LotV2

Dat werkt, internet is hersteld! heel erg bedankt!

Beste Pc-helpforum, Ik heb een probleem met de wifi van 1 van de laptops in huis. Er staat een uitroepteken bij de wifi en bij diagnostiek geeft het systeem aan dat de DNS-server mogelijk niet beschikbaar is. Mijn eigen laptop werkt het internet via Wifi wel gewoon. Ik heb geprobeerd opnieuw op te starten, router opnieuw opstarten, opnieuw te verbinden, open netwerk geprobeerd echter werkt deze ook niet. Kunnen jullie mij helpen?

Oke, Helaas, iedergeval hartelijk bedankt!

Hallo, ik ben een verouderde laptop, die erg sloom was, voor iemand weer wat sneller aan het maken. Bij het terugzetten naar fabrieksinstellingen stond erbij dat bestanden bewaard zouden blijven echter ben ik nu wel office kwijt. Kan ik dit nog ongedaan maken? ik heb helaas geen back-ups aangezien laptop langere tijd ongebruikt is geweest. Ergens staat mij bij dat laptop terug in de tijd moet kunnen maar weet niet of dat kan zonder back-up, zo'n held ben ik niet;) Graag jullie expertise gevraagd. Groetjes LotV2

Gedaan. Heel erg bedankt voor alle hulp!

mijn laptop lijkt op dit moment als ervoor. Dus super bedankt! AdwCleanerC5.txt

Beste abbs, Hierbij de bestanden. zoek-results2.txt MBAM.txt

In de tussen tijd paar keer adware cleaner gedraaid. En het lijkt rustig. Ik heb in de bijlage de zoekresultaten neergezet. zoek-results.txt

Daarnaast net adware cleaner laten draaien. Daarvan het logje. # AdwCleaner v5.005 - Logbestand aangemaakt 06/09/2015 op 20:17:13 # Laatste update 31/08/2015 door Xplode # Database : 2015-09-04.4 [server] # Besturingssysteem : Windows 8.1 (x64) # Gebruikersnaam : Mediamarkt2 - VERA # Gestart vanuit : C:\Users\Mediamarkt2\AppData\Local\Microsoft\Windows\INetCache\IE\C1NCKDME\adwcleaner_5.005.exe # Optie : Verwijderen # Ondersteuning : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Verwijderd : globalUpdate [-] Service Verwijderd : globalUpdatem [-] Service Verwijderd : SSFK [-] Service Verwijderd : acengine ***** [ Mappen ] ***** [-] Map Verwijderd : C:\Program Files (x86)\globalUpdate [-] Map Verwijderd : C:\Program Files (x86)\predm [-] Map Verwijderd : C:\Program Files (x86)\Crossbrowse [-] Map Verwijderd : C:\Program Files (x86)\FastSearch [-] Map Verwijderd : C:\Program Files (x86)\SFK [!] Map Niet Verwijderd : C:\Program Files (x86)\Crossbrowse [-] Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP [-] Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse [!] Map Niet Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Local\globalUpdate [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Local\SmartWeb [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Crossbrowse [!] Map Niet Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Crossbrowse [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Local\20FEF217-1441568238-4ECF-20D6-28924A29A31B [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\LocalLow\SmartWeb [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\mystartsearch [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\oursurfing [-] Map Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\cpuminer [-] Map Verwijderd : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\acengine ***** [ Bestanden ] ***** [-] Bestand Verwijderd : C:\END [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_smartsuggestor.net_0.localstorage [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_smartsuggestor.net_0.localstorage-journal [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [-] Bestand Verwijderd : C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [-] Bestand Verwijderd : C:\Users\Mediamarkt2\Desktop\Continue Live Installation.lnk [-] Bestand Verwijderd : C:\WINDOWS\Sysnative\cpuminer-conf.json [-] Bestand Verwijderd : C:\WINDOWS\Sysnative\acengineOff.ini [-] Bestand Verwijderd : C:\WINDOWS\Sysnative\acengine64.dll [-] Bestand Verwijderd : C:\WINDOWS\SysWOW64\acengineOff.ini [-] Bestand Verwijderd : C:\WINDOWS\SysWOW64\acengine.dll ***** [ Snelkoppelingen ] ***** [-] Snelkoppeling Gedesinfecteerd : C:\Users\Public\Desktop\Google Chrome.lnk [-] Snelkoppeling Gedesinfecteerd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [-] Snelkoppeling Gedesinfecteerd : C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ***** [ geplande taken ] ***** [-] Taak Verwijderd : AmiUpdXp [-] Taak Verwijderd : Crossbrowse [-] Taak Verwijderd : globalUpdateUpdateTaskMachineCore [-] Taak Verwijderd : globalUpdateUpdateTaskMachineUA [-] Taak Verwijderd : amiupdaterExd [-] Taak Verwijderd : amiupdaterExi [-] Taak Verwijderd : runTask [-] Taak Verwijderd : updateTask [-] Taak Verwijderd : globalUpdateUpdateTaskMachineCore [-] Taak Verwijderd : globalUpdateUpdateTaskMachineUA ***** [ Register ] ***** [-] Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 [-] Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 [-] Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 [-] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [smartWeb] [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CRSBRWSHTML [-] Sleutel Verwijderd : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [-] Waarde Verwijderd : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML] [-] Waarde Verwijderd : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML] [-] Waarde Verwijderd : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse] [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe [-] Waarde Verwijderd : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML] [-] Waarde Verwijderd : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML] [-] Waarde Verwijderd : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML] [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataController.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataController [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer [-] Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acengine [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController [-] Sleutel Verwijderd : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController.1 [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{029AF757-A988-4BDD-A744-A4C7BCEBB011} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA} [-] Sleutel Verwijderd : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ [-] Sleutel Verwijderd : HKCU\Software\GlobalUpdate [-] Sleutel Verwijderd : HKCU\Software\Tutorials [-] Sleutel Verwijderd : HKCU\Software\TutoTag [-] Sleutel Verwijderd : HKCU\Software\CrossBrowser [-] Sleutel Verwijderd : HKCU\Software\Crossbrowse [-] Sleutel Verwijderd : HKCU\Software\YorkNewCin [-] Sleutel Verwijderd : HKCU\Software\HighDefAction [-] Sleutel Verwijderd : HKCU\Software\ArenaHD [-] Sleutel Verwijderd : HKCU\Software\DAILYPCCLEAN [!] Sleutel Niet Verwijderd : HKCU\Software\Crossbrowse [-] Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Crossrider [-] Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\SmartWeb [-] Sleutel Verwijderd : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider [-] Sleutel Verwijderd : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_ [-] Sleutel Verwijderd : HKLM\SOFTWARE\GlobalUpdate [-] Sleutel Verwijderd : HKLM\SOFTWARE\Tutorials [-] Sleutel Verwijderd : HKLM\SOFTWARE\SK.Enhancer [-] Sleutel Verwijderd : HKLM\SOFTWARE\mystartsearchSoftware [-] Sleutel Verwijderd : HKLM\SOFTWARE\GAMESDESKTOP [-] Sleutel Verwijderd : HKLM\SOFTWARE\Crossbrowse [-] Sleutel Verwijderd : HKLM\SOFTWARE\YorkNewCin [-] Sleutel Verwijderd : HKLM\SOFTWARE\HighDefAction [-] Sleutel Verwijderd : HKLM\SOFTWARE\oursurfingSoftware [-] Sleutel Verwijderd : HKLM\SOFTWARE\ArenaHD [-] Sleutel Verwijderd : HKLM\SOFTWARE\FastSearch [-] Sleutel Verwijderd : HKLM\SOFTWARE\acengine [!] Sleutel Niet Verwijderd : HKLM\SOFTWARE\Crossbrowse [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} [!] Sleutel Niet Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\GlobalUpdate [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Tutorials [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\TutoTag [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\CrossBrowser [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Crossbrowse [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\YorkNewCin [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\HighDefAction [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\ArenaHD [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\DAILYPCCLEAN [!] Sleutel Niet Verwijderd : [x64] HKCU\Software\Crossbrowse [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\YorkNewCin [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\HighDefAction [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\ArenaHD [-] Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer [!] Sleutel Niet Verwijderd : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ [!] Sleutel Niet Verwijderd : HKU\S-1-5-21-2499239261-3902574125-147780791-1001\Software\AppDataLow\Software\Crossrider [!] Sleutel Niet Verwijderd : HKU\S-1-5-21-2499239261-3902574125-147780791-1001\Software\AppDataLow\Software\SmartWeb [!] Sleutel Niet Verwijderd : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ [-] Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE [-] Gegevens Hersteld : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] [-] Gegevens Hersteld : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] ***** [ Internetbrowsers ] ***** [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : autocad.nl.softonic.com [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : autocad.en.softonic.com [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Verwijderd : oursurfing [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Verwijderd : hxxp://www.mystartsearch.com/?type=hp&ts=1441561903&z=be4dd68f1ae274f3c86290cgfz4z8gdw0q3g8m3q2q&from=cmi&uid=HitachiXHTS545050A7E380_TEJ51239D66J0VD66J0VX [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Verwijderd : hxxp://www.mystartsearch.com/webfavicon.ico [-] [C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Verwijderd : hxxp://www.mystartsearch.com/?type=hp&ts=1441561903&z=be4dd68f1ae274f3c86290cgfz4z8gdw0q3g8m3q2q&from=cmi&uid=HitachiXHTS545050A7E380_TEJ51239D66J0VD66J0VX ************************* :: Winsock instellingen gereset ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [17545 bytes] ##########

