Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Paula on do 25/02/2016 at 10:23:52,90. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Paula\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 25/02/2016 10:29:39 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Cewe Photoservice deleted successfully C:\PROGRA~2\Desktop Clock deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\PROGRA~2\TweakBit deleted successfully C:\Program Files\Babylon deleted successfully C:\PROGRA~3\Package Cache deleted successfully C:\PROGRA~3\Systweak deleted successfully C:\Users\Paula\AppData\Roaming\FirefoxToolbar deleted successfully C:\Users\Paula\AppData\Roaming\Systweak deleted successfully C:\Users\Paula\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Paula\AppData\Local\EmieSiteList deleted successfully C:\Users\Paula\AppData\Local\EmieUserList deleted successfully C:\Users\Paula\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359da42-06fb-46f2-9e4a-05c05b98a5ef} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9359da42-06fb-46f2-9e4a-05c05b98a5ef} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5a1d22b-9e17-454f-8ecd-83c578fb3983} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5a1d22b-9e17-454f-8ecd-83c578fb3983} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3775afd7-5921-4571-968f-85a631203d1c} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3775afd7-5921-4571-968f-85a631203d1c} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9359da42-06fb-46f2-9e4a-05c05b98a5ef} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d5a1d22b-9e17-454f-8ecd-83c578fb3983} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3775afd7-5921-4571-968f-85a631203d1c} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3775afd7-5921-4571-968f-85a631203d1c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\PROGRA~2\FROMDO~1\bar\1.bin\65barsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbarsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Users\Paula\AppData\Local\Microsoft\BingSvc\BingSvc.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe D:\adobe 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Paula\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FromDocToPDF_65Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FromDocToPDF_65Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InboxAce_1gService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InboxAce_1gService deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}] Objects\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "InboxAce EPM Support"=- "InboxAce AppIntegrator 32-bit"=- "InboxAce AppIntegrator 64-bit"=- "InboxAce Search Scope Monitor"=- "FromDocToPDF EPM Support"=- ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Cewe Photoservice not found C:\PROGRA~2\Desktop Clock not found C:\PROGRA~2\TomTom DesktopSuite not found C:\PROGRA~2\TweakBit not found C:\Program Files (x86)\TweakBit not found C:\ProgramData\Adguard deleted C:\ProgramData\TweakBit deleted C:\Users\Paula\AppData\Local\FromDocToPDF_65 deleted C:\PROGRA~2\FromDocToPDF_65 deleted C:\PROGRA~3\fontcacheev1.dat deleted C:\PROGRA~3\BSD deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Paula\AppData\LocalLow\FromDocToPDF_65 deleted C:\Windows\Reimage.ini deleted C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\d3dx9_11.dll.tmp deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gdlghk.dll" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gdlghk64.dll" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegrator64.exe" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\ASSISTMONITOR64.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HKFXMGR.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HKFXMGR64.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\HPG.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\Hpg64.dll" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\T8RES.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\TOOLBARGUARD64.DLL" deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\1gdlghk.dll" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\1gdlghk64.dll" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\1gSrcAs.dll" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\AppIntegrator64.exe" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\ASSISTMONITOR64.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\HKFXMGR.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\HKFXMGR64.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\HPG.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\Hpg64.dll" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\T8RES.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\TOOLBARGUARD64.DLL" deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL" deleted "C:\Program Files (x86)\InboxAce_1g" not deleted "C:\PROGRA~2\InboxAce_1g" not deleted "C:\Program Files (x86)\InboxAce_1g\bar" not deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin" not deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\assists" not deleted "C:\Program Files (x86)\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider" not deleted "C:\PROGRA~2\InboxAce_1g\bar" not deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin" not deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\assists" not deleted "C:\PROGRA~2\InboxAce_1g\bar\1.bin\assists\ie_default_search_provider" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8078 MB CPU Info: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz CPU Speed: 2260,4 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | NVIDIA GeForce GT 630M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Wireless-N 2230 | Atheros AR8161/8165 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Bluetooth Device (Personal Area Network) CD / DVD Drives: 1x (E: | ) E: SlimtypeDVD A DS8A8SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 86,5GB | D: 906,2GB | F: 465,8GB | G: 931,5GB Hard Disks - Free: C: 4,2GB | D: 791,8GB | F: 261,1GB | G: 593,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/23/12 | _ASUS_ - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. N76VM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 48.0.2564.116 Internet Explorer Version: 11.0.9600.18204 Mozilla Firefox version: 31.0 (x86 nl) Google Chrome version: 48.0.2564.116 Adobe Reader version: 15.10.20056.167417 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-02-10 07:56:18 9D77CC4A36FEEA644D002CFB9B2D42C0 3231232 ----a-w- C:\Windows\explorer.exe ====== C:\Users\Paula\AppData\Local\Temp ==== 2016-02-25 09:24:37 A127E6118B9DD2F9D5A7CC4D697A0105 47846 ----a-w- C:\Users\Paula\AppData\Local\Temp\~nsu.tmp\Au_.