Zoek.exe Version 4.0.0.5 Updated 05-December-2013 Tool run by Dirk on ma 09/12/2013 at 11:12:02,36. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Software 2013\ZoekZip2\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 9/12/2013 11:13:33 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Nokia {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser64.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\Nitro PDF deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\Bitdefender deleted successfully C:\Program Files\McAfee deleted successfully C:\ProgramData\\Babylon deleted successfully C:\Users\Dirk\AppData\Roaming\Anexbi deleted successfully C:\Users\Dirk\AppData\Roaming\CyberLink deleted successfully C:\Users\Dirk 2\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D6FCADFB-597F-457F-A468-51861B5F13E4} deleted successfully HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-462824799-3137052604-784381099-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.2.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default user.js not found ---- Lines mysearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- FireFox user.js and prefs.js backups ---- prefs_20130912_1121_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\SoftwareUpdater deleted C:\PROGRA~2\Tepfel deleted C:\PROGRA~2\MyFree Codec deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Dirk\AppData\Roaming\Tepfel deleted C:\Users\Dirk\AppData\Roaming\BabSolution deleted C:\Users\Dirk\AppData\Roaming\Babylon deleted C:\ProgramData\\BrowserDefender deleted C:\ProgramData\\Partner deleted C:\ProgramData\\AVG Secure Search deleted C:\ProgramData\\Tarma Installer deleted C:\Users\Dirk\AppData\Local\AVG Secure Search deleted C:\Users\Dirk 2\AppData\Local\AVG Secure Search deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender deleted C:\Users\Dirk\Downloads\avg_free_stb_all_2012_1901_cnet.exe deleted C:\Users\Dirk\Downloads\avg_free_stb_all_2012_2197_cnet.exe deleted C:\Users\Dirk\AppData\LocalLow\AVG Secure Search deleted C:\Users\Dirk 2\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default\searchplugins\babylon.xml deleted C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default\bProtector_extensions.sqlite deleted "C:\Users\Dirk\AppData\Roaming\Analog Swirl" deleted "C:\Users\Dirk\AppData\Roaming\Analog Sync" deleted "C:\Users\Dirk\AppData\Roaming\Animals" deleted "C:\ProgramData\Application" deleted "C:\ProgramData\Application Support" deleted "C:\ProgramData\Applications" deleted "C:\ProgramData\Bass" deleted "C:\ProgramData\Bass Reduction" deleted "C:\ProgramData\Booms" deleted "C:\Users\Dirk\AppData\Roaming\Yhbak\owgiu.kes" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.2.0\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll" deleted "C:\Users\Dirk\AppData\Roaming\Yhbak" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.2.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.2.0" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Dirk\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-26 11:00:33 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\SysWOW64\elshyph.dll 2013-11-26 11:00:29 F705F52FC41577641E82B9934728B02C 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-26 11:00:29 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-26 11:00:29 B68750104FBA545C633B7E9AEA660208 2166272 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-26 11:00:29 B5EB5BD3066959611E1F7A80FD6CC172 1818112 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-26 11:00:29 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\SysWOW64\jsIntl.dll 2013-11-26 11:00:29 4A7956EE34BE56D20C54CF6A47693C25 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-26 11:00:29 44D5C650C971910827EA65B4D989ED94 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2013-11-26 11:00:29 2EE1E467D73642AFDDB03019F58C252B 1156608 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-26 11:00:29 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\SysWOW64\msls31.dll 2013-11-26 11:00:29 22868FAAF9C851BFA924B8D7EDB6CBC1 11220992 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-26 11:00:28 FB0D1CC2911A0645DDA6C0608473EB55 34816 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-26 11:00:28 F9F114B2A6F876C92D317A755494F233 17142784 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-26 11:00:28 F8DE2F74CD4323BABBDACAADD9A39254 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-11-26 11:00:28 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2013-11-26 11:00:28 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-26 11:00:28 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\Windows\SysWOW64\inseng.dll 