Hoi , Helaas een virus op mijn computer die een hoop rotzooi binnen haalt. Hierbij gauw een logje. Logfile of random's system information tool 1.09 (written by random/random) Run by Mediamarkt2 at 2015-09-06 19:56:35 Microsoft Windows 8.1 System drive C: has 392 GB (85%) free of 462 GB Total RAM: 3983 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:56:39, on 6-9-2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17840) Boot mode: Normal Running processes: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Users\Mediamarkt2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Mediamarkt2\AppData\Local\Akamai\netsession_win.exe C:\Users\Mediamarkt2\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\WINDOWS\SysWOW64\DllHost.exe C:\Users\MEDIAM~1\AppData\Local\Temp\nslC78B.tmp C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebApp.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe C:\Program Files (x86)\gmsd_nl_005010082\gmsd_nl_005010082.exe C:\Users\MEDIAM~1\AppData\Local\Temp\nsj22EB.tmp C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\Download\majmp_gentleeu.exe C:\Users\MEDIAM~1\AppData\Local\Temp\is-DB838.tmp\majmp_gentleeu.tmp C:\Users\MEDIAM~1\AppData\Local\Temp\is-2HT0L.tmp\gentlemjmp_ieu.exe C:\Users\MEDIAM~1\AppData\Local\Temp\is-6ELBR.tmp\gentlemjmp_ieu.tmp C:\Program Files\trend micro\Mediamarkt2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON13/7 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON13/7 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [smartWeb] C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe O4 - HKLM\..\Run: [gmsd_nl_005010082] "C:\Program Files (x86)\gmsd_nl_005010082\gmsd_nl_005010082.exe" O4 - HKLM\..\RunOnce: [upgmsd_nl_005010082.exe] C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe -runonce O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Mediamarkt2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [browserChoice] "C:\Windows\BrowserChoice\browserchoice.exe" /run O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Mediamarkt2\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_59E89D9C8225092A11A0AC5E0317A5F2] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window O4 - HKCU\..\RunOnce: [Autodesk® AutoCAD® 2014] C:\Autodesk\AutoCAD_2014_English_Win_32_64bit_wi_en-us\Setup.exe /url "http://edutrial.autodesk.com/SWDLDNET3/2014/ACD/WI/AutoCAD_2014_English_Win_32_64bit_wi_en-us_Setup.exe" /SN 900-52660592 /PK 001F1 /student /akamai /skipEULA /auth authparam /sid SESSION_ID O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe O4 - Startup: SmartWeb.lnk = Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: acengine - Abengine - C:\PROGRA~2\FASTSE~1\acengine.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: Cool Barcode (jimocoso) - Unknown owner - C:\Program.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Tower Encrypt (mizodogy) - Unknown owner - C:\Program.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SSFK - TODO: <???> - C:\Program Files (x86)\SFK\SSFK.exe O23 - Service: Delete Exit (totyseku) - Unknown owner - C:\Program.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13951 bytes ======Listing Processes====== wininit.exe winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS "dwm.exe" C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe" C:\WINDOWS\system32\svchost.exe -k apphost "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" C:\WINDOWS\System32\svchost.exe -k utcsvc "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" dashost.exe {5d3497a6-2c91-49d9-913c7294a3248452} "C:\Program Files\Intel\iCLS Client\HeciServer.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe" "C:\Program Files (x86)\20FEF217-1441560994-4ECF-20D6-28924A29A31B\jnswA0CB.tmp" "C:\Program Files (x86)\20FEF217-1441560994-4ECF-20D6-28924A29A31B\knsu75CD.tmpfs" taskhostex.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\20FEF217-1441560994-4ECF-20D6-28924A29A31B\hnskB6E5.tmp" C:\ProgramData\3WdsManPro3\WdsManPro.exe -service C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "C:\WINDOWS\system32\GWX\GWX.exe" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server C:\WINDOWS\system32\SearchIndexer.exe /Embedding "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" "C:\Windows\System32\igfxpers.exe" "C:\Users\Mediamarkt2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "C:\Users\Mediamarkt2\AppData\Local\Akamai\netsession_win.exe" "C:/Users/Mediamarkt2/AppData/Local/Akamai/netsession_win.exe" --client "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-505da3f4-4276-43cf-9dbe-d0c3293f389b -SystemEventPortName:HostProcess-fad89bca-81d1-4dd8-a954-abf8e9213f3b -IoCancelEventPortName:HostProcess-697f8624-480b-4496-8906-dd9a680fcfe5 -NonStateChangingEventPortName:HostProcess-1bdf47bd-372e-4b29-81a0-40240e5f820b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e146b562-26e5-4fa8-982a-99ebf8e868c4 -DeviceGroupId:WudfDefaultDevicePool "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" "C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" /auto "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "C:\Program Files\iPod\bin\iPodService.exe" C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" "C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey A59794C3-4976-FD5B-2FEA-9B63C9BCF9F7 -Reinvoke "C:\Program Files\Windows Defender\MSASCui.exe" C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9} C:\Users\MEDIAM~1\AppData\Local\Temp\nslC78B.tmp /idn "C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe" SmartWebApp.exe C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mystartsearch.com/?type=hp&ts=1441561903&z=be4dd68f1ae274f3c86290cgfz4z8gdw0q3g8m3q2q&from=cmi&uid=HitachiXHTS545050A7E380_TEJ51239D66J0VD66J0VX "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5304 CREDAT:267521 /prefetch:2 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5796 CREDAT:275457 /prefetch:2 "C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding "C:\Program Files (x86)\SFK\SSFK.exe" -s "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5304 CREDAT:267552 /prefetch:2 "C:\Program Files (x86)\SFK\SFKEX64.exe" C:\WINDOWS\system32\cpm.exe \??\C:\WINDOWS\system32\conhost.exe 0x4 "C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe" -runhelper "C:\Program Files (x86)\gmsd_nl_005010082\gmsd_nl_005010082.exe" C:\PROGRA~2\FASTSE~1\acengine.exe C:\Users\MEDIAM~1\AppData\Local\Temp\nsj22EB.tmp C:\WINDOWS\servicing\TrustedInstaller.exe C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding "C:\WINDOWS\system32\SearchFilterHost.exe" 0 580 584 592 65536 588 "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2499239261-3902574125-147780791-10013_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2499239261-3902574125-147780791-10013 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" "C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe" -runupdate go=ofcourse country_id=NL product_id=UPD version_id=gmsdnl005010082 ofg_id=myoffergroup_nl product=GamesDesktop majvalue=15.09.06.0 wizard=top versionid=gmsd_nl_005010082_is1 date=20150906 "C:\Users\MEDIAM~1\AppData\Local\Temp\is-DB838.tmp\majmp_gentleeu.tmp" /SL5="$603B4,4669183,56832,C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\Download\majmp_gentleeu.exe" go=ofcourse country_id=NL product_id=UPD version_id=gmsdnl005010082 ofg_id=myoffergroup_nl product=GamesDesktop majvalue=15.09.06.0 wizard=top versionid=gmsd_nl_005010082_is1 date=20150906 "C:\Users\MEDIAM~1\AppData\Local\Temp\is-2HT0L.tmp\gentlemjmp_ieu.exe" go=ofcourse country_id=NL version_id=gmsdnl005010082 product_id=UPD ofg_id=myoffergroup_nl product=GamesDesktop majvalue=15.09.06.0 wizard=top xmlsource=C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\Download\majmp_gentleeu.exe "C:\Users\MEDIAM~1\AppData\Local\Temp\is-6ELBR.tmp\gentlemjmp_ieu.tmp" /SL5="$1C0392,4233528,56320,C:\Users\MEDIAM~1\AppData\Local\Temp\is-2HT0L.tmp\gentlemjmp_ieu.exe" go=ofcourse country_id=NL version_id=gmsdnl005010082 product_id=UPD ofg_id=myoffergroup_nl product=GamesDesktop majvalue=15.09.06.0 wizard=top xmlsource=C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\Download\majmp_gentleeu.exe "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Users\Mediamarkt2\Downloads\RSITx64.exe" ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\AmiUpdXp.job C:\WINDOWS\tasks\Crossbrowse.job C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\mRCpPfZmKBeycO7LL.job C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28 2916152] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2015-06-01 183216] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2015-06-01 411056] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2015-06-01 453552] "cpuminer"=C:\WINDOWS\system32\cpm.exe [2015-09-05 1406272] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=C:\Users\Mediamarkt2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-09-25 1245752] "BrowserChoice"=C:\Windows\BrowserChoice\browserchoice.exe [2013-08-22 86816] "Akamai NetSession Interface"=C:\Users\Mediamarkt2\AppData\Local\Akamai\netsession_win.exe [2014-10-30 4673432] "GoogleChromeAutoLaunch_59E89D9C8225092A11A0AC5E0317A5F2"=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [2015-05-12 796672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Autodesk® AutoCAD® 2014"=C:\Autodesk\AutoCAD_2014_English_Win_32_64bit_wi_en-us\Setup.exe [2013-01-18 960904] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-26 491320] "RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432] "HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-07-09 580512] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-10-11 60712] "KPN Assistent"=C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe [2014-05-06 40873088] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-10-15 157480] "mbot_nl_014010082"= [] "SmartWeb"=C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17 270368] "gmsd_nl_005010082"=C:\Program Files (x86)\gmsd_nl_005010082\gmsd_nl_005010082.exe [2015-09-06 3979920] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "upgmsd_nl_005010082.exe"=C:\Users\Mediamarkt2\AppData\Local\gmsd_nl_005010082\upgmsd_nl_005010082.exe [2015-09-06 3313296] C:\Users\Mediamarkt2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup crossbrowse.lnk - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe SmartWeb.lnk - C:\Users\Mediamarkt2\AppData\Local\SmartWeb\SmartWebHelper.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\SYSTEM32\igfxdev.dll [2015-06-01 451584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

