Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Bernqde on Sat 30/05/2015 at 23:10:44.10. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Bernqde\Jonass\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30/05/2015 11:12:16 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\Bernqde\AppData\Local\Adobe deleted successfully C:\Users\Bernqde\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_CLASSES_ROOT\CLSID\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B51825-5CFA-4A0D-BBE1-948B333D623B} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live Adobe Flash Player 11 ActiveX Adobe Flash Player 17 NPAPI Alcor Micro USB Card Reader ASUS AI Recovery ASUS FancyStart ASUS LifeFrame3 ASUS Live Update ASUS Power4Gear Hybrid ASUS SmartLogon ASUS Virtual Camera AsusScr_K3 Series_ENG_Basic AsusVibe2.0 ATK Package µTorrent Basissoftware voor HP Deskjet 1050 J410 series Belgium e-ID middleware 4.0.5 (build 7363) bestadblocker Bookworm Deluxe BootRacer CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas Cooking Dash CyberLink LabelPrint CyberLink Power2Go D3DX10 Definition Update for Microsoft Office 2010 (KB3015642) 32-Bit Edition Embird 2015 (64-bit) ETDWare PS/2-X64 8.0.5.0_WHQL Fast Boot Fdrawcmd.sys 1.0.1.11 Galeria de Fotografias do Windows Live Galerie de photos Windows Live Galería fotográfica de Windows Live Game Park Console Google Chrome Google Update Helper HD Tune 2.55 Hotel Dash Suite Success HP Deskjet 1050 J410 series Haelp I-Cliqq V2.0 inSSIDer 3 Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Turbo Boost Technology Monitor 2.0 Java 8 Update 31 Java 8 Update 45 Java Auto Updater Jewel Quest 3 Jing Junk Mail filter update Kleos Kleos for Outlook Luxor 3 Mahjongg dimensions Mesh Runtime Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Mozilla Firefox 31.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Nikon Message Center 2 Notepad++ Nuance PDF Reader NVIDIA Control Panel 266.86 NVIDIA Graphics Driver 266.86 NVIDIA Install Application NVIDIA Optimus 1.0.18 NVIDIA Update Components PDFCreator Picture Control Utility x64 Plants vs Zombies PriceMinus Qualcomm Atheros WiFi Driver Installation Raccolta foto di Windows Live Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Search Slate Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft Excel 2010 (KB2965240) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2965242) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2999412) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2999420) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2965237) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sitecom MD-020 SIM Editor Skype™ 7.3 Spotify Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) syncables desktop SE SystemUp Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition Update for Microsoft Office 2010 (KB2999439) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3015585) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition ViewNX 2 Visual Studio 2012 x64 Redistributables VLC media player Vodafone Mobile Broadband Lite Windows-stuurprogrammapakket - Intel (NETwLv64) net (10/07/2010 13.4.0.139) Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinFlash Wireless Console 3 ZipGenius 6.3 ==== Running Processes ====================== C:\Program Files (x86)\BootRacer\BootRacerServ.exe C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Windows\system32\hasplms.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Bernqde\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\Bernqde\Jonass\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ec9c17f1 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ec9c17f1 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default user.js not found ---- Lines mystart removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.mystartsearch.com/newtab/?type=nt&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid= ---- Lines quick_start removed from prefs.js ---- user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- FireFox user.js and prefs.js backups ---- prefs_20153005_1123_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B51825-5CFA-4A0D-BBE1-948B333D623B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B51825-5CFA-4A0D-BBE1-948B333D623B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEA8C7C3-1713-4854-BF1B-7A2F46C9DB57}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\bestadblocker deleted C:\PROGRA~2\PriceMinus deleted C:\PROGRA~2\SoftwarePlus deleted C:\PROGRA~2\PiriucEaMMinnuus deleted C:\PROGRA~2\Search Slate deleted