2013-11-26 11:00:28 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\Windows\SysWOW64\html.iec 2013-11-26 11:00:28 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\SysWOW64\url.dll 2013-11-26 11:00:28 C3B0DBD04CC18574B0706CA119902474 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2013-11-26 11:00:28 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat 2013-11-26 11:00:28 BE8B10D84DDD8F43A32EE013B54F5287 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-11-26 11:00:28 BC2C13A3B664B686DA52D558FE5502FC 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-26 11:00:28 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll 2013-11-26 11:00:28 AE254DBF16E3E3D7C35ED017B4B55EC6 4240384 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-26 11:00:28 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe 2013-11-26 11:00:28 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\SysWOW64\licmgr10.dll 2013-11-26 11:00:28 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\SysWOW64\tdc.ocx 2013-11-26 11:00:28 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2013-11-26 11:00:28 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-26 11:00:28 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-11-26 11:00:28 81A605B0F3A29A117AB83A08D40F772F 1926656 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-11-26 11:00:28 809804D8AED97AEA96B3D4B66A4C5C70 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2013-11-26 11:00:28 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-26 11:00:28 71144A47CD02FDDC77DDF5EB5315767F 523776 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-26 11:00:28 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\SysWOW64\imgutil.dll 2013-11-26 11:00:28 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe 2013-11-26 11:00:28 6A794439B6612E43FEDE0217C919B652 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-11-26 11:00:28 6922D7ED84AE102504174922D5D42F49 238288 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2013-11-26 11:00:28 64831CAD496A073398853A34A5813675 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-11-26 11:00:28 5EC13202430A3EB68DFF44CF1FEEA2BE 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-26 11:00:28 5DFE55E0221F0C5FA4D6CECFA72B1D78 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-11-26 11:00:28 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-26 11:00:28 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2013-11-26 11:00:28 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll 2013-11-26 11:00:28 4D4726D1AD5ED1590A62685F92900594 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-26 11:00:28 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\SysWOW64\pngfilt.dll 2013-11-26 11:00:28 433161597584186EF806EFC8EA530433 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2013-11-26 11:00:28 2AF48780D879AFC43733159CB29CD8BD 1051136 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-26 11:00:28 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2013-11-26 11:00:28 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\Windows\SysWOW64\occache.dll 2013-11-26 11:00:28 08B56CF57B7CE44315034247CC76D0F1 244736 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2013-11-26 11:00:28 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\Windows\SysWOW64\webcheck.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-26 11:03:25 2D01F001F8E45924E57B7BB77CF96BC2 28368 ----a-w- C:\Windows\Sysnative\IEUDINIT.EXE 2013-11-26 11:00:33 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2013-11-26 11:00:29 8F7FBD0177F79727CF945ABDA657A0AC 235008 ----a-w- C:\Windows\Sysnative\elshyph.dll 2013-11-26 11:00:28 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\Windows\Sysnative\jsIntl.dll 2013-11-26 11:00:28 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-11-26 11:00:27 FB9459892AF2AD60BDA98F820C1A28C3 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2013-11-26 11:00:27 E6CB36B85BE59095337427E853A5B65A 2332160 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-26 11:00:27 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2013-11-26 11:00:27 D6C88A6094D1FDAC56A186BBD7F06357 40448 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2013-11-26 11:00:27 D31AE751B6DACAFD0D7CC99EAE9606C2 131072 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll 2013-11-26 11:00:27 CE8831D2DCB5803A4CBC8EDCCBBC2A05 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx 2013-11-26 11:00:27 C70F72684CDCF9BB142F50F98BB1DD9C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-26 11:00:27 B99C7CC6ED6917E3035A12171F40D240 5765120 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-26 