Zoek.exe v5.0.0.0 Updated 21-December-2014 Tool run by Beheerder on zo 21-12-2014 at 19:23:48,36. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: E:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-12-21-170849.log 16244 bytes C:\zoek-results2014-12-21-181825.log 0 bytes C:\zoek-results2014-12-21-182331.log 0 bytes ==== Empty Folders Check ====================== C:\Users\Beheerder\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\SearchScopes\{44C01E2F-AB17-449B-84A6-261849E0805A} deleted successfully HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{478034E4-EE93-4804-8491-193C3EA23D14} deleted successfully HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85A0C87D-8F15-42DC-8C65-7957C04CF77} deleted successfully HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A92C9DBC-D6C6-4146-BE89-40356C6DD25} deleted successfully HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBD35DF2-D327-4F6C-8BCA-5B4283E142DB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\keyboardmotion_64.exe deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\directxmsctfmonitor64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nkdytjtjsw32 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UniversalUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b786bdb3c67d deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\BEHEER~1\AppData\Roaming\Mozilla\Firefox\Profiles\t2nrodq4.default user.js not found ---- Lines quick_start removed from prefs.js ---- user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- Lines extensions.1GvReTXTffh8YTcB removed from prefs.js ---- user_pref("extensions.1GvReTXTffh8YTcB.epoch", "1419242991"); user_pref("extensions.1GvReTXTffh8YTcB.url", "http://liversional.com/sync2/?q=hfZ9ofmKhMn4tNbPhd9FrjsEpihTB6lKDzt4ok4rtNtVh7n0rjnFrTw8rjsHrjrFtMFHhd9F ---- FireFox user.js and prefs.js backups ---- prefs_21-12-2014_1945_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}] "Linkey Dealsx64"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "ApnTBMon"=- "f552dd4c52e3"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\LinkeyDeals not found C:\Program Files (x86)\B7305D53-89A1-44CD-904E-E5C91C2C0EE6 not found C:\Program Files (x86)\AskPartnerNetwork deleted C:\Program Files\007 deleted C:\Program Files (x86)\0ca45c95134d deleted C:\Program Files\CouponMonkey deleted C:\Program Files (x86)\globalUpdate deleted C:\ProgramData\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\Users\Beheerder\AppData\Local\globalUpdate deleted C:\Users\Beheerder\AppData\Local\AskPartnerNetwork deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\drivers\b786bdb3c67d.sys deleted C:\windows\SysNative\drivers\netfilter64.sys deleted C:\Users\Beheerder\Documents\Optimizer Pro deleted C:\Users\BEHEER~1\AppData\Roaming\Mozilla\Firefox\Profiles\t2nrodq4.default\extensions\Y9xA3a@6P.net deleted "C:\Windows\Installer\6f796.msi" deleted "C:\PROGRA~3\65aea5153d3fd335\{F04D4328-4631-1CBE-1907-201B33FAF2E8}.20141215133221" deleted "C:\PROGRA~3\65aea5153d3fd335\{F04D4328-4631-1CBE-1907-201B33FAF2E8}.20141215134435" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\keyboardmotion_64.exe" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\msvcp100.dll" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\msvcr100.dll" not deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\QtCore4.dll" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\QtNetwork4.dll" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\txviewusp_64.exe" deleted "C:\Windows\Syswow64\directxmsctfmonitor64\directxmsctfmonitor64.exe" deleted "C:\Windows\Syswow64\directxmsctfmonitor64\msvcp100.dll" deleted "C:\Windows\Syswow64\directxmsctfmonitor64\msvcr100.dll" not deleted "C:\Windows\Syswow64\directxmsctfmonitor64\QtCore4.dll" deleted "C:\Windows\Syswow64\directxmsctfmonitor64\QtNetwork4.dll" deleted "C:\Program Files (x86)\SU1MyN2Q2MjA1Ng\b786bdb3c67d.exe" deleted "C:\PROGRA~3\65aea5153d3fd335" deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64" not deleted "C:\Windows\Syswow64\directxmsctfmonitor64" not deleted "C:\Program Files (x86)\SU1MyN2Q2MjA1Ng" not deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\desktop" not deleted "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\service" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BEHEER~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-17 16:18:57 7EAC336CFB845753DE556D8EEDD8BD58 129536 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2014-12-15 12:33:51 C4FB74C1E96142E0A9E5DE78E3A0B494 28672 ----a-w- C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-15 12:33:37 98C136EA9D0CA9C010FE49D863D29C6D 1612992 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2014-12-15 12:33:19 CA7A00203E710E56C18D15B72148769F 790528 ----a-w- C:\Windows\SysWOW64\MrmCoreR.dll 2014-12-12 17:23:28 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-12-12 17:23:18 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-12-12 17:23:16 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-12-12 17:23:14 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-12-12 17:23:14 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-12-12 17:23:14 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-12-12 17:23:12 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-12-12 17:23:11 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-12-12 17:23:11 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-12-12 17:23:11 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-12-12 17:23:10 86181845803967FC51B64119E80FC18C 340992 ----a-w- C:\Windows\SysWOW64\html.iec 2014-12-12 17:23:10 713407DA59A9DBE5BD64A17D7A267DA1 326656 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-12-12 17:23:10 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-12-12 17:23:09 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-12-12 17:23:09 C6941899E6B0A1893D2D5A89241A43B6 661504 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-12-12 17:23:09 98F2784FC4A4A80CE20016C6281834EE 880128 ----a-w- C:\Windows\SysWOW64\inetcomm.dll 2014-12-12 17:23:09 476900A8699F5C3D954ADD4A35D33F89 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2014-12-12 17:23:09 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-12 17:23:09 0E4D9A13C7C6C8FC3ACCF1C8C28DE200 128000 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2014-12-12 17:23:06 A9B598B04606F9869C42728FE95CBC7C 1489072 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-17 16:18:58 E4A75F7BA48F4281405C782E3DB9F828 146432 ----a-w- C:\Windows\Sysnative\poqexec.exe 2014-12-15 12:33:51 83AEDC4636606B145851723AE7385781 34304 ----a-w- C:\Windows\Sysnative\DeviceSetupStatusProvider.dll 2014-12-15 12:33:37 F5BA843DE3475B8D7FD5AFC21857A7C1 1970432 ----a-w- C:\Windows\Sysnative\crypt32.dll 2014-12-15 12:33:35 EE5ED8E6998D7E686F614BA8D876829B 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-12-15 12:33:35 8283D7B0DCB540AB58A864E4BF2451FD 830464 ----a-w- C:\Windows\Sysnative\appraiser.dll 2014-12-15 12:33:35 222F243A138149E51FEA4769A475A144 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-12-15 12:33:34 FB7F1B20A2C86D55F731E53EB04C9360 740864 ----a-w- C:\Windows\Sysnative\invagent.dll 2014-12-15 12:33:33 C4A550C337ADB0EB4C4D4F388C27B815 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-12-15 12:33:33 C4859B1344645E6109DE77F5577CD37F 396288 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-12-15 12:33:33 2DD8EC6F8DE5F8556ABC5F223D49EA07 412672 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-12-15 12:33:20 DB7815ACB2D8F7CB03807059969F13B6 1091072 ----a-w- C:\Windows\Sysnative\MrmCoreR.dll 2014-12-12 17:23:30 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-12-12 17:23:20 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-12-12 17:23:17 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-12-12 17:23:16 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-12-12 17:23:15 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-12-12 17:23:15 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-12-12 17:23:13 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-12-12 17:23:12 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-12-12 17:23:11 DDE455CF1B9F43775A53A4E577DFDC54 373760 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-12-12 17:23:11 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-12-12 17:23:11 284070B045F8B11B4A1FB32F72023038 417280 ----a-w- C:\Windows\Sysnative\html.iec 2014-12-12 17:23:11 