C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default\extensions\NyOE@o.org deleted C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default\extensions\oN@pC.com deleted C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default\extensions\searchffv2@gmail.com deleted C:\windows\SysNative\Tasks\Bidaily Synchronize Task[973b] deleted C:\PROGRA~3\{b7a108c9-bee4-fbc5-b7a1-108c9bee2326} deleted C:\PROGRA~3\{b985a174-61e3-83ea-b985-5a17461e85d1} deleted C:\PROGRA~3\2952232370418082425 deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\mystartsearch.xml deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Bernqde\AppData\Roaming\Gems" deleted "C:\Users\Bernqde\AppData\Roaming\Grand Piano" deleted "C:\Users\Bernqde\AppData\Roaming\Home" deleted "C:\ProgramData\Flags" deleted "C:\ProgramData\Graphics" deleted "C:\ProgramData\Guitar" deleted "C:\ProgramData\Icons" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 6057 MB CPU Info: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz CPU Speed: 2053.1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | NVIDIA GeForce GT 540M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter #3 | 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (E: | ) E: SlimtypeDVD A DS8A5SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 238.5GB | D: 332.7GB Hard Disks - Free: C: 72.0GB | D: 332.2GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 04/01/11 | _ASUS_ - 6222004 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. K73SV Country: Australië Language: ENA ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17801 Mozilla Firefox version: 31.0 (x86 en-US) Google Chrome version: 20.0.1132.57 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) Flash Player version: 17.0.0.188 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Bernqde\AppData\Local\Temp ==== 2015-05-27 16:10:11 056C19BD229879F7A2C15FF72A1E2CCB 2511360 ----a-w- C:\Users\Bernqde\AppData\Local\Temp\4108\temp\SystemUp.xyz.exe 2015-05-26 08:07:18 C75E770994A1C7B600BFBD5425BB1705 506464 ---ha-w- C:\Users\Bernqde\AppData\Local\Temp\4108\temp\wpc_mystartsearch.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-05-16 21:50:10 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-05-16 21:50:10 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\Sysnative\drivers ===== 2015-05-16 09:56:18 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-05-16 09:56:18 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-05-27 16:09:25 1AE2007397D976BAD7EF0CE9E08B4FFC 424 ----a-w- C:\Windows\Tasks\Bidaily Synchronize Task[973b].job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-05-28 06:21:02 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2015-05-30 18:36:51 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== 2015-05-28 06:21:57 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Bernqde\AppData\Roaming ====== ====== C:\Users\Bernqde ====== 2015-05-28 06:21:38 -------- d-----w- C:\Users\Bernqde\Start Menu 2015-05-28 06:21:38 -------- d-----w- C:\Users\Bernqde\Desktop 2015-05-28 06:20:42 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Bernqde\Downloads\SpyHunter-Installer.exe 2015-05-04 19:05:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embird 2015 (64-bit) ====== C: exe-files == 2015-05-30 18:36:26 FF589C55E0CB6A0A1BD9570217BB1A42 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe 2015-05-30 18:36:26 FD8978875A992C876AF430B35DF9CFA7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe 2015-05-30 18:36:26 F16868F20E4701142FAEF8C9FA847D27 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe 2015-05-30 18:36:26 EF66D96BC42BCE52686A7635AB11D8DD 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe 2015-05-30 18:36:26 EED888394AC81A663F12C6EC43AB2838 191072 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe 2015-05-30 18:36:26 D3DA34876B7F6D06D26D29CA77BD25A2 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe 2015-05-30 18:36:26 CF683290B3369A1491A5B8B4D19F79B3 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe 2015-05-30 18:36:26 C57CA849D13177E1F43CFEF51374F1EE 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe 2015-05-30 18:36:26 B66ED84383EA6C6218CA47BC49C15615 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe 2015-05-30 18:36:26 A1A1BC927541346D840BBB511F557848 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe 2015-05-30 18:36:26 98903A3C01AA820E7FCC19A0A60126C0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe 2015-05-30 18:36:26 88FFC43B0E3BB3E30F70CB7B08D499B4 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe 2015-05-30 18:36:26 