11:00:27 95951E6A277F78FA13A85F2F408F4C0B 12995584 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-26 11:00:27 5BECC17076F1806F60BB259B654FAC5C 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2013-11-26 11:00:27 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe 2013-11-26 11:00:27 43D9CE875F8FC8370C6BA2F74D50D01C 1394176 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-26 11:00:27 3A4FD19F13F8809BA08E9F76C0E38832 413696 ----a-w- C:\Windows\Sysnative\html.iec 2013-11-26 11:00:27 3168FA85740503BAE77DB821CB3EE4FB 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-26 11:00:27 2EBD0C5B090125AECF017C57344C45AB 247808 ----a-w- C:\Windows\Sysnative\msls31.dll 2013-11-26 11:00:27 2405D24AA28CCC4CC7E0CC0AE008746F 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll 2013-11-26 11:00:27 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 105984 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-11-26 11:00:27 092F3E7D054FDF779054E29A0A0D4267 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-26 11:00:27 038ABC9BCC86DFF9E181D44E43E2CEBA 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2013-11-26 11:00:27 0134898497B6C6CD50F7FC5DE85712A6 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2013-11-26 11:00:26 FD61D51199F3FC9EB0023FBF405EAAD0 147968 ----a-w- C:\Windows\Sysnative\occache.dll 2013-11-26 11:00:26 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2013-11-26 11:00:26 F34C20D099CF94A606A2B5B0C668B570 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2013-11-26 11:00:26 F00AE7B953ABEF1B53FBBA187DFC8238 243200 ----a-w- C:\Windows\Sysnative\webcheck.dll 2013-11-26 11:00:26 EE10AB99A480875E012CA339EC48F02B 1228800 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2013-11-26 11:00:26 E949B344680691F255C0E662D4B5BFF1 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-11-26 11:00:26 E70D4270C43CE6C46841B684315B9EFF 62464 ----a-w- C:\Windows\Sysnative\pngfilt.dll 2013-11-26 11:00:26 E36FDC470352C8F351F31959619CADD8 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-11-26 11:00:26 D36A88D22B843C3812B501434E5A67A0 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2013-11-26 11:00:26 D233E1A32CE6AF918C9DE1BC44AFEB2A 23212032 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-26 11:00:26 CC84F4E36AA96810AD766C88DD657ADB 626176 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-26 11:00:26 C92173481A58935BE15172079CF122B8 235520 ----a-w- C:\Windows\Sysnative\url.dll 2013-11-26 11:00:26 C6ECA2F7A1B189025171E6A29F2605AA 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2013-11-26 11:00:26 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\Sysnative\ieapfltr.dat 2013-11-26 11:00:26 BB6DEAFAC5F0AAEC37FEAF3F3AA48347 774144 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-26 11:00:26 ADA5C3D49A12CED9F07913DC00E547A8 48128 ----a-w- C:\Windows\Sysnative\imgutil.dll 2013-11-26 11:00:26 A8C830CABD7640EE8E6F0F1019F91E83 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-11-26 11:00:26 9870EC900829595D191BB03C6C48B479 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2013-11-26 11:00:26 9675B272086CF5D22B83B541FAA8D4EA 30208 ----a-w- C:\Windows\Sysnative\licmgr10.dll 2013-11-26 11:00:26 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\Sysnative\mshta.exe 2013-11-26 11:00:26 77FBE2E014EFB93FD037FA33AB8C7D6E 263376 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2013-11-26 11:00:26 68899208A26E4522D25DBA87FF2E98D1 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-11-26 11:00:26 612DC699EBF0AA1AAA065898D33B553A 1993728 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-11-26 11:00:26 5FAC15F872026BBC31C11D3A32B84624 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-11-26 11:00:26 5BBDBE5EBB49EA7C76A2EE7490A45D68 101376 ----a-w- C:\Windows\Sysnative\inseng.dll 2013-11-26 11:00:26 5A54ED24D5D42102A64904809215E0DC 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-26 11:00:26 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe 2013-11-26 11:00:26 45152BA21450811F4619C9C1790E7353 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2013-11-26 11:00:26 3AFA03119583647136C49B80DAD38F19 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2013-11-26 11:00:26 1FCBE949A67939ADEAE7279E423AA684 135680 ----a-w- C:\Windows\Sysnative\iepeers.dll 2013-11-26 11:00:26 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\Sysnative\wextract.exe 2013-11-26 11:00:26 0A9D5716CB1F3AFA73703F39647BB8C2 81408 ----a-w- C:\Windows\Sysnative\icardie.dll 2013-11-26 11:00:26 05018A4E76F1636EFBB7DCB76900872A 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe ====== C:\Windows\Sysnative\drivers ===== 2013-11-14 08:19:01 