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-02-19 06:35:35 723D5E09D7151E62AD627D0C9E1DA6F0 2896 ----a-w- C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2016-02-19 06:35:33 3490C62DC4055143415777D3734BD763 345360 ----a-w- C:\Windows\SysWOW64\LavasoftTcpService.dll ====== C:\Windows\SysWOW64\drivers ===== 2016-02-19 06:43:38 1BCABAD46A4CBB249409AEF5F2E37CD7 259 ----a-w- C:\Windows\SysWOW64\drivers\vwifikerneldrv.sys ====== C:\Windows\Sysnative ===== 2016-02-19 06:35:35 5193F33BA5EE7D631BCE35F60720B091 2896 ----a-w- C:\Windows\Sysnative\LavasoftTcpServiceOff.ini 2016-02-19 06:35:34 88A78227691B60F686CD103819AC263B 425744 ----a-w- C:\Windows\Sysnative\LavasoftTcpService64.dll ====== C:\Windows\Sysnative\drivers ===== 2016-02-10 07:56:58 D7ADC2B83CA0B0381F75A98351F72CEE 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2016-02-10 07:56:39 BA500732D160C61E889E8180EE53C86F 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-02-10 07:56:39 7BDDD24C5A148534D3737DBFA96B3E69 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-02-10 07:56:38 A16FC9323A85CAEA5804D04646A91CF9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-02-10 07:56:38 355DF71D1DD1999E8AEDF986534B233C 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-02-10 07:56:38 2539BE615440BA1EA4CF84A66B6C0AF9 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-02-23 20:03:53 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Paula\AppData\Roaming ====== 2016-02-24 13:27:56 -------- d-----w- C:\Users\Paula\AppData\Local\ElevatedDiagnostics 2016-02-19 06:43:39 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Performix LLC 2016-02-19 06:43:36 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Performix LLC 2016-02-19 06:34:43 -------- d-----w- C:\Users\Paula\AppData\Local\IsolatedStorage ====== C:\Users\Paula ====== 2016-02-23 20:07:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Paula\Desktop\RSITx64.exe 2016-02-19 06:34:23 -------- d-----w- C:\ProgramData\MegaBackup Corp 2016-02-19 05:46:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit 2016-02-18 17:23:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat ====== C: exe-files == 2016-02-25 09:24:37 A127E6118B9DD2F9D5A7CC4D697A0105 47846 ----a-w- C:\Users\Paula\AppData\Local\Temp\~nsu.tmp\Au_.exe 2016-02-25 09:24:01 94724208B7A9B75DDF50ACE6DFDD2037 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1648491588-2907471255-1548526006-1001\$ISYM5YM.exe 2016-02-24 14:54:38 C88FF17D0AF4A0BAD05F5A578ADB7F22 4748384 ----a-w- C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC56CQZY\wzdu32.exe 2016-02-24 13:25:48 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\$Recycle.Bin\S-1-5-21-1648491588-2907471255-1548526006-1001\$RSYM5YM.exe 2016-02-23 20:07:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Paula\Desktop\RSITx64.exe 2016-02-23 20:03:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Paula.exe 2016-02-21 14:00:19 237E8A0BDC13B6F55F4103F0BC44F42A 25386008 ----a-w- C:\Users\Paula\AppData\Local\MediaHuman\YouTube to MP3\Update\3.9.3\YouTubeToMP3.exe 2016-02-20 10:51:38 45AB0193BCF8693503AF810B1E60D7FE 879512 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\48.0.2564.116\48.0.2564.116_48.0.2564.109_chrome_updater.exe === C: other files == 2016-02-19 06:43:38 1BCABAD46A4CBB249409AEF5F2E37CD7 259 ----a-w- C:\Windows\SysWOW64\drivers\vwifikerneldrv.sys ==== Orphaned Tasks deleted from Registry ====================== AdobeAAMUpdater-1.0 Fallback-Paula-PC-Paula deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CAHeadless"="D:\adobe 11\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "BingSvc"="C:\Users\Paula\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1648491588-2907471255-1548526006-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "ASUS InstantKey"="C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "RemoteControl10"="C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" "UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CAHeadless"="D:\adobe 11\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "BingSvc"="C:\Users\Paula\AppData\Local\Microsoft\BingSvc\BingSvc.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 " "BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACMON] "command"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe" "hkey"="HKLM" "item"="ACMON" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HControlUser" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\HControlUser.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RTHDVCPL" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Startup Folders ====================== 2014-10-27 06:38:18 1290 ----a-w- C:\Users\Paula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2012-02-24 02:50:52 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/02/2016 18:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:27] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Paula-PC-Paula" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe] "C:\Windows\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner64.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0CB755C6-4C08-4FD2-B7CF-2E890B2E69F6}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ocr@babylon.com"="C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com" [] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bmkckgpgekmanipelfidlhmkfcjicion - No path found[] Bing Search Engine - Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion Chrome Web Store Payments - Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} - http://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm223^YYA^be&si=CM_L_u7HicgCFUyNGwodTBwPVA&ptb=9164912F-7EFE-4A24-A872-D1564E580378&ind=2015092122&n=781bdd9a&psa=&st=sb&searchfor={searchTerms} HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox HKCU\SearchScopes\{49AFB184-9550-412E-B6EC-580E8FB7E958} - https://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PLXB_nlBE659 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Cewe Photoservice deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InboxAce_1gbar Uninstall Internet Explorer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully ==== HijackThis Entries ====================== R3 - URLSearchHook: (no name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [CAHeadless] D:\adobe 11\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [BingSvc] C:\Users\Paula\AppData\Local\Microsoft\BingSvc\BingSvc.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1648491588-2907471255-1548526006-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1648491588-2907471255-1548526006-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - D:\adobe 11\Elements 11 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC56CQZY will be deleted at reboot C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M67Q6ZCB will be deleted at reboot C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWY9BIG2 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Paula\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=339 folders=88 54051511 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Paula\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Paula\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\InboxAce_1g" not found "C:\PROGRA~2\InboxAce_1g" not found "C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC56CQZY" not found "C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M67Q6ZCB" not found "C:\Users\Paula\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWY9BIG2" not found ==== EOF on do 25/02/2016 at 10:52:45,87 ======================