Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by ddr on di 11-03-2014 at 10:56:37,66. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: D:\downloads\zoek(3).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-03-07-200838.log 36734 bytes C:\zoek-results2014-03-07-201827.log 9120 bytes C:\zoek-results2014-03-08-105307.log 15816 bytes C:\zoek-results2014-03-08-113052.log 4042 bytes C:\zoek-results2014-03-09-112050.log 739 bytes C:\zoek-results2014-03-09-112839.log 787 bytes C:\zoek-results2014-03-09-181921.log 835 bytes C:\zoek-results2014-03-10-080556.log 5243 bytes C:\zoek-results2014-03-10-081312.log 5551 bytes C:\zoek-results2014-03-10-083551.log 3352 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: d:\Users\ddr\AppData\Roaming\Mozilla\Firefox\Profiles\fwcw6w5p.default-1394352869807 user.js not found ---- Lines enabledAddons" modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3,newtaburl%40sogame.cat:2.2.3,hotfix%40mozilla.org:2.0,%7B972ce ---- Lines installCache" modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"hotfix@mozilla.org\":{\"descriptor\":\"C:\\\\Users\\\\ddr\\\\AppD ---- FireFox user.js and prefs.js backups ---- prefs_11-03-2014_1126_.backup ProfilePath: d:\Users\ddr\AppData\Roaming\Thunderbird\Profiles\dyad9k7q.default user.js not found ---- Lines enabledAddons" modified from prefs.js ---- user_pref("extensions.enabledAddons", "tbtestpilot%40labs.mozilla.com:1.3.9,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.3.0"); ---- Lines installCache" modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"D:\\\\Program ---- FireFox user.js and prefs.js backups ---- prefs_11-03-2014_1126_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair deleted C:\WINDOWS\Reimage.ini deleted C:\windows\SysNative\Tasks\Reimage Reminder deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted "C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe" deleted "C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted "C:\Program Files\Reimage" not deleted "C:\Program Files\Reimage\Reimage Repair" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== d:/TIJDEL~1 ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-03-08 10:50:55 6FB598E8DE02D879D17B35F144A1B3BC 270496 ------w- C:\WINDOWS\Sysnative\MpSigStub.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2014-03-07 19:38:19 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2014-02-16 08:30:06 3D9A5AC880D7AA2305812D665D24ED23 2551128 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-02-16 08:30:02 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2014-02-16 08:30:02 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2014-02-16 08:30:00 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\WINDOWS\Sysnative\drivers\ipnat.sys 2014-02-16 08:30:00 4628B415A84EA9D4D396A56F1D0CB6C6 142680 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2014-02-16 08:29:59 1C89EF529DB7DCA98E801EFDCC8437DE 19456 -c--a-w- C:\WINDOWS\Sysnative\drivers\BtaMPM.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-03-10 18:13:35 -------- d-----w- C:\Program Files\Reimage 2014-03-10 17:31:42 -------- d-----w- C:\Program Files\Classic Shell 2014-03-07 19:43:09 -------- d-----w- C:\Program Files\trend micro 2014-03-07 17:47:43 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== ======= C: ===== ====== d:\Users\ddr\AppData\Roaming ====== 2014-03-10 17:32:41 -------- d-----w- d:\Users\ddr\AppData\Roaming\ClassicShell 2014-03-10 16:26:40 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm ====== C:\Users\ddr ====== 2014-03-10 18:14:02 -------- d-----w- C:\ProgramData\CDB 2014-03-10 17:31:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-02-26 13:21:17 -------- d-----w- C:\ProgramData\Panasonic ====== C: exe-files == 2014-03-10 18:13:42 E3793BF301450F70D15311F72EE3939B 8480888 ----a-w- C:\Users\ddr\AppData\Local\Microsoft\Windows\INetCache\IE\DXAFDDY3\ProtectorPackage1014x64[1].exe 2014-03-10 18:13:29 04C67490BC59B8257E4E15C46082B81E 10377856 ----a-w- C:\Users\ddr\AppData\Local\Microsoft\Windows\INetCache\IE\3RYWTCT3\ReimagePackage1653x64[1].exe 2014-03-08 10:50:55 6FB598E8DE02D879D17B35F144A1B3BC 270496 ------w- C:\Windows\System32\MpSigStub.exe 2014-03-07 19:43:09 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\ddr.exe === C: other files == 2014-03-07 19:38:19 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-181950552-3485032107-3598450402-1000\Software\Microsoft\Windows\CurrentVersion\Run] "StartMenuX"="D:\Program Files\Start Menu X\StartMenuX.exe" "Spotify"="D:\Users\ddr\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="D:\Users\ddr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN39E5326C0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "StartMenuX"="D:\Program Files\Start Menu X\StartMenuX.exe" "Spotify"="D:\Users\ddr\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="D:\Users\ddr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "HP Photosmart 5520 series (NET)"="C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe -deviceID CN39E5326C0602:NW -scfn HP Photosmart 5520 series (NET) -AutoStart 1" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" ==== Startup Folders ====================== 2013-01-30 06:34:52 439 ----a-w- d:\Users\ddr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.lnk 2013-12-07 11:31:58 1846 ----a-w- d:\Users\ddr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 5520 series (netwerk).lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24-02-2014 11:40] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\ArcSoft Connect Daemon" [C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["D:\Program Files (x86)\Cleaners\CCleaner Pro\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\HP AR Program Upload - 8ccf14a67f0f4a6483ed38133aa0947753b6379e5d004835a565eff22b228f74" [C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe] "C:\WINDOWS\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{0443B19E-B1A7-4C82-85C4-2109F667D6BD}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "hotfix@mozilla.org"="C:\Users\ddr\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix" [29-01-2013 22:32] ==== Firefox Extensions ====================== ProfilePath: d:\Users\ddr\AppData\Roaming\Mozilla\Firefox\Profiles\fwcw6w5p.default-1394352869807 - Mozilla hotfix - C:\Users\ddr\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix - Keyword Search - %ProfilePath%\extensions\keywordsearch@kaply.com.xpi - NewTabURL - %ProfilePath%\extensions\newtaburl@sogame.cat.xpi - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi ProfilePath: d:\Users\ddr\AppData\Roaming\Thunderbird\Profiles\dyad9k7q.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: d:\Users\ddr\AppData\Roaming\Mozilla\Firefox\Profiles\fwcw6w5p.default-1394352869807 D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1098 folders=109 279221621 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Reimage" deleted ==== EOF on di 11-03-2014 at 11:33:31,66 ======================