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-14 08:18:59 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-14 08:18:59 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-14 08:18:59 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-11-11 18:16:41 E428DFFA96FAD07D8CA3C9082563A225 103576 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys 2013-11-11 18:16:41 AAF6F247F1DC370C593B4430974EAD9C 204568 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-12-08 10:06:10 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2013-11-11 18:14:11 -------- d-----w- C:\PROGRA~2\Samsung ======= C: ===== ====== C:\Users\Dirk\AppData\Roaming ====== 2013-11-19 09:18:05 -------- d-----w- C:\Users\Dirk\AppData\Local\Apple 2013-11-18 10:21:18 -------- d-----w- C:\Users\Dirk\AppData\Local\Mozilla 2013-11-16 13:23:33 -------- d-----w- C:\Users\Dirk\AppData\Local\HP 2013-11-16 10:51:03 -------- d-----w- C:\Users\Dirk\AppData\Local\Microsoft Help 2013-11-16 10:28:42 -------- d-----w- C:\Users\Dirk\AppData\Local\Samsung 2013-11-15 19:13:51 -------- d-----w- C:\Users\Dirk\AppData\Local\Adobe 2013-11-15 19:07:41 -------- d-----w- C:\Users\Dirk\AppData\Local\Microsoft Games 2013-11-15 17:40:54 838D69769FCF86CB12AA3EBA3FD24C34 134080 ----a-w- C:\Users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT 2013-11-15 17:40:47 -------- d-----w- C:\Users\Dirk\AppData\Local\ArcSoft 2013-11-15 17:40:32 -------- d-----w- C:\Users\Dirk\AppData\Local\VirtualStore 2013-11-14 16:31:53 -------- d-----w- C:\Users\Dirk\AppData\Local\Google 2013-11-11 18:17:47 -------- d-----w- C:\Users\Dirk\AppData\Roaming\Samsung ====== C:\Users\Dirk ====== 2013-12-08 10:05:01 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Dirk\Downloads\RSITx64.exe 2013-11-15 17:49:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2013-11-11 18:15:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2013-11-11 18:14:10 -------- d-----w- C:\ProgramData\Samsung ====== C: exe-files == 2013-12-09 09:39:33 6AF6582E2578430E521C4445519375C7 4811800 ----a-w- C:\Windows\Temp\{A3497167-9B11-48DB-8C20-D6D85B8F5C45}.exe 2013-12-08 10:06:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Dirk.exe 2013-12-08 10:05:01 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Dirk\Downloads\RSITx64.exe 2013-12-06 18:00:08 0C04A51D2892F0501FED4D0EAA43FA36 1751392 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.63\31.0.1650.63_31.0.1650.57_chrome_updater.exe 2013-12-03 22:25:28 8AA39F3311B3E00D13E04EA12331928E 5953584 ----a-w- C:\Program Files (x86)\AVG\AVG2012\avgcrema.exe === C: other files == ==== Folders in C:\ProgramData\ 0-6 Months Old ====================== 2013-06-25 06:49:34 -------- d-----w- C:\ProgramData\\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-18 09:37:31 -------- d-----w- C:\ProgramData\\Nitro 2013-09-18 09:37:52 -------- d-----w- C:\ProgramData\\FileOpen 2013-11-11 18:14:10 -------- d-----w- C:\ProgramData\\Samsung ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/02/2013 10:23] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [28/02/2013 10:23] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default - Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - WebCake - %ProfilePath%\extensions\plugin@getwebcake.com - Bitdefender QuickScan - %ProfilePath%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash 7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner + 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Dirk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies F475DAA3CF6D19DA49BE7BAC0A966DB3 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Deleted Firefox Extensions ====================== C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\nnehaohk.default\extensions\plugin@getwebcake.com deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[05/11/2013 13:14] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.hln.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {EB00FFD9-2AA4-43FA-829E-EA5EFF0C4E39} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393BE460" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dirk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dirk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Dirk\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dirk\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dirk 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Dirk\AppData\Local\Mozilla\Firefox\Profiles\nnehaohk.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dirk 2\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Dirk\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dirk\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied