Zoek.exe v5.0.0.0 Updated 23-08-2014 Tool run by Christian on za 23-08-2014 at 15:18:46,65. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Christian\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23-8-2014 15:20:51 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\COMMON~1\Intel deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Christian\AppData\Local\PackageStaging deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WindowsApps\Microsoft.Studios.PinballFx2_1.6.0.594_x86__8wekyb3d8bbwe\PinballFX2.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Users\Christian\Downloads\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\Enigma Software Group deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Christian\Searches deleted C:\windows\SysNative\config\systemprofile\Searches deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted "C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted ==== Folders Found In C:\Program Files (x86)\SABnzbd ====================== 2014-08-02 18:03:33 d-----w- C:\Program Files (x86)\SABnzbd\email 2014-08-02 18:03:33 d-----w- C:\Program Files (x86)\SABnzbd\icons 2014-08-02 18:03:33 d-----w- C:\Program Files (x86)\SABnzbd\interfaces 2014-08-02 18:03:39 d-----w- C:\Program Files (x86)\SABnzbd\lib 2014-08-02 18:03:41 d-----w- C:\Program Files (x86)\SABnzbd\licenses 2014-08-02 18:03:41 d-----w- C:\Program Files (x86)\SABnzbd\locale 2014-08-02 18:03:41 d-----w- C:\Program Files (x86)\SABnzbd\win ==== Files Found In C:\Program Files (x86)\SABnzbd ====================== 2014-08-02 18:03:33 103936 ----a-w- F03E4342FB686458831F94950A0CDFA2 C:\Program Files (x86)\SABnzbd\SABnzbd-console.exe 2014-08-02 18:03:33 104448 ----a-w- AEE6D375FD423C8E37A8B9AC3D964F7F C:\Program Files (x86)\SABnzbd\SABnzbd.exe 2014-08-02 18:03:33 1578 ----a-w- 47A0906072189C60786BB8824F764AEC C:\Program Files (x86)\SABnzbd\COPYRIGHT.txt 2014-08-02 18:03:33 18330 ----a-w- 57000061EEBCE6229A933E4E9FFA5D94 C:\Program Files (x86)\SABnzbd\GPL2.txt 2014-08-02 18:03:33 2117632 ----a-w- DCFABB480EDCBA6E043FC603BBA2B276 C:\Program Files (x86)\SABnzbd\python25.dll 2014-08-02 18:03:33 2144 ----a-w- 7C462E1BFA4BF0BF4869DC51C28229A6 C:\Program Files (x86)\SABnzbd\ABOUT.txt 2014-08-02 18:03:33 22016 ----a-w- 0154C9E4443A0D78B44FE21EB12A87C2 C:\Program Files (x86)\SABnzbd\SABnzbd-helper.exe 2014-08-02 18:03:33 22016 ----a-w- A23A7578D2C41FD3BA623C55F9FF36D1 C:\Program Files (x86)\SABnzbd\SABnzbd-service.exe 2014-08-02 18:03:33 28064 ----a-w- 00E653721EBF85EB988B4D7262F8E1D6 C:\Program Files (x86)\SABnzbd\nzb.ico 2014-08-02 18:03:33 29066 ----a-w- 9254276074F196D0FE355457F37BD1EF C:\Program Files (x86)\SABnzbd\CHANGELOG.txt 2014-08-02 18:03:33 2988 ----a-w- 9EDD9A2F83213DD3E2CA3342F77EF098 C:\Program Files (x86)\SABnzbd\README.txt 2014-08-02 18:03:33 348160 ----a-w- 86F1895AE8C5E8B17D99ECE768A70732 C:\Program Files (x86)\SABnzbd\MSVCR71.dll 2014-08-02 18:03:33 35821 ----a-w- 3C34AFDC3ADF82D2448F12715A255122 C:\Program Files (x86)\SABnzbd\GPL3.txt 2014-08-02 18:03:33 4552 ----a-w- 7DD5C3BDF4DB4D7E1C8198AD524215D0 C:\Program Files (x86)\SABnzbd\ISSUES.txt 2014-08-02 18:03:33 4608 ----a-w- 58ADAECD3CEC499279780F01AB27956A C:\Program Files (x86)\SABnzbd\w9xpopen.exe 2014-08-02 18:03:33 481 ----a-w- 063AED9900C170EDFF96DCF81B082BB6 C:\Program Files (x86)\SABnzbd\Sample-PostProc.cmd 2014-08-02 18:03:33 5973 ----a-w- C6AD4196F4681345CDF38AB0AD659CBC C:\Program Files (x86)\SABnzbd\INSTALL.txt 2014-08-02 18:03:41 92863 ----a-w- B2B65B1C573798086AD99D4AC7E42EC1 C:\Program Files (x86)\SABnzbd\Uninstall.exe ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8145 MB CPU Info: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz CPU Speed: 3558,2 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce GTX 745 | NVIDIA GeForce GTX 745 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (F: | ) F: TSSTcorpCDDVDW SH-216DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 869,8GB | D: 60,0GB Hard Disks - Free: C: 814,6GB | D: 43,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDION H81H3-EM2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: McAfee Firewall disabled Default Browser: Firefox 31.0 Internet Explorer Version: 11.0.9600.17239 Mozilla Firefox version: 31.0 (x86 nl) Sun Java version: 1.8.0_11 (64-bit) Flash Player version: 14.0.0.179 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== 2014-08-22 14:04:32 D02D8CF8D139B667263354F6361F50E5 1133723756 ----a-w- C:\windows\MEMORY.DMP ====== C:\Users\CHRIST~1\AppData\Local\Temp ==== 2014-08-22 11:09:49 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\Christian\AppData\Local\Temp\SDIAG_3e1a8ab4-28eb-41b7-975c-d61b14efca6d\NetworkDiagnosticSnapIn.dll 2014-08-20 11:09:28 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\Christian\AppData\Local\Temp\ESGScanner.sys 2014-08-20 11:08:23 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\Christian\AppData\Local\Temp\SHSetup.exe ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2014-08-14 12:04:46 444EB30B1610A35FC99D62A91B2BCAA7 69632 ----a-w- C:\windows\SysWOW64\mshtmled.dll 2014-08-14 12:04:46 24FA5F74D3B4BA62539DF87285BA934E 597504 ----a-w- C:\windows\SysWOW64\jscript9diag.dll 2014-08-14 12:04:45 FF4A917DD7C387BD2715A5F67307FED1 2184704 ----a-w- C:\windows\SysWOW64\iertutil.dll 2014-08-14 12:04:45 E9B28B60C0272E2E1E462E6FB38E6B55 367104 ----a-w- C:\windows\SysWOW64\dxtmsft.dll 2014-08-14 12:04:45 E70C00791A18866BB23B3A652E3390A0 2001920 ----a-w- C:\windows\SysWOW64\inetcpl.cpl 2014-08-14 12:04:45 90FF511B751A0327D07C4073760F1578 11772928 ----a-w- C:\windows\SysWOW64\ieframe.dll 2014-08-14 12:04:45 8453DDF167CE2986AA4AB04BC6824925 17524224 ----a-w- C:\windows\SysWOW64\mshtml.dll 2014-08-14 12:04:45 6D017C0E499443ACDE3D9B5DCD753F32 1169920 ----a-w- C:\windows\SysWOW64\urlmon.dll 2014-08-14 12:04:45 239575F9EA0D227516843EEE8B7342CA 239616 ----a-w- C:\windows\SysWOW64\dxtrans.dll 2014-08-14 12:04:45 1A05CFA45B6AEBFCCC835DCF68CBD1D0 526336 ----a-w- C:\windows\SysWOW64\msfeeds.dll 2014-08-14 12:04:44 BF576E866F0C70F0A6C7CA5BF28EC89A 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb 2014-08-14 12:04:44 7C1BFC2ABE297BCA1A7BA77A8292C088 4204032 ----a-w- C:\windows\SysWOW64\jscript9.dll 2014-08-14 12:04:44 18A3154606E3F8945956948A4E708007 704512 ----a-w- C:\windows\SysWOW64\ieapfltr.dll 2014-08-14 12:04:42 FEE3E022B00A5165ED645E38C1E6C776 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 12:04:42 B945BAA81B4805AD6BDDF4D026DCFB47 1792512 ----a-w- C:\windows\SysWOW64\wininet.dll 2014-08-14 12:04:42 030041C8800A1781134B6EC3E3EF3F9C 291840 ----a-w- C:\windows\SysWOW64\iedkcs32.dll 2014-08-14 12:04:41 9D16B568E318F49535AD72539C9997C2 455168 ----a-w- C:\windows\SysWOW64\vbscript.dll 2014-08-14 12:04:41 272420427EB96EA052C719AA796C09F2 61952 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll 2014-08-14 12:04:39 2C01D8EA2B0FA834597FCD96AAAE4F52 406400 ----a-w- C:\windows\SysWOW64\dxgi.dll 2014-08-14 12:04:39 128EC9879D462F89829E663417FE5DBD 710144 ----a-w- C:\windows\SysWOW64\rpcrt4.dll 2014-08-14 12:04:11 38045850ACB96313A1983A8803302906 35480 ----a-w- C:\windows\SysWOW64\TsWpfWrp.exe 2014-08-14 12:04:07 DB3ED0BA26D7C598481A23E7D06A370E 2344448 ----a-w- C:\windows\SysWOW64\Wpc.dll 2014-08-14 12:04:02 949E0E42DAAD0418513B44C31A697CA5 1797896 ----a-w- C:\windows\SysWOW64\d3d9.dll 2014-08-14 12:04:02 5BD2BD14753D3B0ADDE842CDF25A4C60 2144984 ----a-w- C:\windows\SysWOW64\mfcore.dll 2014-08-14 12:04:01 E65B5352AD0743F1F59BDA9466719EFE 265216 ----a-w- C:\windows\SysWOW64\SkyDriveShell.dll 2014-08-14 12:04:01 E28501E3A241DDC5DC65382E55661B1D 285696 ----a-w- C:\windows\SysWOW64\dhcpcore.dll 2014-08-14 12:04:01 1E14463F10B324B02EB2DA7415345D15 1473080 ----a-w- C:\windows\SysWOW64\ntdll.dll 2014-08-14 12:04:00 EA15CC7B75A2DE287E3B0C266A35490C 235008 ----a-w- C:\windows\SysWOW64\framedynos.dll 2014-08-14 12:04:00 E4783EB6A6B2D04F3B541B378E843617 229888 ----a-w- C:\windows\SysWOW64\dhcpcore6.dll 2014-08-14 12:03:59 BEA7A26C2C22381B6DD88758352B9D9B 62976 ----a-w- C:\windows\SysWOW64\dhcpcsvc.dll 2014-08-14 12:03:59 BA6E52B0D82682EDE4B49D9CCC7D529B 207360 ----a-w- C:\windows\SysWOW64\framedyn.dll 2014-08-14 12:03:59 A750BB0258ECF6265A903905A0B14EB3 198656 ----a-w- C:\windows\SysWOW64\WebClnt.dll 2014-08-14 12:03:59 855D508F0053CEDC3BBAF2CB245A674A 1035264 ----a-w- C:\windows\SysWOW64\actxprxy.dll 2014-08-14 12:03:59 57E0A896C38C41C8B5B7F3127F8FD0D9 56320 ----a-w- C:\windows\SysWOW64\dhcpcsvc6.dll 2014-08-14 12:03:59 4E07710A2C9EA43E7509BF7D0452430E 106496 ----a-w- C:\windows\SysWOW64\Robocopy.exe 2014-08-14 12:03:59 0CCDFED2DFCD4FBA73EE989249379458 52736 ----a-w- C:\windows\SysWOW64\ncobjapi.dll 2014-08-14 12:03:58 191B7F25BE13D9F9E56B2B4EA595AC62 11776 ----a-w- C:\windows\SysWOW64\d3d8thk.dll 2014-08-14 12:03:50 FBE8AE41ED2A9FE4C2DE069C522CA9C0 12711424 ----a-w- C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-08-14 12:03:49 854E970293BA92F9BB69FFD1CE051D9C 189016 ----a-w- C:\windows\SysWOW64\rsaenh.dll 2014-08-14 12:03:49 684CF6A72A8DF7D66D262AC4A6E07845 270848 ----a-w- C:\windows\SysWOW64\DaOtpCredentialProvider.dll 2014-08-14 12:03:41 DBC4D46A7DDC14D1D1ED4B613F9E41A4 1064448 ----a-w- C:\windows\SysWOW64\gdi32.dll 2014-08-14 12:03:41 86DB4BA87BAF3D467D04821602E586A9 3304448 ----a-w- C:\windows\SysWOW64\msi.dll 2014-08-14 12:03:41 16CDD058883E38FB43D582FB080F721A 2318336 ----a-w- C:\windows\SysWOW64\authui.dll 2014-08-14 12:03:40 F8D0951A75826AD557CFAC323A936AA6 281088 ----a-w- C:\windows\SysWOW64\msihnd.