-08-14 18:51:31 9FF1915F672AACA0E241A11F7E0BB677 246272 ----a-w- C:\Windows\Sysnative\drivers\ew_juwwanecm.sys 2014-08-14 18:51:31 86A435B98574BEC232D19262E8B76FD3 77312 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcecm.sys 2014-08-14 18:51:31 73E0BB3F22FD486458D89DC469225DD0 110592 ----a-w- C:\Windows\Sysnative\drivers\ew_jucdcacm.sys 2014-08-14 18:51:31 7230F4CF9F20DCD1DBF4BB3296EEED68 109568 ----a-w- C:\Windows\Sysnative\drivers\ew_hwusbdev.sys 2014-08-14 18:51:31 6196072AB259D45261619FA1230D6E1A 91648 ----a-w- C:\Windows\Sysnative\drivers\ew_jubusenum.sys 2014-08-14 18:51:31 5222D99C7E3245882E864D2EA7011387 14976 ----a-w- C:\Windows\Sysnative\drivers\ew_usbenumfilter.sys 2014-08-14 18:51:31 4565D7B2738BA36D7B723A9E46D5C32E 30720 ----a-w- C:\Windows\Sysnative\drivers\ew_juextctrl.sys 2014-08-14 18:51:31 4216386DA9622C9AD330AA749C1E6517 226048 ----a-w- C:\Windows\Sysnative\drivers\ewusbmdm.sys 2014-08-14 18:51:31 15E399875C850B54FC253A2323AD8021 1001472 ----a-w- C:\Windows\Sysnative\drivers\mod7700.sys 2014-08-14 18:51:31 0E9AD2D3784A0996A5131512939C09C0 1490656 ----a-w- C:\Windows\Sysnative\drivers\WdfCoInstaller01007.dll 2014-08-14 14:13:22 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2014-08-14 14:11:23 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2014-08-14 14:10:29 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2014-08-14 14:10:23 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\Windows\Sysnative\drivers\agilevpn.sys 2014-08-14 14:10:18 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\Windows\Sysnative\drivers\vwifimp.sys 2014-08-14 14:10:17 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\Windows\Sysnative\drivers\vwififlt.sys 2014-08-14 14:09:44 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-08-14 14:09:42 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\Windows\Sysnative\drivers\usbport.sys 2014-08-14 14:09:42 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys 2014-08-14 14:09:42 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-08-14 14:09:42 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2014-08-14 14:09:42 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys 2014-08-14 14:09:42 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2014-08-14 14:09:41 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\Windows\Sysnative\drivers\usbd.sys 2014-08-14 14:09:41 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\Windows\Sysnative\drivers\usbuhci.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-11 19:12:40 -------- d-----w- C:\Program Files\trend micro 2014-09-11 12:53:00 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2014-09-02 09:28:07 -------- d-----w- C:\PROGRA~2\ZTE_1.2074.0.4 2014-09-02 09:27:17 -------- d-----w- C:\PROGRA~2\KPN 2014-08-14 18:49:58 -------- d-----w- C:\PROGRA~2\KPN Mobile Connect ======= C: ===== ====== C:\Users\Janine\AppData\Roaming ====== ====== C:\Users\Janine ====== 2014-09-11 19:15:31 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Janine\Downloads\RSITx64 (1).exe 2014-09-11 18:56:14 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Janine\Downloads\RSITx64.exe 2014-09-11 14:10:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-11 14:10:10 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Janine\Downloads\spsetup126 (1).exe 2014-09-11 12:51:46 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Janine\Downloads\spsetup126.exe 2014-09-06 19:01:29 FC92C63383B5272FFE0865DE78024534 6897184 ----a-w- C:\Users\Janine\Downloads\albelli_NL (1).exe 2014-09-02 09:29:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN 2014-08-14 18:51:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN Mobile Connect 2014-08-14 18:51:49 -------- d-----w- C:\ProgramData\KPN Mobile Connect 2014-08-14 18:49:29 -------- d-----w- C:\ProgramData\DatacardService ====== C: exe-files == 2014-09-12 18:59:01 42D974DA1569832A6FE14088BAA88885 1647104 ----a-w- C:\Users\Janine\AppData\Local\Packages\FED9F8FE.RTLXL_4wk03kwx0d3st\AC\Microsoft\CLR_v4.0\NativeImages\RTLXL.Win81\2ad6827f18fbb811a95c1fb21d1d0277\RTLXL.Win81.ni.exe 2014-09-12 18:58:33 0CD8F545BC87AA460F29EC9A4EF09FDA 10501632 ----a-w- C:\Users\Janine\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook\680661dcbcda161a446f68c8722a2a1c\Facebook.ni.exe 2014-09-12 18:58:13 48D12CA5CE92729C16512EF6A50BA204 190464 ----a-w- C:\Users\Janine\AppData\Local\Packages\Preconsult.Ikleergeluiden_9g3c0q0avwvfm\AC\Microsoft\CLR_v4.0_32\NativeImages\IkLeerGeluiden\bd2a2710bea2345697f705dd0e9ad651\IkLeerGeluiden.ni.exe 2014-09-12 18:58:04 0E68E486E3496F9DB9798396319CA815 1282560 ----a-w- C:\Users\Janine\AppData\Local\Packages\63099Moonlighting.SuperPhotoFree_hths5t1tmnj8m\AC\Microsoft\CLR_v4.0_32\NativeImages\SuperPhoto Free\e0c630688e8d254c701c3e80254b64bb\SuperPhoto Free.ni.exe 2014-09-11 19:15:31 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Janine\Downloads\RSITx64 (1).exe 2014-09-11 19:12:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Janine.exe 2014-09-11 18:56:14 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Janine\Downloads\RSITx64.exe 2014-09-11 14:10:10 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Janine\Downloads\spsetup126 (1).exe 2014-09-11 12:51:46 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Janine\Downloads\spsetup126.exe 2014-09-10 17:55:05 0C3028324C475485D6C24D626D9149C3 176288 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-09-10 14:54:24 DDD8FE19F8B571E4E49F21967812E1B5 483328 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-09-10 14:54:24 8BE3B372BA391D85BB8C2FAD8AEC18E8 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-09-10 14:54:08 1FA34F04CB4529000AD818268F059D3E 707072 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-09-10 14:53:53 4471E9E8C84548856668F7EA0692A212 810128 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-09-10 14:53:53 154E6F681AE6AA93252EB0EB36D20389 812184 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-09-06 19:01:29 FC92C63383B5272FFE0865DE78024534 6897184 ----a-w- C:\Users\Janine\Downloads\albelli_NL (1).exe 2014-09-06 12:02:03 D595E53C7D09A84AAFFE3BA8968C3A2B 14080 ----a-w- C:\Users\Janine\AppData\Local\MyPhotoFun\Updates\Editor\updater.exe 2014-09-06 12:01:11 D472D23D1915A626118E109ED0DB53B3 2727168 ----a-w- C:\Users\Janine\AppData\Local\MyPhotoFun\Updates\Editor\Editor.exe 2014-09-06 11:59:57 BB0F3A8A554B8B91100E52749EB6FF4E 12544 ----a-w- C:\Program Files (x86)\MyPhotoFun\updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2544163091-2644434428-762857067-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Janine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "WindApp"="C:\Users\Janine\AppData\Roaming\Store\WindApp\WindApp Update.exe /winstartup" "GoogleChromeAutoLaunch_860360592AC846D552AC557A11FF1366"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "1.TPUReg"="C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe" "TSVU"="c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Janine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "WindApp"="C:\Users\Janine\AppData\Roaming\Store\WindApp\WindApp Update.exe /winstartup" "GoogleChromeAutoLaunch_860360592AC846D552AC557A11FF1366"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "TSSSrv"="C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe" "TecoResident"="C:\Program Files\TOSHIBA\Teco\TecoResident.exe" "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TCrdMain"="C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2014-01-14 12:02:49 2130 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2014-09-02 09:28:54 942 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-agent.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-01-2014 10:45] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-01-2014 10:45] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Resolution+ Setting Task" [C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{4121E6CE-6065-452C-954F-6E9519612D36}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\TOSHIBA\CommonNotifier" [C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe] "C:\Windows\SysNative\tasks\TOSHIBA\Service Station" ["C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe"] ==== Chromium Look ====================== saFeeweb - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Administrator\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Gast\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Gast\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Janine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Janine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj Google Docs - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Pin It Button - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic Google Wallet - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Janine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia saFeeweb - Janine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Janine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj saFeeweb - Janine\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof safeWebb - Janine\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj ==== Chromium Startpages ====================== C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.nl/", "startup_urls": [ "http://www.google.nl/" ], ==== Chromium Fix ====================== C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.scrabblefinder.com_0.localstorage-journal deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_avsvideoconverter.nl.softonic.com_0.localstorage deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_avsvideoconverter.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Janine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Janine\AppData\Local\Torch\User Data\Default\Extensions\kefeaipcllbnhnfoilkbpfdehjdpdlof deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Janine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Janine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully C:\Users\Janine\AppData\Local\Torch\User Data\Default\Extensions\lpfmepncadljcgknnoebjiomhglnhmnj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M162D9F0A-4BF1-426A-A615-9887A0DB285F&SearchSource=55&CUI=&UM=5&UP=SP1CEDA282-9530-4C4D-86B0-624F2C18F358&SSPV=" "Search Page"="http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_11989_CH&co=FR&userid=fe3a2e45-5e91-9dca-d276-15c25356d095&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}" "Search Bar"="http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_11989_CH&co=FR&userid=fe3a2e45-5e91-9dca-d276-15c25356d095&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_11989_CH&co=FR&userid=fe3a2e45-5e91-9dca-d276-15c25356d095&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_11989_CH&co=FR&userid=fe3a2e45-5e91-9dca-d276-15c25356d095&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}" "SearchAssistant"="http://feed.snapdo.com/?publisher=ShoppingHelper&dpid=RY_11989_CH&co=FR&userid=fe3a2e45-5e91-9dca-d276-15c25356d095&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {60EE068D-BB55-463D-B873-24310C032C71} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2544163091-2644434428-762857067-1001\Software\Microsoft\Internet Explorer\SearchScopes\{60EE068D-BB55-463D-B873-24310C032C71} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\286c43ff-5602-4f7b-921f-3d4e86444879 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3b1050ad-3b31-493d-8828-7bccb41cdc48 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF07604E-C860-40E9-A230-E37FA41F103A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E40670FF068C9E042A033EF74AF101A3 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" O4 - HKLM\..\Run: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe" O4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Janine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [WindApp] "C:\Users\Janine\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_860360592AC846D552AC557A11FF1366] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Update-agent.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{284C9DEE-04DD-49CD-849C-DD14C19C56C7}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{DF9730F3-ED00-4891-985E-2A00E0E74399}: NameServer = 193.189.244.206 193.189.244.225 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\KPN\Mobiel Internet Software\BecHelperService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KPN Mobile Connect. OUC (KPN Mobile Connect. RunOuc) - Unknown owner - C:\Program Files (x86)\KPN Mobile Connect\UpdateDog\ouc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TEMPRO Service (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Janine\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Janine\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Janine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=404 folders=142 93628398 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Janine\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Janine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 13-09-2014 at 0:19:04,07 ======================