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-12-12 17:23:11 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-12-12 17:23:10 62CFEE2A516C68540486EBF26F18ED4C 145408 ----a-w- C:\Windows\Sysnative\iepeers.dll 2014-12-12 17:23:10 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-12-12 17:23:09 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-12-12 17:23:09 D248949FCF2B72C1FD4EC15DA92065C0 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2014-12-12 17:23:09 A41AC7E8D142FD0ECF6EF7F1BB63D478 812544 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-12-12 17:23:09 507DC5EE1363EEB7D986B1026DF4E39D 1032704 ----a-w- C:\Windows\Sysnative\inetcomm.dll 2014-12-12 17:23:09 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-12-12 17:23:06 418B5117F187DFFD96C52325CA0DF153 1762840 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-21 13:07:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-12-21 13:06:18 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-12-21 13:06:18 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-12-21 13:06:18 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-12-12 17:23:05 B02118A776C368F7EE1A8CC81378D265 153920 ----a-w- C:\Windows\Sysnative\drivers\dumpsd.sys 2014-12-12 17:23:05 A770340FC02B999EF0DE6C2A6BC8437C 39744 ----a-w- C:\Windows\Sysnative\drivers\intelpep.sys 2014-12-12 17:23:05 7B7C482CF48E6EE33664340D1A78E6FE 238912 ----a-w- C:\Windows\Sysnative\drivers\sdbus.sys 2014-12-12 17:23:05 24A8DFC07E4BAF29AEA26E383D4CC886 86336 ----a-w- C:\Windows\Sysnative\drivers\pdc.sys 2014-11-22 19:16:49 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2014-11-22 19:16:48 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2014-11-22 19:16:48 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-11-22 19:16:35 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys 2014-11-22 19:16:35 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys 2014-11-22 19:16:34 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys ====== C:\Windows\Tasks ====== 2014-12-15 12:45:28 E04EB1EC0DA9140F442579B6609AAE61 3172 ----a-w- C:\Windows\Sysnative\Tasks\{6547E7DF-0992-4BE5-9833-1B09E9DBACFB} 2014-11-29 20:47:30 8ACA925065ECA88402C63DD32940003E 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-29 20:47:30 7DC6A1FB2098D9F02AB23DCBF0CE6615 3828 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-21 14:15:48 -------- d-----w- C:\Program Files\trend micro 2014-11-22 20:02:15 -------- d-----w- C:\Program Files\MPC-HC ======= C:\PROGRA~2 ===== 2014-12-21 08:50:33 -------- d-----w- C:\PROGRA~2\SU1MyN2Q2MjA1Ng 2014-11-29 20:20:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Beheerder\AppData\Roaming ====== 2014-12-15 12:30:25 -------- d-----w- C:\Users\Beheerder\AppData\Local\keyboardmotion_64 2014-12-15 12:00:02 -------- d-sh--w- C:\Users\Beheerder\AppData\Local\EmieBrowserModeList 2014-12-15 11:59:59 -------- d-sh--w- C:\Users\Beheerder\AppData\Locallow\EmieBrowserModeList 2014-11-29 20:44:44 -------- d-----w- C:\Users\Beheerder\AppData\Roaming\Mozilla 2014-11-29 20:44:44 -------- d-----w- C:\Users\Beheerder\AppData\Local\Mozilla 2014-11-22 20:02:57 -------- d-----w- C:\Users\Beheerder\AppData\Roaming\MPC-HC ====== C:\Users\Beheerder ====== 2014-12-15 12:28:45 DE1155A49C4AF990F389000322312D71 596696 ----a-w- C:\Users\Beheerder\Downloads\ImgBurn(1).exe 2014-12-15 12:27:44 DE1155A49C4AF990F389000322312D71 596696 ----a-w- C:\Users\Beheerder\Downloads\ImgBurn.exe 2014-11-29 20:44:35 -------- d-----w- C:\ProgramData\Mozilla 2014-11-22 20:02:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 ====== C: exe-files == 2014-12-21 14:15:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Beheerder.exe 2014-12-17 16:18:58 E4A75F7BA48F4281405C782E3DB9F828 146432 ----a-w- C:\Windows\System32\poqexec.exe 2014-12-17 16:18:57 7EAC336CFB845753DE556D8EEDD8BD58 129536 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2014-12-15 14:47:12 9ED6119B01F73BBF41827EB3BEF692C1 1647104 ----a-w- C:\Users\Beheerder\AppData\Local\Packages\FED9F8FE.RTLXL_4wk03kwx0d3st\AC\Microsoft\CLR_v4.0\NativeImages\RTLXL.Win81\beb2e31d4e9b21e79f7608f402ad94a5\RTLXL.Win81.ni.exe 2014-12-15 14:46:56 93C44C1C445EB5306FAB214BF9C9FE11 65536 ----a-w- C:\Users\Beheerder\AppData\Local\Packages\C40DCF4F.FootballWorldLeague3DPenaltyChampionsCup1_b6sb9g8avsqk2\AC\Microsoft\CLR_v4.0_32\NativeImages\Template\63534ceb8aecf1ad6b382dd690f35c06\Template.ni.exe 2014-12-15 14:46:52 6F317259BDE386ACD561D31F50F22175 204800 ----a-w- C:\Users\Beheerder\AppData\Local\Packages\65188TwentyNineAppsInc.24867818D679_gz7tmx83qq512\AC\Microsoft\CLR_v4.0_32\NativeImages\FacebookTouch\b9b83e07570d0f0f58d94cbdef214eb9\FacebookTouch.ni.exe 2014-12-15 14:46:34 9CB830C0D261144DB89CBD46CD94B083 881152 ----a-w- C:\Users\Beheerder\AppData\Local\Packages\26720RandomSaladGamesLLC.BubblePopStar_kx24dqmazqk8j\AC\Microsoft\CLR_v4.0_32\NativeImages\BubblePop\20dfdf28feb3db4dadb09dec296c4519\BubblePop.ni.exe 2014-12-15 12:33:34 65536EB5F53B76562BBE0DE332A8BA3C 66216 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2014-12-15 12:28:45 DE1155A49C4AF990F389000322312D71 596696 ----a-w- C:\Users\Beheerder\Downloads\ImgBurn(1).exe 2014-12-15 12:27:44 DE1155A49C4AF990F389000322312D71 596696 ----a-w- C:\Users\Beheerder\Downloads\ImgBurn.exe 2014-12-15 12:01:22 9685E1B00B7D1B31EDE436BD9B12BE39 3469871 ----a-r- C:\Users\Beheerder\AppData\Local\Microsoft\Windows\FileHistory\Data\185\C\Users\Beheerder\Desktop\SetupImgBurn_2-5-8-0.exe 2014-12-15 12:01:09 0D5F3E3FF517F1DF693CA90659287DC9 32845784 ----a-r- C:\Users\Beheerder\AppData\Local\Microsoft\Windows\FileHistory\Data\185\C\Users\Beheerder\Desktop\VidPlayaSetup_v2.exe === C: other files == 2014-12-21 13:07:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-21 13:06:18 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-21 13:06:18 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-12-21 13:06:18 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN3822S3YB05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Linkey Dealsx64"="C:\Program Files (x86)\LinkeyDeals\msilnk64.exe" [HKEY_USERS\S-1-5-21-3388364161-3371581141-2424290813-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN3822S3YB05X4:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Linkey Dealsx64"="C:\Program Files (x86)\LinkeyDeals\msilnk64.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Startup Folders ====================== 2014-08-16 14:51:08 972 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-12-2014 18:50] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-06-2014 07:58] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-06-2014 07:58] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Touchpad Launcher (x64)" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{6568F1B0-E1D3-4583-B50E-10693471D700}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6}"="C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6}" [] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== Profilepath: C:\Users\Beheerder\AppData\Roaming\Mozilla\Firefox\Profiles\t2nrodq4.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Could not determine latest Stable Version) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions poimdfnhgefmnkeefbjibbiemlimdnof - No path found[] Google Docs - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Beheerder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:13355" "ProxyOverride"=";*origin.com;*ea.com;*akamaihd.net" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC05100 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Salus deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1500} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC05100 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Beheerder\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Beheerder\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=268 folders=108 60215132 bytes) ==== Empty Temp Folders ====================== C:\Users\Beheerder\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BEHEER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Beheerder\AppData\Local\keyboardmotion_64\msvcr100.dll" not found "C:\Windows\Syswow64\directxmsctfmonitor64\msvcr100.dll" not found "C:\Users\Beheerder\AppData\Local\keyboardmotion_64" not found "C:\Windows\Syswow64\directxmsctfmonitor64" not found "C:\Program Files (x86)\SU1MyN2Q2MjA1Ng" not found ==== EOF on zo 21-12-2014 at 19:56:15,76 ======================