Zoek.exe v5.0.0.0 Updated 02-June-2014 Tool run by Server on zo 15/06/2014 at 22:21:59,75. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Server\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 15/06/2014 22:28:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\InstallShield Installation Information deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Settings Manager deleted successfully C:\PROGRA~2\Wise deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\My Dell deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Server\AppData\Roaming\EDrawings deleted successfully C:\Users\Server\AppData\Roaming\HpUpdate deleted successfully C:\Users\Server\AppData\Roaming\Lite deleted successfully C:\Users\Server\AppData\Roaming\Roxio deleted successfully C:\Users\Server\AppData\Roaming\TP deleted successfully C:\Users\Server\AppData\Local\CrashDumps deleted successfully C:\Users\Server\AppData\Local\DriverToolkit deleted successfully C:\Users\Server\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1237671266-3049961377-1512096436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Users\Server\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe C:\Users\Server\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default user.js not found ---- Lines Search removed from prefs.js ---- user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with ---- Lines Search modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{27182e60-b5f3-411c-b545-b44205977502}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20141506_2236_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\The weDownload Manager not found C:\Program Files (x86)\Better_MarkIt not found C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default\extensions\ b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a...5e264651bb.com not found C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default\extensions\extension@linkeyproject.com not found C:\ProgramData\systemk not found C:\Program Files (x86)\The weDownload Manager not found C:\Program Files (x86)\SearchProtect not found C:\Program Files (x86)\Better_MarkIt not found C:\Program Files (x86)\Linkey not found C:\Program Files (x86)\Settings Manager not found "C:\Windows\tasks\BetterMarkIt Update.job" not found "C:\Windows\tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-1.job" not found "C:\Windows\tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-3.job" not found "C:\Windows\tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-4.job" not found C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default\extensions\{E42AC5EF-EAFC-E69C-365F-EF5AF17A5D4D} deleted C:\Windows\syswow64\appdata deleted C:\found.000 deleted C:\PROGRA~3\Package Cache deleted C:\Users\Server\AppData\LocalLow\DataMngr deleted C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job deleted C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job deleted C:\windows\SysNative\tasks\Wise Disk Cleaner Schedule Task deleted C:\windows\SysNative\tasks\Wise Registry Cleaner Schedule Task deleted C:\user.js deleted "C:\Windows\tasks\BetterMarkIt_wd.job" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 1961 MB CPU Info: Intel(R) Pentium(R) CPU G620 @ 2.60GHz CPU Speed: 2584,7 MHz Sound Card: Luidsprekers (Conexant HD Audio | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver | LogMeIn Mirror Driver Monitors: 1x; Dell IN1930 (Analog) | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (D: | E: | ) D: PLDS DVD+-RW DH-16ABS | E: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 284,9GB | Q: 0,0MB Hard Disks - Free: C: 213,6GB | Q: 0,0MB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 07/27/11 | DELL - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Dell Inc. 0GDG8Y Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: BullGuard Antivirus On-access scanning disabled (Outdated) Anti-Spyware: BullGuard Antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 29.0.1 Internet Explorer Version: 11.0.9600.17126 Mozilla Firefox version: 29.0.1 (x86 nl) Adobe Reader version: 10.1.10.18 Sun Java version: 1.6.0_27 (64-bit) Flash Player version: 13.0.0.214 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Server\AppData\Local\Temp ==== 2014-06-12 23:21:09 FE447D1CD38CECAC2331FA932078D9A0 271360 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\SmiProvider.dll 2014-06-12 23:21:09 FC00A05639494779002682A9B965EF9C 471040 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\WimProvider.dll 2014-06-12 23:21:09 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\OSProvider.dll 2014-06-12 23:21:09 BBB9E4FA2561F6A6E5CCF25DA069AC1B 313344 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\IntlProvider.dll 2014-06-12 23:21:09 8D3855B133E21143E8B4BFADB9FB14A3 302080 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\UnattendProvider.dll 2014-06-12 23:21:09 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\wdscore.dll 2014-06-12 23:21:09 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\TransmogProvider.dll 2014-06-12 23:21:09 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\MsiProvider.dll 2014-06-12 23:21:08 FC2DB5842190C6E78A40CD7DA483B27C 435712 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DmiProvider.dll 2014-06-12 23:21:08 F2B0771A7CD27F20689E0AB787B7EB7C 289792 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DismCore.dll 