5DF39BE82C777B7EDAD34E3A7A7EADB7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe 2015-05-30 18:36:26 4EA6A4DD2EB584C4C2BF39A9A7D0D580 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe 2015-05-30 18:36:26 4586CD8F1C929EF184098A22FE31A857 271968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe 2015-05-30 18:36:26 3C0A1F0D13A8998E9A1825A853FF3B39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe 2015-05-30 18:36:26 2682BB5D60C30DCB5A2BC414D01D6764 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe 2015-05-30 18:36:26 1F29E31C6B9A487FF32006C4E223BA4F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe 2015-05-30 18:36:26 1E2E159D0621A466CFA7CE06E4DA9CAE 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe 2015-05-30 18:36:26 1CCD26E1E9FC582ABAA5D5FD1FA47A6B 76384 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe 2015-05-30 18:36:26 134D4B0A753808F8F8645DCF3FA00173 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe 2015-05-30 16:48:43 150D69278C5F9EB1E77EBF4E028AD7DB 41470096 ----a-w- C:\Users\Bernqde\AppData\Local\Spotify\Update\spotify_installer-1.0.6.80.g2a801a53-61.exe 2015-05-30 16:39:22 FCDCC522D687A7412AEED8DAD1129705 453664 ------r- C:\ProgramData\NVIDIA\Updatus\Download\7787\updatus.19626950_RUNASUSER.exe 2015-05-28 18:21:55 4BE25E75D37FCEFD07B46BFBA7CD1671 452840 ----a-r- C:\ProgramData\NVIDIA\Updatus\Download\774B\updatus.19622664_RUNASUSER.exe 2015-05-28 06:21:12 E796CCF06C15CE6C7AE8E158D3BAAD02 25472 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe 2015-05-28 06:21:04 F845E730A534BA17372368372DF01579 8260480 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 2015-05-28 06:21:04 492DD2C144612A8F6F9C39F27F009667 1026432 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe 2015-05-28 06:20:42 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Bernqde\Downloads\SpyHunter-Installer.exe 2015-05-27 16:44:21 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Windows\Temp\9F9F12FD-5EF0-4DBB-A0D8-3159C36F8459\DismHost.exe 2015-05-27 16:10:24 1490F273268246AD676140EEDBE5D178 452832 ----a-r- C:\ProgramData\NVIDIA\Updatus\Download\7742\updatus.19618870_RUNASUSER.exe 2015-05-27 16:10:11 056C19BD229879F7A2C15FF72A1E2CCB 2511360 ----a-w- C:\Users\Bernqde\AppData\Local\Temp\4108\temp\SystemUp.xyz.exe 2015-05-26 08:07:18 C75E770994A1C7B600BFBD5425BB1705 506464 ---ha-w- C:\Users\Bernqde\AppData\Local\Temp\4108\temp\wpc_mystartsearch.exe === C: other files == 2015-05-30 18:36:26 5DDC15149346900F16B38C65502BACA9 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip 2015-05-28 06:21:57 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2015-05-28 06:21:12 F845E730A534BA17372368372DF01579 8260480 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com 2015-05-28 06:21:08 7AEC5E76816178BF6C543A155D8208B6 15920 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2015-05-28 06:21:07 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys 2015-05-26 16:12:18 8B3FF4AD05E496A03E6692EBB08F4958 7211 ----a-w- C:\Users\Bernqde\AppData\Local\Temp\tmp-plt.xpi 2015-05-25 08:08:21 8B3FF4AD05E496A03E6692EBB08F4958 7211 ----a-w- C:\Users\Bernqde\AppData\Local\Temp\tmp-uqc.xpi ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Bernqde\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-21-3234131037-588384857-3811332105-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs2377439.exe RunFromReg" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Spotify Web Helper"="C:\Users\Bernqde\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BootRacer"="C:\Program Files (x86)\BootRacer\Bootrace.exe /2" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs2377439.exe RunFromReg" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BootRacer"="C:\Program Files (x86)\BootRacer\Bootrace.exe /2" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jing] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Jing" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\TechSmith\\Jing\\Jing.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nikon Message Center 2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nuance PDF Reader-reminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PDF Reader\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\PDF Reader\\Ereg\\Ereg.ini\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Bernqde\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Bernqde\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateLBPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Bernqde\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk] "item"="AsusVibeLauncher" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AsusVibeLauncher.lnk" "backup"="C:\\Windows\\pss\\AsusVibeLauncher.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\ASUS\\AsusVibe\\ASUSVI~2.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Bernqde^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download Better Call Saul S01E04-E06 HDTV NL Subs DutchReleaseTeam Torrent - KickassTorrents.lnk] "item"="Download Better Call Saul S01E04-E06 HDTV NL Subs DutchReleaseTeam Torrent - KickassTorrents" "path"="C:\\Users\\Bernqde\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Download Better Call Saul S01E04-E06 HDTV NL Subs DutchReleaseTeam Torrent - KickassTorrents.lnk" "backup"="C:\\Windows\\pss\\Download Better Call Saul S01E04-E06 HDTV NL Subs DutchReleaseTeam Torrent - KickassTorrents.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\ProgramData\\{b985a174-61e3-83ea-b985-5a17461e85d1}\\Download Better Call Saul S01E04-E06 HDTV NL Subs DutchReleaseTeam Torrent - KickassTorrents.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Bernqde^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel(R) Turbo Boost Technology Monitor 2.0.lnk] "item"="Intel(R) Turbo Boost Technology Monitor 2.0" "path"="C:\\Users\\Bernqde\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Intel(R) Turbo Boost Technology Monitor 2.0.lnk" "backup"="C:\\Windows\\pss\\Intel(R) Turbo Boost Technology Monitor 2.0.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\Intel\\TURBOB~1\\SIGNAL~1.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\Bidaily Synchronize Task[973b].job --a------ C:\programdata\b7a108c9-bee4-fbc5-b7a1-108c9bee2326\deux jours une nuit 2014 brrip xvid nl subs. dmt.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/04/2011 04:33 AM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13/04/2011 04:33 AM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3868B9FB-3C52-4AB3-881A-C0FB7724B821}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{B5FD578C-6133-4BBB-8FD3-D7149FD08B00}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.defaultengine", "Google"); user_pref("keyword.URL", ""); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "searchffv2@gmail.com"="C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default\extensions\searchffv2@gmail.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Bernqde\AppData\Roaming\Mozilla\Firefox\Profiles\4uvbe3f1.default 2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://blanco/" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1432743057&z=78c322bff5fa1ad7c3d2757gazfcdo3m9z2c1e5w2z&from=wpc&uid=WDCXWD6400BPVT-80HXZT1_WD-WXG1E51FXF38FXF38&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://blanco/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\searchffv2@gmail.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1} deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [USBestCR] C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs2377439.exe RunFromReg O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Bernqde\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Program Files (x86)\BootRacer\Bootrace.exe" /2 O4 - HKUS\S-1-5-21-3234131037-588384857-3811332105-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3234131037-588384857-3811332105-1000\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3234131037-588384857-3811332105-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{110CECD6-898C-4E76-9B54-A099E60CA4A0}: NameServer = 81.169.60.107 81.169.60.107 O17 - HKLM\System\CCS\Services\Tcpip\..\{685EFB1E-5FDF-40D9-9476-2036CF42AE59}: NameServer = 81.169.62.171 81.169.62.171 O17 - HKLM\System\CS1\Services\Tcpip\..\{110CECD6-898C-4E76-9B54-A099E60CA4A0}: NameServer = 81.169.60.107 81.169.60.107 O17 - HKLM\System\CS2\Services\Tcpip\..\{110CECD6-898C-4E76-9B54-A099E60CA4A0}: NameServer = 81.169.60.107 81.169.60.107 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files (x86)\BootRacer\BootRacerServ.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bernqde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bernqde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Bernqde\AppData\Local\Mozilla\Firefox\Profiles\4uvbe3f1.default\Cache emptied successfully C:\Users\Bernqde\AppData\Local\Mozilla\Firefox\Profiles\4uvbe3f1.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5693 folders=1176 582709553 bytes) ==== Empty Temp Folders ====================== C:\Users\Bernqde\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Bernqde\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 31/05/2015 at 0:04:25.36 ======================