Heel erg bedankt! Heb nu Avast er op gezet. En naar mijn idee werkt het naar behoren. Erg bedankt!

Hoi, CCleaner moest ik er 3x overheen halen maar het ziet er naar mijn idee nu stukken beter uit. De laptop is een stuk sneller en functioneert stukken beter. Nu heeft mijn schoonmoeder Microsoft Security Essentials als beveiliging. Is dit voldoende of kan ze beter op software als Panda overgaan? Groetjes

De nieuwe scanlog [ATTACH]32868[/ATTACH] Scanlog.txt

Het logje was niet terug te vinden. enkel van gisteren. Dus ik heb opnieuw laten lopen en toen kreeg ik deze log: [ATTACH]32822[/ATTACH] AdwCleaner[S1].txt

Het logje [ATTACH]32820[/ATTACH] AdwCleaner[S0]11-6.txt

Gedaan! 2 foutmeldingen: 1. Kan HKEY_USERS.zoek niet exporteren: er is een fout opgetreden bij het schrijven van het bestand. Er is mogelijk een schijf- of bestandssysteemfout opgetreden. 2. Script: C:\Users\VANDER~1\AppData\Local\Temp\folderchk.vbs Regel: 39 teken: 1 Fout: Toegang geweigerd Code: 800A0046 Bron: Runtimefout Microsoft VBS [ATTACH]32816[/ATTACH] zoek-results.txt