2014-06-12 23:21:08 EFCB002ABC3529D71B61E6FB6434566C 762368 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\CbsProvider.dll 2014-06-12 23:21:08 C9D74156913061BE6C51D8FC3ACF8E93 53760 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\FolderProvider.dll 2014-06-12 23:21:08 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DismHost.exe 2014-06-12 23:21:08 8CA117CB9338C0351236939717CB7084 186368 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DismProv.dll 2014-06-12 23:21:08 6A4BD682396F29FD7DF5AB389509B950 183296 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\CompatProvider.dll 2014-06-12 23:21:08 5488E381238FF19687FDD7AB2F44CFCC 111616 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DismCorePS.dll 2014-06-06 14:44:04 CB0B584941275EBD77E97556E6A3B350 6093296 ----a-w- C:\Users\Server\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-06-11 07:08:42 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2014-06-11 07:08:42 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-06-11 07:08:42 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 07:08:42 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 07:08:40 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2014-06-11 07:08:39 BB9BADED14F0963498855AC28446CED5 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 07:08:39 7E27FB6AB8976897A530FB30F5FF7691 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 07:08:39 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 07:08:38 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-06-11 07:08:38 C1F5812F355D0C9495C1B2E7165DA2AF 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 07:08:38 8DF06ACA017949D37C38B6A0EF747D4E 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 07:08:38 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-06-11 07:08:38 017B99D09904DCA35D5F66AD79084B5F 368128 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 07:08:37 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-06-11 07:08:37 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 07:08:37 9EAAB4305536829D6B7D9C3A47E92861 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-06-11 07:08:36 E0EA58834CD19FDFCD1BC37B22E1D3D8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 07:08:36 D36574C287D0764C95AC777DFF367715 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-06-11 07:08:36 814E0D53EF020BD93097F26B53B573F0 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-06-11 07:08:36 688227D38A6FF6403B293D0C50B454B9 11725312 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-06-11 07:08:36 5B5815477A53ED92B89955FFE7EDCB2E 242688 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 07:08:35 4D3074AA172DCFD5D56BE764B671085A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 07:08:34 EB960643DC62832C88272573204B6DBA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-06-11 07:08:34 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 07:08:34 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-06-11 07:08:34 771CDBC3D62437D6DB070820BB1EDCCF 1790976 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-06-11 07:08:34 22D7FFA4B94916F18EB1F1D107B86839 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 07:08:34 0AC4E3C93D49E37D5B008ED99092115C 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 07:08:34 09771ABC896D2A88370F3AB8BADC242E 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-06-03 13:14:18 A49CBE1479B4D62BB89204FD91405B7C 140280 ----a-w- C:\Windows\SysWOW64\BgGamingMonitor.dll 2014-06-03 13:14:10 4B50B96AA888537B1806C37D4EF88CC7 63312 ----a-w- C:\Windows\SysWOW64\BGLsp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-15 08:04:53 DB466DCD8F31B08FA946C054706E6769 544 ----a-w- C:\Windows\Sysnative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2014-06-11 07:08:42 ECA6AC33BD9E441F7B47D173D715D268 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-06-11 07:08:42 3408DD8081DC22858AE2E6ABD2594C02 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2014-06-11 07:08:42 0E3A7EC2B9590EA7767BBB1823630DEA 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2014-06-11 07:08:42 0465A8CFDDB4FFDB569802A70B9443D5 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-06-11 07:08:41 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 801280 ----a-w- C:\Windows\Sysnative\usp10.dll 2014-06-11 07:08:38 DA7AAB5D4E5F7160E906C0D2EB9A2B9F 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-06-11 07:08:38 3ED5C9055F7A635399FC12892F565287 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-06-11 07:08:37 D5C446B14DC667B7B9FBB30EA1701D92 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-06-11 07:08:37 3A1AB9DE852F2BC1ECE6403BDD01B9F0 1398272 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-06-11 07:08:36 DFD834E89B819B5ECE8E251C56B5A3CE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-06-11 07:08:36 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-06-11 07:08:36 867DD52B23D3B0390B88F3D7AD1E600C 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-06-11 07:08:36 12BA419E27DBC5DBF9262C8A885FA361 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-06-11 07:08:35 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-06-11 07:08:35 B34D3F303769E65CE7EFBD4E6FB62B25 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-06-11 07:08:35 3FC3828E8820D1C93DBFBAD4BE456D85 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-06-11 07:08:35 063EF4239479F52DAF9F4849B0B304F1 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-06-11 07:08:34 CE6109C73C3A04CC2B8C6110B0F0FEF9 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-06-11 07:08:34 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-06-11 07:08:33 CB8A91074AE1B5051E240B50A328DCF5 295424 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-06-11 07:08:33 B2C037F50A02D6C057B1E0791BBF41A5 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-06-11 07:08:33 2DBB9127794BC30BC31D26FA088F8BAB 13522944 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-06-11 07:08:32 CC603EF96BA456D4BCD9FF849ED07A2A 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-06-11 07:08:32 AB3FA3D9B1F1D0571CBC43D1487CCD6F 5782528 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-06-11 07:08:32 A4A58E3171C03A1145D1C3EC488D1B4F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-06-11 07:08:32 9013D5BBE1B6D3A060F54B4B5BB2C3A3 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-06-11 07:08:32 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-06-11 07:08:32 6B9925F498D4E91FB57576CC3776D428 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-06-11 07:08:32 2F474D40626B0C694400589F3FBB9AA9 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-06-11 07:08:31 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-06-11 07:08:31 8E3C6008250A904C06943BCEA585E344 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-06-11 07:08:31 40BFD9D6EC8E174145F012246CA73CCD 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-06-11 07:08:30 56803B20D168C1B740D12CE0BE4588F5 23414784 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-06-03 13:14:18 359C237E7292DB782450AB633B58AC38 153712 ----a-w- C:\Windows\Sysnative\BgGamingMonitor.dll 2014-06-03 13:14:10 270FAEC4C50373C7E75B0F58C9FBDBAA 76624 ----a-w- C:\Windows\Sysnative\BGLsp.dll ====== C:\Windows\Sysnative\drivers ===== 2014-06-11 07:08:41 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-11 07:08:41 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-05-30 07:48:49 33F90B202E9DD9B7D489EB59310FDC34 283064 ----a-w- C:\Windows\Sysnative\drivers\dtsoftbus01.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-12 22:22:37 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-06-15 15:46:47 -------- d-----w- C:\PROGRA~2\VS Revo Group 2014-05-30 07:48:42 -------- d-----w- C:\PROGRA~2\DAEMON Tools Lite 2014-05-21 09:27:55 -------- d-----w- C:\PROGRA~2\DriverToolkit 2014-05-18 10:09:06 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-05-18 10:09:06 -------- d-----r- C:\PROGRA~2\Skype ======= C: ===== ====== C:\Users\Server\AppData\Roaming ====== 2014-06-15 15:46:47 -------- d-----w- C:\Users\Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2014-05-30 07:48:46 -------- d-----w- C:\Users\Server\AppData\Roaming\DAEMON Tools Lite 2014-05-18 10:09:44 -------- d-----w- C:\Users\Server\AppData\Local\Skype 2014-05-18 10:09:26 -------- d-----w- C:\Users\Server\AppData\Roaming\Skype ====== C:\Users\Server ====== 2014-06-15 14:49:03 055E76B456E09A8ED8D8C94F9B7B63FB 6246272 ----a-w- C:\Users\Server\Downloads\TeamViewer_Setup_nl-ckq.exe 2014-06-12 22:03:35 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Server\Desktop\RSITx64.exe 2014-05-30 07:48:01 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2014-05-18 10:09:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-18 10:08:59 -------- d-----w- C:\ProgramData\Skype ====== C: exe-files == 2014-06-15 15:46:49 C91D2962373AE6B473C61C1F4B3596BD 87544 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe 2014-06-15 14:49:03 055E76B456E09A8ED8D8C94F9B7B63FB 6246272 ----a-w- C:\Users\Server\Downloads\TeamViewer_Setup_nl-ckq.exe 2014-06-14 08:44:08 0B1934DFF4F21EE9E64977C2FEC6D0DE 1091912 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\Installer\setup.exe 2014-06-14 08:44:05 658568F65908BF1FE9A8688F748A7690 1934664 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\nacl64.exe 2014-06-14 08:44:04 4C5CC8327B4BCD462093C894AE1F0A13 1879368 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\delegate_execute.exe 2014-06-14 08:41:27 DF61864BA778845C6E725F7BF1EAEB0E 2675280 ----a-w- C:\Users\Server\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.153\35.0.1916.153_35.0.1916.114_chrome_updater.exe 2014-06-12 23:21:08 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\Server\AppData\Local\Temp\C05D7515-EEB0-4E5A-9A40-BC5E1248CBF5\DismHost.exe 2014-06-12 22:22:38 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Server.exe 2014-06-12 22:03:35 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Server\Desktop\RSITx64.exe 2014-06-11 07:08:38 4F2AA3E7BD7257E4937E071E3700819E 810200 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-06-11 07:08:38 4AFAE8BAF6E85311AD78395C47351A1D 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-06-11 07:08:37 60F88F6CA6303E8273AF7AAA9AAFECAC 812248 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-06-11 07:08:37 50989AAF09CDCEBC0FD8EB0FE79C2A98 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-06-11 07:08:37 4076E62E061769E42186AE860007FA08 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-06-11 07:08:36 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-06-11 07:08:35 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-06-11 07:08:35 159C5979C61F51EEFC84D9AB17C4E0E7 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-06-11 