Hoi, Ik heb hem laten lopen. Wel enkele foutmeldingen die voorbij kwamen. Log: Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by Van der Pol on di 10-06-2014 at 17:35:42,16. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: G:\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10-6-2014 19:07:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Van der Pol\AppData\Roaming\HPAppData deleted successfully C:\Users\Van der Pol\AppData\Local\Zylom Games deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MapsGalaxy Home Page Guard 64 bit"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- "My Scrap Nook Search Scope Monitor"=- "MyScrapNook_12 Browser Plugin Loader"=- "MapsGalaxy Search Scope monitor"=- "MapsGalaxy_39 Browser Plugin Loader"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGA~2\WI3C8A~1 not found C:\Program Files (x86)\Ask.com not found C:\Program Files (x86)\MyScrapNook_12 deleted C:\Program Files (x86)\MapsGalaxy_39 deleted C:\Program Files (x86)\Wajam deleted C:\Program Files (x86)\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\0F1F1C2Y1H1P1C0I0T deleted "C:\Windows\tasks\Speedial.job" deleted "C:\windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe" deleted "C:\Program Files (x86)\Advanced System Protector\aspsys.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\Advanced System Protector" not deleted "C:\Program Files (x86)\webget\bin" not deleted "C:\Program Files (x86)\webget\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\VANDER~1\AppData\Local\Temp ==== 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe ====== Java Cache ===== 2014-05-23 15:38:07 758B994C073FD2E6C155CD06396C1939 5146 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\48d5580d-217b9ee2 2014-06-03 18:24:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6c34baa0-57e9cef0 2014-05-23 15:38:06 6BDE501FC0B6832BFB411FBA494963A3 633 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-154ee728 2014-05-23 15:38:06 30C4CA5C3A383D0CD662489698E37DAA 38 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-6.0.lap ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\Sysnative\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\Sysnative\roboot64.exe ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 07:21:48 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 07:21:47 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2014-06-10 15:32:43 F7449C7A88182ED8FFDA8E6DC290AEDC 3120 ----a-w- C:\Windows\Sysnative\Tasks\Advanced System Protector_startup 2014-06-05 08:34:16 50600852899F195E146D9597E05F8D4A 3286 ----a-w- C:\Windows\Sysnative\Tasks\PC Speed Maximizer Schedule 2014-06-05 08:20:02 E93B8ACEDD6ED3C44C1F4FF876141F01 2908 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_DEFAULT 2014-06-05 08:20:02 D58F921168EE50107E594DB600336EA9 3064 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_UPDATES 2014-06-05 08:20:02 4EF6BACCF177F46F802CBFE620925D5E 296 ----a-w- C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-06-05 08:20:02 416654C10F07A17ABBEF489B763A99CE 288 ----a-w- C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-06-05 08:19:57 D8113471914AF22112C7EF7C7837A406 3108 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-10 10:28:04 -------- d-----w- C:\Program Files\trend micro 2014-05-23 16:25:52 -------- d-----w- C:\Program Files\Paint.NET ======= C:\PROGRA~2 ===== 2014-06-05 08:29:07 -------- d-----w- C:\PROGRA~2\PC Speed Maximizer 2014-06-05 08:20:11 -------- d-----w- C:\PROGRA~2\Advanced System Protector 2014-06-05 08:19:56 -------- d-----w- C:\PROGRA~2\webget 2014-06-05 08:19:42 -------- d-----w- C:\PROGRA~2\RegClean Pro ======= C: ===== ====== C:\Users\Van der Pol\AppData\Roaming ====== 2014-06-10 15:00:49 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\PC Speed Maximizer 2014-06-05 09:20:01 BA5384A92FC840DF834CA447D2378495 46 ----a-w- C:\Users\Van der Pol\AppData\Roaming\WB.CFG 2014-06-05 08:19:55 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\Systweak 2014-06-05 08:19:41 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Programs 2014-05-23 16:25:03 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Paint.NET ====== C:\Users\Van der Pol ====== 2014-06-10 14:58:56 -------- d-----w- C:\ProgramData\Systweak 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam 2014-06-05 08:29:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-06-05 08:23:42 -------- d-----w- C:\ProgramData\Package Cache 2014-06-05 08:20:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector 2014-06-05 08:19:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe ====== C: exe-files == 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:10 BBEE112F5E5DBDCA1B5E07B5739CA70B 455480 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe 2014-06-05 08:29:10 461CBEA1B887D2BDE471480620F3C58F 246584 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMUninstaller.exe 2014-06-05 08:29:09 E6D76E14D6E27EB476704FE8364D95DB 424760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe 2014-06-05 08:29:09 2B702119C8B5267E52E2D447B681880B 423736 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe 2014-06-05 08:29:09 1993B0D699952B988F64BA5DCB3B8948 900920 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe 2014-06-05 08:29:09 166E3193456B473CA73270C62E253158 134968 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe 2014-06-05 08:29:08 556E3265A65CB46ED09F96A2773A5B6D 808760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMGuard.exe 2014-06-05 08:29:07 B963E6638568E9768EE2DB78A4967EC0 22241592 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe 2014-06-05 08:29:07 1CBF2A4802ED00DBD874942271C0E809 707354 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\unins000.exe 2014-06-05 08:25:01 2B48F69517044D82E1EE675B1690C08B 455576 ------w- C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe 2014-06-05 08:23:42 1191BA2A9908EE79C0220221233E850A 455720 ----a-w- C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe 2014-06-05 08:20:20 2CD0390BE76B133DDC9D683A44520613 644616 ----a-w- C:\Users\Van der Pol\AppData\Roaming\Systweak\ssd\SSDPTstub.exe 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\System32\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\System32\roboot64.exe 2014-06-05 08:19:50 EB61D454169CA91A093AFE9C71236F25 101208 ----a-w- C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe 2014-06-05 08:19:50 E03A4ECCB702B92247FCBBF235D8AB18 545112 ----a-w- C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe 2014-06-05 08:19:50 9951BDD2C1F57ED1FEC4AE9E1486D49A 598448 ----a-w- C:\Program Files (x86)\RegClean Pro\systweakasp.exe 2014-06-05 08:19:43 893F751C09D408A3B244F921A9354FD4 7913304 ----a-w- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe 2014-06-05 08:19:42 3A3A07A7A71FED38FD54AEF89529AAD8 1199960 ----a-w- C:\Program Files (x86)\RegClean Pro\unins000.exe 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe === C: other files == 2014-06-07 15:24:37 DAD95015747A9E7B4725D6F3D23D712E 328 ----a-w- C:\Users\Van der Pol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR97B5WG\home[1].vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "MapsGalaxy Home Page Guard 64 bit"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2011-03-11 20:25:45 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 23:23] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] C:\Windows\tasks\RegClean Pro_UPDATES.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PC Speed Maximizer Schedule" ["C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe"] "C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_DEFAULT" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_UPDATES" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\Scheduled Update for Ask Toolbar" [C:\Program Files (x86)\Ask.com\UpdateTask.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9FBC6B3E-ED92-453F-B719-F095842F90E9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{4671122A-4652-42FE-A47D-C648D54CE830}" [C:\Program Files (x86)\JoWood\Sherlock Holmes\sherlock.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN29J291Y1" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "39ffxtbr@MapsGalaxy_39.com"="C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11-03-2011 22:26] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="MyWebSearch Home Page" "Search Page"="- Yahoo Search Results Yahoo-Zoekresultaten" "Search Bar"="- Yahoo Search Results Yahoo-Zoekresultaten" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="Speedial Search=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="Speedial Search=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="- Yahoo Search Results Yahoo-Zoekresultaten" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="- Yahoo Search Results Yahoo-Zoekresultaten" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="- Yahoo Search Results Yahoo-Zoekresultaten" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="- Yahoo Search Results Yahoo-Zoekresultaten" "SearchAssistant"="- Yahoo Search Results Yahoo-Zoekresultaten" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="Bing" "Search Bar"="Bing" "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="%s - Bing" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="Bing" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} Web Search Url="- Yahoo Search Results Yahoo-Zoekresultaten" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {31090377-0740-419E-BEFC-A56E50500D5B} Speedial Url="Speedial Search=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12ffxtbr@MyScrapNook_12.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\39ffxtbr@MapsGalaxy_39.com deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:56732;https=127.0.0.1:56732" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\Advanced System Protector" not found ==== EOF on di 10-06-2014 at 19:18:47,59 ====================== - - - Updated - - - Hoi, Ik heb hem laten lopen. Wel enkele foutmeldingen die voorbij kwamen. Log: Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by Van der Pol on di 10-06-2014 at 17:35:42,16. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: G:\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10-6-2014 19:07:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Van der Pol\AppData\Roaming\HPAppData deleted successfully C:\Users\Van der Pol\AppData\Local\Zylom Games deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MapsGalaxy Home Page Guard 64 bit"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- "My Scrap Nook Search Scope Monitor"=- "MyScrapNook_12 Browser Plugin Loader"=- "MapsGalaxy Search Scope monitor"=- "MapsGalaxy_39 Browser Plugin Loader"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGA~2\WI3C8A~1 not found C:\Program Files (x86)\Ask.com not found C:\Program Files (x86)\MyScrapNook_12 deleted C:\Program Files (x86)\MapsGalaxy_39 deleted C:\Program Files (x86)\Wajam deleted C:\Program Files (x86)\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\0F1F1C2Y1H1P1C0I0T deleted "C:\Windows\tasks\Speedial.job" deleted "C:\windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe" deleted "C:\Program Files (x86)\Advanced System Protector\aspsys.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\Advanced System Protector" not deleted "C:\Program Files (x86)\webget\bin" not deleted "C:\Program Files (x86)\webget\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\VANDER~1\AppData\Local\Temp ==== 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe ====== Java Cache ===== 2014-05-23 15:38:07 758B994C073FD2E6C155CD06396C1939 5146 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\48d5580d-217b9ee2 2014-06-03 18:24:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6c34baa0-57e9cef0 2014-05-23 15:38:06 6BDE501FC0B6832BFB411FBA494963A3 633 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-154ee728 2014-05-23 15:38:06 30C4CA5C3A383D0CD662489698E37DAA 38 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-6.0.lap ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\Sysnative\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\Sysnative\roboot64.exe ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 07:21:48 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 07:21:47 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2014-06-10 15:32:43 F7449C7A88182ED8FFDA8E6DC290AEDC 3120 ----a-w- C:\Windows\Sysnative\Tasks\Advanced System Protector_startup 2014-06-05 08:34:16 50600852899F195E146D9597E05F8D4A 3286 ----a-w- C:\Windows\Sysnative\Tasks\PC Speed Maximizer Schedule 2014-06-05 08:20:02 E93B8ACEDD6ED3C44C1F4FF876141F01 2908 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_DEFAULT 2014-06-05 08:20:02 D58F921168EE50107E594DB600336EA9 3064 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_UPDATES 2014-06-05 08:20:02 4EF6BACCF177F46F802CBFE620925D5E 296 ----a-w- C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-06-05 08:20:02 416654C10F07A17ABBEF489B763A99CE 288 ----a-w- C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-06-05 08:19:57 D8113471914AF22112C7EF7C7837A406 3108 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-10 10:28:04 -------- d-----w- C:\Program Files\trend micro 2014-05-23 16:25:52 -------- d-----w- C:\Program Files\Paint.NET ======= C:\PROGRA~2 ===== 2014-06-05 08:29:07 -------- d-----w- C:\PROGRA~2\PC Speed Maximizer 2014-06-05 08:20:11 -------- d-----w- C:\PROGRA~2\Advanced System Protector 2014-06-05 08:19:56 -------- d-----w- C:\PROGRA~2\webget 2014-06-05 08:19:42 -------- d-----w- C:\PROGRA~2\RegClean Pro ======= C: ===== ====== C:\Users\Van der Pol\AppData\Roaming ====== 2014-06-10 15:00:49 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\PC Speed Maximizer 2014-06-05 09:20:01 BA5384A92FC840DF834CA447D2378495 46 ----a-w- C:\Users\Van der Pol\AppData\Roaming\WB.CFG 2014-06-05 08:19:55 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\Systweak 2014-06-05 08:19:41 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Programs 2014-05-23 16:25:03 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Paint.NET ====== C:\Users\Van der Pol ====== 2014-06-10 14:58:56 -------- d-----w- C:\ProgramData\Systweak 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam 2014-06-05 08:29:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-06-05 08:23:42 -------- d-----w- C:\ProgramData\Package Cache 2014-06-05 08:20:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector 2014-06-05 08:19:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe ====== C: exe-files == 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:10 BBEE112F5E5DBDCA1B5E07B5739CA70B 455480 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe 2014-06-05 08:29:10 461CBEA1B887D2BDE471480620F3C58F 246584 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMUninstaller.exe 2014-06-05 08:29:09 E6D76E14D6E27EB476704FE8364D95DB 424760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe 2014-06-05 08:29:09 2B702119C8B5267E52E2D447B681880B 423736 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe 2014-06-05 08:29:09 1993B0D699952B988F64BA5DCB3B8948 900920 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe 2014-06-05 08:29:09 166E3193456B473CA73270C62E253158 134968 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe 2014-06-05 08:29:08 556E3265A65CB46ED09F96A2773A5B6D 808760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMGuard.exe 2014-06-05 08:29:07 B963E6638568E9768EE2DB78A4967EC0 22241592 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe 2014-06-05 08:29:07 1CBF2A4802ED00DBD874942271C0E809 707354 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\unins000.exe 2014-06-05 08:25:01 2B48F69517044D82E1EE675B1690C08B 455576 ------w- C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe 2014-06-05 08:23:42 1191BA2A9908EE79C0220221233E850A 455720 ----a-w- C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe 2014-06-05 08:20:20 2CD0390BE76B133DDC9D683A44520613 644616 ----a-w- C:\Users\Van der Pol\AppData\Roaming\Systweak\ssd\SSDPTstub.exe 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\System32\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\System32\roboot64.exe 2014-06-05 08:19:50 EB61D454169CA91A093AFE9C71236F25 101208 ----a-w- C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe 2014-06-05 08:19:50 E03A4ECCB702B92247FCBBF235D8AB18 545112 ----a-w- C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe 2014-06-05 08:19:50 9951BDD2C1F57ED1FEC4AE9E1486D49A 598448 ----a-w- C:\Program Files (x86)\RegClean Pro\systweakasp.exe 2014-06-05 08:19:43 893F751C09D408A3B244F921A9354FD4 7913304 ----a-w- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe 2014-06-05 08:19:42 3A3A07A7A71FED38FD54AEF89529AAD8 1199960 ----a-w- C:\Program Files (x86)\RegClean Pro\unins000.exe 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe === C: other files == 2014-06-07 15:24:37 DAD95015747A9E7B4725D6F3D23D712E 328 ----a-w- C:\Users\Van der Pol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR97B5WG\home[1].vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "MapsGalaxy Home Page Guard 64 bit"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2011-03-11 20:25:45 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 23:23] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] C:\Windows\tasks\RegClean Pro_UPDATES.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PC Speed Maximizer Schedule" ["C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe"] "C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_DEFAULT" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_UPDATES" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\Scheduled Update for Ask Toolbar" [C:\Program Files (x86)\Ask.com\UpdateTask.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9FBC6B3E-ED92-453F-B719-F095842F90E9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{4671122A-4652-42FE-A47D-C648D54CE830}" [C:\Program Files (x86)\JoWood\Sherlock Holmes\sherlock.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN29J291Y1" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "39ffxtbr@MapsGalaxy_39.com"="C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11-03-2011 22:26] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm244^YY^nl&ptb=B08F10B7-5DBD-456E-BE97-8A10E14D4438&si=KI_MAPS_FIG_HOL_20" "Search Page"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "Search Bar"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://speedial.com/?f=1&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://speedial.com/?f=1&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "SearchAssistant"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} Web Search Url="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {31090377-0740-419E-BEFC-A56E50500D5B} Speedial Url="http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12ffxtbr@MyScrapNook_12.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\39ffxtbr@MapsGalaxy_39.com deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:56732;https=127.0.0.1:56732" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\Advanced System Protector" not found ==== EOF on di 10-06-2014 at 19:18:47,59 ====================== - - - Updated - - - Hoi, Ik heb hem laten lopen. Wel enkele foutmeldingen die voorbij kwamen. Log: Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by Van der Pol on di 10-06-2014 at 17:35:42,16. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: G:\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10-6-2014 19:07:16 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Van der Pol\AppData\Roaming\HPAppData deleted successfully C:\Users\Van der Pol\AppData\Local\Zylom Games deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0214754e-4e7d-4589-829d-e2523e6a3085} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65f159fb-5f5e-46f4-b45d-ccfa236d2073} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{b3b5c47e-61f7-4d81-af06-461fc86686ce} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fe6f06fb-0fc0-4499-828f-ee48088f504f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MapsGalaxy_39Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyScrapNook_12Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util Webget deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wajam Internet Enhancer Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{55685567-4840-4a91-962b-49a412e9485a}Gw64 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MapsGalaxy Home Page Guard 64 bit"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ApnUpdater"=- "My Scrap Nook Search Scope Monitor"=- "MyScrapNook_12 Browser Plugin Loader"=- "MapsGalaxy Search Scope monitor"=- "MapsGalaxy_39 Browser Plugin Loader"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGA~2\WI3C8A~1 not found C:\Program Files (x86)\Ask.com not found C:\Program Files (x86)\MyScrapNook_12 deleted C:\Program Files (x86)\MapsGalaxy_39 deleted C:\Program Files (x86)\Wajam deleted C:\Program Files (x86)\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\Speedial deleted C:\Users\Van der Pol\AppData\Roaming\0F1F1C2Y1H1P1C0I0T deleted "C:\Windows\tasks\Speedial.job" deleted "C:\windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\webget\updatewebget.exe" deleted "C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe" deleted "C:\Program Files (x86)\Advanced System Protector\aspsys.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Compression.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.FileSystem.dll" deleted "C:\Program Files (x86)\Advanced System Protector\Xceed.Zip.dll" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget\bin\utilwebget.exe" deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\webget" not deleted "C:\Program Files (x86)\Advanced System Protector" not deleted "C:\Program Files (x86)\webget\bin" not deleted "C:\Program Files (x86)\webget\bin" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\VANDER~1\AppData\Local\Temp ==== 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe ====== Java Cache ===== 2014-05-23 15:38:07 758B994C073FD2E6C155CD06396C1939 5146 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\48d5580d-217b9ee2 2014-06-03 18:24:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6c34baa0-57e9cef0 2014-05-23 15:38:06 6BDE501FC0B6832BFB411FBA494963A3 633 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-154ee728 2014-05-23 15:38:06 30C4CA5C3A383D0CD662489698E37DAA 38 ----a-w- C:\Users\Van der Pol\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\4e2cde72-6.0.lap ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\Sysnative\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\Sysnative\roboot64.exe ====== C:\Windows\Sysnative\drivers ===== 2014-05-14 07:21:48 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-05-14 07:21:47 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2014-06-10 15:32:43 F7449C7A88182ED8FFDA8E6DC290AEDC 3120 ----a-w- C:\Windows\Sysnative\Tasks\Advanced System Protector_startup 2014-06-05 08:34:16 50600852899F195E146D9597E05F8D4A 3286 ----a-w- C:\Windows\Sysnative\Tasks\PC Speed Maximizer Schedule 2014-06-05 08:20:02 E93B8ACEDD6ED3C44C1F4FF876141F01 2908 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_DEFAULT 2014-06-05 08:20:02 D58F921168EE50107E594DB600336EA9 3064 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro_UPDATES 2014-06-05 08:20:02 4EF6BACCF177F46F802CBFE620925D5E 296 ----a-w- C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-06-05 08:20:02 416654C10F07A17ABBEF489B763A99CE 288 ----a-w- C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-06-05 08:19:57 D8113471914AF22112C7EF7C7837A406 3108 ----a-w- C:\Windows\Sysnative\Tasks\RegClean Pro ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-10 10:28:04 -------- d-----w- C:\Program Files\trend micro 2014-05-23 16:25:52 -------- d-----w- C:\Program Files\Paint.NET ======= C:\PROGRA~2 ===== 2014-06-05 08:29:07 -------- d-----w- C:\PROGRA~2\PC Speed Maximizer 2014-06-05 08:20:11 -------- d-----w- C:\PROGRA~2\Advanced System Protector 2014-06-05 08:19:56 -------- d-----w- C:\PROGRA~2\webget 2014-06-05 08:19:42 -------- d-----w- C:\PROGRA~2\RegClean Pro ======= C: ===== ====== C:\Users\Van der Pol\AppData\Roaming ====== 2014-06-10 15:00:49 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\PC Speed Maximizer 2014-06-05 09:20:01 BA5384A92FC840DF834CA447D2378495 46 ----a-w- C:\Users\Van der Pol\AppData\Roaming\WB.CFG 2014-06-05 08:19:55 -------- d-----w- C:\Users\Van der Pol\AppData\Roaming\Systweak 2014-06-05 08:19:41 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Programs 2014-05-23 16:25:03 -------- d-----w- C:\Users\Van der Pol\AppData\Local\Paint.NET ====== C:\Users\Van der Pol ====== 2014-06-10 14:58:56 -------- d-----w- C:\ProgramData\Systweak 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam 2014-06-05 08:29:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-06-05 08:23:42 -------- d-----w- C:\ProgramData\Package Cache 2014-06-05 08:20:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector 2014-06-05 08:19:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe ====== C: exe-files == 2014-06-05 08:31:08 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1 (1).exe 2014-06-05 08:31:01 3C9C0069A35CF7DCF927883D1F5826DE 4996960 ----a-w- C:\Users\Van der Pol\Downloads\rcpafterdownloadcp_ntb_ad_6389_cpntb1.exe 2014-06-05 08:29:10 BBEE112F5E5DBDCA1B5E07B5739CA70B 455480 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\Startw3i.exe 2014-06-05 08:29:10 461CBEA1B887D2BDE471480620F3C58F 246584 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMUninstaller.exe 2014-06-05 08:29:09 E6D76E14D6E27EB476704FE8364D95DB 424760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe 2014-06-05 08:29:09 2B702119C8B5267E52E2D447B681880B 423736 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe 2014-06-05 08:29:09 1993B0D699952B988F64BA5DCB3B8948 900920 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe 2014-06-05 08:29:09 166E3193456B473CA73270C62E253158 134968 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe 2014-06-05 08:29:08 556E3265A65CB46ED09F96A2773A5B6D 808760 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\SPMGuard.exe 2014-06-05 08:29:07 B963E6638568E9768EE2DB78A4967EC0 22241592 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe 2014-06-05 08:29:07 1CBF2A4802ED00DBD874942271C0E809 707354 ----a-w- C:\Program Files (x86)\PC Speed Maximizer\unins000.exe 2014-06-05 08:25:01 2B48F69517044D82E1EE675B1690C08B 455576 ------w- C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe 2014-06-05 08:23:42 1191BA2A9908EE79C0220221233E850A 455720 ----a-w- C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe 2014-06-05 08:22:02 BBE47A7166CA3308688B7ABCA1945871 346000 ----a-w- C:\Users\Van der Pol\AppData\Local\Temp\Creative Cloud Helper.exe 2014-06-05 08:20:20 2CD0390BE76B133DDC9D683A44520613 644616 ----a-w- C:\Users\Van der Pol\AppData\Roaming\Systweak\ssd\SSDPTstub.exe 2014-06-05 08:20:11 CB8572E790FCE09714143741C20E9934 16896 ----a-w- C:\Windows\System32\sasnative64.exe 2014-06-05 08:19:55 05F8514B9A19E9DB2951CE9779B3B7D0 20312 ----a-w- C:\Windows\System32\roboot64.exe 2014-06-05 08:19:50 EB61D454169CA91A093AFE9C71236F25 101208 ----a-w- C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe 2014-06-05 08:19:50 E03A4ECCB702B92247FCBBF235D8AB18 545112 ----a-w- C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe 2014-06-05 08:19:50 9951BDD2C1F57ED1FEC4AE9E1486D49A 598448 ----a-w- C:\Program Files (x86)\RegClean Pro\systweakasp.exe 2014-06-05 08:19:43 893F751C09D408A3B244F921A9354FD4 7913304 ----a-w- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe 2014-06-05 08:19:42 3A3A07A7A71FED38FD54AEF89529AAD8 1199960 ----a-w- C:\Program Files (x86)\RegClean Pro\unins000.exe 2014-06-05 08:19:35 A713130E00447882474B6185C7585363 3867000 ----a-w- C:\Users\Van der Pol\Downloads\adobe-photoshop [1].exe === C: other files == 2014-06-07 15:24:37 DAD95015747A9E7B4725D6F3D23D712E 328 ----a-w- C:\Users\Van der Pol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AR97B5WG\home[1].vbs ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "MapsGalaxy Home Page Guard 64 bit"="C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2011-03-11 20:25:45 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 23:23] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-01-2013 15:22] C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] C:\Windows\tasks\RegClean Pro_UPDATES.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [25-04-2014 14:49] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PC Speed Maximizer Schedule" ["C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe"] "C:\Windows\SysNative\tasks\RegClean Pro" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_DEFAULT" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\RegClean Pro_UPDATES" [C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe] "C:\Windows\SysNative\tasks\Scheduled Update for Ask Toolbar" [C:\Program Files (x86)\Ask.com\UpdateTask.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9FBC6B3E-ED92-453F-B719-F095842F90E9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{4671122A-4652-42FE-A47D-C648D54CE830}" [C:\Program Files (x86)\JoWood\Sherlock Holmes\sherlock.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN29J291Y1" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "39ffxtbr@MapsGalaxy_39.com"="C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [11-03-2011 22:26] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^UX^xdm244^YY^nl&ptb=B08F10B7-5DBD-456E-BE97-8A10E14D4438&si=KI_MAPS_FIG_HOL_20" "Search Page"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "Search Bar"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://speedial.com/?f=1&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://speedial.com/?f=1&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" "SearchAssistant"="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} Web Search Url="http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=NL&userid=cc90fd21-668a-a239-cc99-83c1c16fccd5&searchtype=ds&q={searchTerms}&installDate=01/11/2013" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {31090377-0740-419E-BEFC-A56E50500D5B} Speedial Url="http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frmr_14_23_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0BtAyBtD0E0E0CtAtA0B0BtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEyEtByBtBzztAyDtG0FyCyCyCtGzytAtA0FtG0AtBzzzytGyE0ByC0AtBtCyD0ByEtByDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtCyCyBzztD0BtG0AzyyCtAtGtB0BtDtBtG0CtBzz0FtGyBtAyD0EtCzzyCtDtBzz0Ezy2Q&cr=164852369&ir=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_USERS\S-1-5-21-2428301120-254103319-3861117350-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc264a72-fa75-4948-b881-ea8eff8e5dd2} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12ffxtbr@MyScrapNook_12.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\39ffxtbr@MapsGalaxy_39.com deleted successfully ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:56732;https=127.0.0.1:56732" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\webget" not found "C:\Program Files (x86)\Advanced System Protector" not found ==== EOF on di 10-06-2014 at 19:18:47,59 ====================== - - - Updated - - - excuses. als bijlage lukte niet. - - - Updated - - - excuses. als bijlage lukte niet.

Het terug zetten is gelukt. Nu alleen wel veel schermen die omhoog komen. PC Speed Maximizer en Reg Clean Pro. Bijgevoegd ook printscreen van internet die niet werkt. (Toch weggelaten nog even i.v.m. rare tekens waarin de tekst veranderd als ik de usb op mijn eigen laptop zet) Zou hier mogelijk ook een virus bij kunnen zitten? Groetjes

Hoi, Ik heb adware cleaner en de malwarebytes anti-malware laten draaien. Alles stap voor stap doorlopen. De logjes: Log malware.txt AdwCleaner[R0].txt AdwCleaner[S0].txt

Ik heb het gedaan. Nu doet internet het helaas niet. Krijg van het HP Netwerk Controle een foutmelding. Dit gaat om poortprobleem 316

Beste moderators. IK zit nu op de laptop van mijn schoonmoeder. Ze heeft last van advertenties en een hele trage laptop. Ik heb een RSIT logje gemaakt. Zouden jullie hier naar willen kijken? Dit onderstaande logje: [ATTACH]32781[/ATTACH] Met vriendelijke groet, LotV2 log.txt

Helemaal goed. Hartelijk dank!

Excuses dat het even geduurd heeft. Drukke tijd. Hierbij het logbestand: # AdwCleaner v3.015 - Report created 19/12/2013 at 09:10:22 # Updated 10/12/2013 by Xplode # Operating System : Windows 8 (64 bits) # Username : Mediamarkt2 - VERA # Running from : C:\Users\Mediamarkt2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZA8NX7V\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1583 octets] - [19/12/2013 09:09:14] AdwCleaner[s0].txt - [1510 octets] - [19/12/2013 09:10:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1570 octets] ##########

Zoek.exe Version 4.0.0.5 Updated 30-November-2013 Tool run by Mediamarkt2 on ma 02-12-2013 at 11:34:04,16. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mediamarkt2\Desktop\zoek.exe [script inserted] [Checkboxes used] ==== System Restore Info ====================== 2-12-2013 11:36:17 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Users\Mediamarkt2\AppData\Roaming\hpqlog deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2499239261-3902574125-147780791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_USERS\S-1-5-21-2499239261-3902574125-147780791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_USERS\S-1-5-21-2499239261-3902574125-147780791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{06BC3F51-2E1B-4045-AF16-7808AA00B723} deleted successfully HKEY_USERS\S-1-5-21-2499239261-3902574125-147780791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-2499239261-3902574125-147780791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F2437AF-7575-8E54-5DAB-6769E0866414}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F2437AF-7575-8E54-5DAB-6769E0866414}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\surf aannd akEEep deleted C:\ProgramData\surf aannd akEEep deleted C:\ProgramData\9077d6ea9c26dfcc deleted C:\ProgramData\InstallMate deleted C:\Users\Mediamarkt2\AppData\LocalLow\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted C:\Users\Mediamarkt2\AppData\Local\Packages\windows_ie_ac_001\AC\{9F2437AF-7575-8E54-5DAB-6769E0866414} deleted C:\Windows\tasks\SK.Enhancer-S-747939423.job deleted C:\windows\SysNative\tasks\SK.Enhancer-S-747939423 deleted C:\Bestanden Vera\Prive\Nieuwe map\CR_Downloader_for_pokemon-firered.exe deleted "C:\ProgramData\WinterSoft\SK.Enhancer\SK.Enhancer.exe" deleted "C:\ProgramData\WinterSoft" not deleted "C:\ProgramData\WinterSoft\SK.Enhancer" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\MEDIAM~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-11-14 10:42:04 E94F7A7B48C7638D1F3F8089344C97B7 151896 ----a-w- C:\Windows\Sysnative\drivers\tpm.sys 2013-11-14 10:42:04 C1646A95EAC515F60CDB2A7A8A013C1E 465240 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys 2013-11-14 10:42:02 07C872F13ACC81A5F10DEC6CF37BF9A8 61784 ----a-w- C:\Windows\Sysnative\drivers\crashdmp.sys 2013-11-14 10:41:38 7C0E0EDF18D6CC565D7BFBB451709FA5 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-14 10:41:34 44BB9C31E6242C4BD1CE7C2B440C2533 96600 ----a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-28 10:28:26 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Mediamarkt2\AppData\Roaming ====== ====== C:\Users\Mediamarkt2 ====== 2013-11-28 10:28:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Mediamarkt2\Downloads\RSITx64.exe 2013-11-14 13:38:38 -------- d-----w- C:\ProgramData\WinterSoft ====== C: exe-files == 2013-11-28 10:28:26 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mediamarkt2.exe 2013-11-28 10:28:10 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Mediamarkt2\Downloads\RSITx64.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-02-2013 13:17] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-02-2013 13:17] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== surrf and Kaeep - Mediamarkt2 - Default\Extensions\akhcnjnnpdpcodjallfmikcloeljjjie Google Docs - Mediamarkt2 - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Mediamarkt2 - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Mediamarkt2 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Mediamarkt2 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Mediamarkt2 - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Mediamarkt2 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Extensions\akhcnjnnpdpcodjallfmikcloeljjjie deleted successfully C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akhcnjnnpdpcodjallfmikcloeljjjie_0.localstorage deleted successfully C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akhcnjnnpdpcodjallfmikcloeljjjie_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/CQCON13/7" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://g.uk.msn.com/CQCON13/7" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CC14472-9C7B-10D2-9AF3-C8956544E92B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-747939423 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mediamarkt2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mediamarkt2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Mediamarkt2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MEDIAM~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\WinterSoft" not found ==== EOF on ma 02-12-2013 at 11:49:52,87 ======================

Ik zie net dat jullie nu met RSIT werken. Dus maar even een logje van RSIT info.txt logfile of random's system information tool 1.09 2013-11-28 11:28:37 ======Uninstall list====== Adobe Shockwave Player 11.6-->"C:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe" ANNO 2070-->"C:\Program Files (x86)\InstallShield Installation Information\{B48E264C-C8CD-4617-B0BE-46E977BAD694}\setup.exe" -runfromtemp -l0x0809 -removeonly Apple Application Support-->MsiExec.exe /I{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1} Apple Mobile Device Support-->MsiExec.exe /I{2F72F540-1F60-4266-9506-952B21D6640D} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} Connected Music powered by Universal Music Group version 1.0-->"C:\Program Files (x86)\Connected Music powered by Universal Music Group\unins000.exe" CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF} Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}" "1043" "0" Energy Star-->MsiExec.exe /I{0FA995CC-C849-4755-B14B-5404CC75DC24} Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hewlett-Packard ACLM.NET v1.2.0.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F} HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544} HP Documentation-->MsiExec.exe /X{8E7CB625-076C-4812-87B9-A2695C2CFABF} HP Postscript Converter-->MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD} HP Quick Launch-->MsiExec.exe /I{4ED7050C-9332-4FB2-AB07-E94F25A53D39} HP Recovery Manager-->MsiExec.exe /I{528AB81B-D65A-4AB0-A2B6-82B51A087D01} HP Registration Service-->MsiExec.exe /X{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA} HP Software Framework-->MsiExec.exe /X{4983EBE7-5117-43C9-8DE1-FFEBFDBD35DB} HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe" -runfromtemp -l0x0409 -removeonly HP Utility Center-->MsiExec.exe /I{0C57987A-A03A-4B95-A309-D23F78F406CA} HP Wireless Button Driver-->MsiExec.exe /X{941DE69D-6CEE-4171-8F1F-3D7E352AA498} Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall Intel® SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} iTunes-->MsiExec.exe /I{0225AD21-F3E2-4916-BFF3-65D3F9052582} Microsoft Office Access MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0015-0413-0000-0000000FF1CE} Microsoft Office Excel MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0016-0413-0000-0000000FF1CE} Microsoft Office Home and Student 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE} Microsoft Office OneNote MUI (Dutch) 2010-->MsiExec.exe /X{90140000-00A1-0413-0000-0000000FF1CE} Microsoft Office Outlook MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001A-0413-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0018-0413-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2010-->MsiExec.exe /X{90140000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE} Microsoft Office Proofing (Dutch) 2010-->MsiExec.exe /X{90140000-002C-0413-0000-0000000FF1CE} Microsoft Office Publisher MUI (Dutch) 2010-->MsiExec.exe /X{90140000-0019-0413-0000-0000000FF1CE} Microsoft Office Shared 64-bit MUI (Dutch) 2010-->MsiExec.exe /X{90140000-002A-0413-1000-0000000FF1CE} Microsoft Office Shared MUI (Dutch) 2010-->MsiExec.exe /X{90140000-006E-0413-0000-0000000FF1CE} Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE} Microsoft Office Word MUI (Dutch) 2010-->MsiExec.exe /X{90140000-001B-0413-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6} Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} Ralink RT5390R 802.11bgn Wi-Fi Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0013 -removeonly Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}" "1043" "0" Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0413-0000-0000000FF1CE}" "{63EF0C85-5B63-410F-ACE4-C1D4E6769E7A}" "1043" "0" Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1043" "0" Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{FCF15674-9DAA-46C3-BF37-BDA4BA00F656}" "1043" "0" Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{6840DC59-F17B-415D-BA04-A62A164C7E7A}" "1043" "0" Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{D1673BA3-FA9D-434F-BD8B-CF663F1A70BA}" "1043" "0" Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0413-0000-0000000FF1CE}" "{9A854864-23D5-4FD5-8357-F4602A2A7CC4}" "1043" "0" Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EC2CA755-17D8-4392-A91E-FD4D2DD31072}" "1043" "0" Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0241FB40-015F-42AC-A711-1AE59E346B51}" "1043" "0" Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{FD346649-CCFA-4FB8-9406-ED3FC568BC72}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0413-0000-0000000FF1CE}" "{2C2D6CA0-1F04-4551-A82A-E0800CD616FA}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0413-1000-0000000FF1CE}" "{8218F3D1-A3CE-483C-819B-855338E4397C}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0413-0000-0000000FF1CE}" "{0B17C286-F7CC-4605-80D0-B465D5A44152}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0413-0000-0000000FF1CE}" "{07466203-7D4B-49A0-85BC-85CCC297AD9E}" "1043" "0" Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0413-0000-0000000FF1CE}" "{1EF831B5-7C57-4E6E-AC68-2FC4C32E9B77}" "1043" "0" SK.Enhancer-->"c:\programdata\wintersoft\sk.enhancer\sk.enhancer.exe" /uninstall surf aannd akEEep-->"C:\ProgramData\surf aannd akEEep\eNd8KKWyLy.exe" /s /n /i:"ExecuteCommands;UninstallCommands" "" swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1043" "0" Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1043" "0" Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1043" "0" Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1043" "0" Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1043" "0" Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1043" "0" Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1043" "0" Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1043" "0" Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1043" "0" Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1043" "0" Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1043" "0" Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1043" "0" Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}" "1043" "0" Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}" "1043" "0" Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}" "1043" "0" Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0413-0000-0000000FF1CE}" "{01C54C3F-EF56-4753-A0EC-6B3938822923}" "1043" "0" Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}" "1043" "0" Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{8C55AA83-54C2-4236-A622-78440A411DC5}" "1043" "0" Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}" "1043" "0" VLC media player 2.0.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{2A07C35B-8384-4DA4-9A95-442B6C89A073} Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33} Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917} Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399} Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08} Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38} Windows Live Movie Maker-->MsiExec.exe /X{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92} Windows Live Photo Common-->MsiExec.exe /X{9BD262D0-B788-4546-A0A5-F4F56EC3834B} Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3} Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002} Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1} Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7} Windows Live Photo Gallery-->MsiExec.exe /X{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA} Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F} Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F} Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4} Windows Live UX Platform Language Pack-->MsiExec.exe /I{D6F25CF9-4E87-43EB-B324-C12BE9CDD668} Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} Windows Live Writer Resources-->MsiExec.exe /X{14B441B7-774D-4170-98EA-A13667AE6218} Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467} Windows Live Writer-->MsiExec.exe /X{7E017923-16F8-4E32-94EF-0A150BD196FE} Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04} Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF} Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E} ======System event log====== Computer Name: WIN-Q0IJ8VNI91E Event Code: 7040 Message: Het opstarttype van de service Windows Search is gewijzigd van automatisch starten in uitgeschakeld. Record Number: 743 Source Name: Service Control Manager Time Written: 20121007072621.885887-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 1014 Message: In de naamomzetting voor de naam detect.gocyberlink.com is een time-out opgetreden omdat geen van de geconfigureerde DNS-servers reageert. Record Number: 742 Source Name: Microsoft-Windows-DNS-Client Time Written: 20121007072616.096936-000 Event Type: Waarschuwing User: NT AUTHORITY\NETWORK SERVICE Computer Name: WIN-Q0IJ8VNI91E Event Code: 104 Message: Logboekbestand Setup is gewist. Record Number: 741 Source Name: Microsoft-Windows-Eventlog Time Written: 20121007072617.081385-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 104 Message: Logboekbestand Application is gewist. Record Number: 740 Source Name: Microsoft-Windows-Eventlog Time Written: 20121007072616.909502-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 104 Message: Logboekbestand System is gewist. Record Number: 739 Source Name: Microsoft-Windows-Eventlog Time Written: 20121007072616.846997-000 Event Type: Informatie User: =====Application event log===== Computer Name: WIN-Q0IJ8VNI91E Event Code: 105 Message: msiexec (796) Instance: De database-engine heeft een nieuwe sessie (0) gestart. (Tijd=0 seconden) Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000. Record Number: 791 Source Name: ESENT Time Written: 20121007072832.000000-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 102 Message: msiexec (796) Instance: De database-engine (6.02.9200.0000) start een nieuwe sessie (0). Record Number: 790 Source Name: ESENT Time Written: 20121007072832.000000-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 1003 Message: De Windows Search-service is gestart. Record Number: 789 Source Name: Microsoft-Windows-Search Time Written: 20121007072623.000000-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 1013 Message: De Windows Search-service is normaal gestopt. Record Number: 788 Source Name: Microsoft-Windows-Search Time Written: 20121007072622.000000-000 Event Type: Informatie User: Computer Name: WIN-Q0IJ8VNI91E Event Code: 103 Message: SearchIndexer (716) Windows: De database-engine heeft de sessie (0) stopgezet. Dirty Shutdown: 0 Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.062, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.032, [10] 0.000, [11] 0.015, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000. Record Number: 787 Source Name: ESENT Time Written: 20121007072622.000000-000 Event Type: Informatie User: =====Security event log===== Computer Name: mediamarkt Event Code: 4907 Message: De controle-instellingen voor een object zijn gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: MEDIAMARKT$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Object: Objectserver: Security Objecttype: File Objectnaam: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nl\Microsoft.Transactions.Bridge.Dtc.resources.dll Ingangs-id: 0x4c Procesgegevens: Proces-id: 0x368 Procesnaam: C:\Windows\System32\poqexec.exe Controle-instellingen: Oorspronkelijke security descriptor: S:AI Nieuwe security descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 4355 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130225164102.123904-000 Event Type: Controle geslaagd User: Computer Name: mediamarkt Event Code: 4907 Message: De controle-instellingen voor een object zijn gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: MEDIAMARKT$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Object: Objectserver: Security Objecttype: File Objectnaam: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nl\Microsoft.Transactions.Bridge.resources.dll Ingangs-id: 0x4c Procesgegevens: Proces-id: 0x368 Procesnaam: C:\Windows\System32\poqexec.exe Controle-instellingen: Oorspronkelijke security descriptor: S:AI Nieuwe security descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 4354 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130225164101.905139-000 Event Type: Controle geslaagd User: Computer Name: mediamarkt Event Code: 4907 Message: De controle-instellingen voor een object zijn gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: MEDIAMARKT$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Object: Objectserver: Security Objecttype: File Objectnaam: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nl\System.Web.Abstractions.resources.dll Ingangs-id: 0x4c Procesgegevens: Proces-id: 0x368 Procesnaam: C:\Windows\System32\poqexec.exe Controle-instellingen: Oorspronkelijke security descriptor: S:AI Nieuwe security descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 4353 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130225164101.764489-000 Event Type: Controle geslaagd User: Computer Name: mediamarkt Event Code: 4907 Message: De controle-instellingen voor een object zijn gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: MEDIAMARKT$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Object: Objectserver: Security Objecttype: File Objectnaam: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nl\Microsoft.Activities.Build.resources.dll Ingangs-id: 0x4c Procesgegevens: Proces-id: 0x368 Procesnaam: C:\Windows\System32\poqexec.exe Controle-instellingen: Oorspronkelijke security descriptor: S:AI Nieuwe security descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 4352 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130225164101.623876-000 Event Type: Controle geslaagd User: Computer Name: mediamarkt Event Code: 4907 Message: De controle-instellingen voor een object zijn gewijzigd. Onderwerp: Beveiligings-id: S-1-5-18 Accountnaam: MEDIAMARKT$ Accountdomein: WORKGROUP Aanmeldings-id: 0x3E7 Object: Objectserver: Security Objecttype: File Objectnaam: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nl\System.ServiceModel.Web.resources.dll Ingangs-id: 0x4c Procesgegevens: Proces-id: 0x368 Procesnaam: C:\Windows\System32\poqexec.exe Controle-instellingen: Oorspronkelijke security descriptor: S:AI Nieuwe security descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD) Record Number: 4351 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20130225164101.483243-000 Event Type: Controle geslaagd User: ======Environment variables====== "FP_NO_HOST_CHECK"=NO "USERNAME"=SYSTEM "Path"=C:\PROGRAM FILES (X86)\INTEL\ICLS CLIENT\;C:\PROGRAM FILES\INTEL\ICLS CLIENT\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES (X86)\WINDOWS LIVE\SHARED;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\2.0\BIN\X64;C:\PROGRAM FILES\INTEL\INTEL® MANAGEMENT ENGINE COMPONENTS\DAL;C:\PROGRAM FILES\INTEL\INTEL® MANAGEMENT ENGINE COMPONENTS\IPT;C:\PROGRAM FILES (X86)\INTEL\INTEL® MANAGEMENT ENGINE COMPONENTS\DAL;C:\PROGRAM FILES (X86)\INTEL\INTEL® MANAGEMENT ENGINE COMPONENTS\IPT "ComSpec"=%SystemRoot%\system32\cmd.exe "TMP"=%SystemRoot%\TEMP "OS"=Windows_NT "windir"=%SystemRoot% "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=2a07 "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Presario "asl.log"=Destination=file -----------------EOF-----------------