07:08:34 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 07:08:32 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-11 07:08:31 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe === C: other files == 2014-06-14 08:43:57 D2F6A1B11344D9AC7BCFB75900D4ADE1 23668 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\default_apps\youtube.crx 2014-06-14 08:43:57 8AD223868AB9974F7746D0227730A0CC 26392 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\default_apps\search.crx 2014-06-14 08:43:57 71E1283B8440F6264CEC99DF9AD81F5B 25561 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\default_apps\drive.crx 2014-06-14 08:43:57 2E2E328E5BF6BE61203164B3E9EA8094 24040 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\default_apps\gmail.crx 2014-06-14 08:43:57 2C71C49F991095A1848624907BACBB08 4578 ----a-w- C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\35.0.1916.153\default_apps\docs.crx 2014-06-11 07:08:41 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-11 07:08:41 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1237671266-3049961377-1512096436-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Server\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Server\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Google Update"="C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe /c" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Server\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Server\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Google Update"="C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe /c" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Server\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IsaKbcCertUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IsaKbcCertUpdate" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Isabel\\isa_kbc_certupdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn GUI] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn GUI" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn\\x64\\LogMeInSystray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeScanNT Monitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OfficeScanNT Monitor" "hkey"="HKLM" "command"="\"c:\\Program Files (x86)\\Trend Micro\\Client Server Security Agent\\pccntmon.exe\" -HideWindow" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMIMaint] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LogMeIn] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ntrtscan] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\svcGenericHost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TMBMServer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\tmlisten] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TmPfw] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TmProxy] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/07/2012 14:12] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/07/2012 14:12] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237671266-3049961377-1512096436-1000Core.job --a------ C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe [09/01/2012 12:25] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237671266-3049961377-1512096436-1000UA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1237671266-3049961377-1512096436-1000Core" [C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1237671266-3049961377-1512096436-1000UA" [C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard" [01/05/2014 13:57] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\vhejjthb.default A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash 785105A23650755A8F7A72405EB0D923 - C:\Users\Server\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46] YouTube - Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Gmail - Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{49606DC7-976D-4030-A74E-9FB5C842FA68}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {49606DC7-976D-4030-A74E-9FB5C842FA68} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1237671266-3049961377-1512096436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Server\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Server\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Server\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://cbc-pdf.cbc.be (HKLM) O15 - Trusted Zone: http://static.cbc.be (HKLM) O15 - Trusted Zone: http://www.isabel.be (HKLM) O15 - Trusted Zone: http://upgrade.isabel.eu (HKLM) O15 - Trusted Zone: http://www.isabel.eu (HKLM) O15 - Trusted Zone: http://kbc-pdf.kbc.be (HKLM) O15 - Trusted Zone: http://static.kbc.be (HKLM) O15 - Trusted Zone: http://www.kbcam.be (HKLM) O15 - Trusted Zone: http://www.kbcam.com (HKLM) O15 - Trusted Zone: http://www.kbcbankingforbusiness.com (HKLM) O15 - Trusted Zone: http://www.kbcmerchantbanking.com (HKLM) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Server\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Server\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Server\AppData\Local\Mozilla\Firefox\Profiles\vhejjthb.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=134 folders=37 30682734 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Server\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Server\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 15/06/2014 at 22:44:29,61 ======================