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2014-08-14 12:04:45 FE7D99399F7761AA2695A7B1AD30DAAF 1431040 ----a-w- C:\windows\Sysnative\urlmon.dll 2014-08-14 12:04:45 F00D0AE7648CA45C6434E2885485BE0B 452096 ----a-w- C:\windows\Sysnative\dxtmsft.dll 2014-08-14 12:04:45 C56EF94A5E1C20BF4B8AA6698642886F 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb 2014-08-14 12:04:45 1FD1F16C35946BA28FDEB40F18B7729D 631808 ----a-w- C:\windows\Sysnative\msfeeds.dll 2014-08-14 12:04:44 DB382D89D8004F40BD2C55BAE6A15B30 2774528 ----a-w- C:\windows\Sysnative\iertutil.dll 2014-08-14 12:04:44 39A85C005BCDEEF4092646EBBC2526AA 2087936 ----a-w- C:\windows\Sysnative\inetcpl.cpl 2014-08-14 12:04:43 BAC44396088ECC1C9021ED3E3345337C 846336 ----a-w- C:\windows\Sysnative\ieapfltr.dll 2014-08-14 12:04:43 920F690FC7424DE71888AA2E46E917EA 758272 ----a-w- C:\windows\Sysnative\jscript9diag.dll 2014-08-14 12:04:43 472C409F9B0FF67C1015F511C73E1889 5824512 ----a-w- C:\windows\Sysnative\jscript9.dll 2014-08-14 12:04:43 2639E152D246F2A651F09764807CA153 85504 ----a-w- C:\windows\Sysnative\mshtmled.dll 2014-08-14 12:04:43 1DE8B71A1C7D8943034188556AF50B07 292864 ----a-w- C:\windows\Sysnative\dxtrans.dll 2014-08-14 12:04:43 1B26610C1659EF54ED000233FB96F20C 13547008 ----a-w- C:\windows\Sysnative\ieframe.dll 2014-08-14 12:04:42 ECA387DCD57F683C52171C766CF400F0 23645696 ----a-w- C:\windows\Sysnative\mshtml.dll 2014-08-14 12:04:42 8E71A5CB5312B8392D4DA4CA37BB5868 2266624 ----a-w- C:\windows\Sysnative\wininet.dll 2014-08-14 12:04:42 52D2151908C2A6388B6561A373488F6F 692736 ----a-w- C:\windows\Sysnative\ie4uinit.exe 2014-08-14 12:04:42 38D14F3D0A289050CA9BF8E98F37313F 333312 ----a-w- C:\windows\Sysnative\iedkcs32.dll 2014-08-14 12:04:42 19FA60D3AE1804A559306DE931A5B415 72704 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll 2014-08-14 12:04:41 C02C78DE9BB4E68F6C78B1588ADD6ADC 83968 ----a-w- C:\windows\Sysnative\MshtmlDac.dll 2014-08-14 12:04:41 6ED6DA2A04F8F0C9BDAD647284BAEFB6 548352 ----a-w- C:\windows\Sysnative\vbscript.dll 2014-08-14 12:04:39 59EAFAE3A34B4925990A2E679CA91C5B 517528 ----a-w- C:\windows\Sysnative\dxgi.dll 2014-08-14 12:04:39 454978FB3D24DE5C4199162D5F81FBEE 2133504 ----a-w- C:\windows\Sysnative\dwmcore.dll 2014-08-14 12:04:39 1BB9CC78C91536CBA7B04B61ED0F85C4 1273184 ----a-w- C:\windows\Sysnative\rpcrt4.dll 2014-08-14 12:04:11 6DBE73C09215E281F4283641144110A5 35480 ----a-w- C:\windows\Sysnative\TsWpfWrp.exe 2014-08-14 12:04:07 E7DE316FEEFC79327CFAD8F527979CC0 3118080 ----a-w- C:\windows\Sysnative\Wpc.dll 2014-08-14 12:04:07 E2F4125BFAC99244088324A1841C0B83 3048880 ----a-w- C:\windows\Sysnative\WpcMon.exe 2014-08-14 12:04:07 6BC31FB4E24A962C98801D3687A984C0 2861056 ----a-w- C:\windows\Sysnative\WpcWebSync.dll 2014-08-14 12:04:06 BCCFB97B1B68DD18F2BDACFE37409386 716800 ----a-w- C:\windows\Sysnative\SkyDriveTelemetry.dll 2014-08-14 12:04:06 11FD8DDAB6014EECCE88F1F581604C30 1120256 ----a-w- C:\windows\Sysnative\SkyDrive.exe 2014-08-14 12:04:06 04142EC4BDD7F502922914F65A5EE1D1 4756992 ----a-w- C:\windows\Sysnative\SyncEngine.dll 2014-08-14 12:04:02 EA432A85ABF371E14FB364D5F4405897 403968 ----a-w- C:\windows\Sysnative\vpnike.dll 2014-08-14 12:04:02 C1E44A99F7CF8C3A08CD5ADDF451636C 2125344 ----a-w- C:\windows\Sysnative\d3d9.dll 2014-08-14 12:04:02 B6E947CE54A5AAD55484E0D3BC2D5948 1025536 ----a-w- C:\windows\Sysnative\localspl.dll 2014-08-14 12:04:02 98D0985521BF8F7086EA9C860898A1EE 721408 ----a-w- C:\windows\Sysnative\fveapi.dll 2014-08-14 12:04:02 0CD0356C5BBCFDC1B7BCEEDE74AB348B 2140888 ----a-w- C:\windows\Sysnative\mfcore.dll 2014-08-14 12:04:02 05DE04005CE0D84D0E6AD21CAEB369C6 353280 ----a-w- C:\windows\Sysnative\dhcpcore.dll 2014-08-14 12:04:01 D71845D255EA3FDC96A2DED98EE4C7D9 2844160 ----a-w- C:\windows\Sysnative\actxprxy.dll 2014-08-14 12:04:01 CED9FA1ECCF3E6B7028940FE22C69B40 1726224 ----a-w- C:\windows\Sysnative\ntdll.dll 2014-08-14 12:04:01 6B374D279DC423FE69DB8DD1401E84FC 301056 ----a-w- C:\windows\Sysnative\framedynos.dll 2014-08-14 12:04:01 61FE99A86352AD6E27FA480CDC8B225A 285696 ----a-w- C:\windows\Sysnative\SkyDriveShell.dll 2014-08-14 12:04:00 E07C80468D0C599BFF01D9D4EC7AEDC3 339456 ----a-w- C:\windows\Sysnative\bdesvc.dll 2014-08-14 12:04:00 20FB137ADDE1255F15F265A7BD9579BE 827392 ----a-w- C:\windows\Sysnative\BFE.DLL 2014-08-14 12:04:00 1824052F17B12B5D7B21445B869EE9F2 71168 ----a-w- C:\windows\Sysnative\ncobjapi.dll 2014-08-14 12:04:00 10AC9494ECE22A2362E4E4D98C528D01 271872 ----a-w- C:\windows\Sysnative\dhcpcore6.dll 2014-08-14 12:03:59 FBB1841434072FFA76E4AD287448E34A 262656 ----a-w- C:\windows\Sysnative\framedyn.dll 2014-08-14 12:03:59 DEA76F90F9777E3427D70E380222B23B 1063424 ----a-w- C:\windows\Sysnative\IKEEXT.DLL 2014-08-14 12:03:59 D3883FBCA97D10C8A39632D6CDDC6E85 65024 ----a-w- C:\windows\Sysnative\dhcpcsvc6.dll 2014-08-14 12:03:59 D261A12A43D33122CB90E70D3BC1CC68 226816 ----a-w- C:\windows\Sysnative\WebClnt.dll 2014-08-14 12:03:59 CFD6DBED27511D7A5FBE33AFA7E6B669 76800 ----a-w- C:\windows\Sysnative\BulkOperationHost.exe 2014-08-14 12:03:59 7E1EBDB3424337ABB553F249A7811D94 87552 ----a-w- C:\windows\Sysnative\dhcpcsvc.dll 2014-08-14 12:03:59 6CDCCD5323EEB8EBD66E02CB8C9C703F 118272 ----a-w- C:\windows\Sysnative\winbici.dll 2014-08-14 12:03:59 3A2F218FE379B984E3C2EEDC6BB04ADF 233912 ----a-w- C:\windows\Sysnative\mfps.dll 2014-08-14 12:03:59 2616E8E9C8B66A67CFB6197E9517A2F2 123392 ----a-w- C:\windows\Sysnative\Robocopy.exe 2014-08-14 12:03:58 B7CC32E00C5C5152D221DF182827F58E 50745 ----a-w- C:\windows\Sysnative\srms.dat 2014-08-14 12:03:58 71BAEAFD05B3040173F5BBEA2CFE9607 997888 ----a-w- C:\windows\Sysnative\reseteng.dll 2014-08-14 12:03:52 C27B20D9AA9BE41CCBFD512AABB0E6C3 697856 ----a-w- C:\windows\Sysnative\aepdu.dll 2014-08-14 12:03:52 2D347489E43FAD4E51FDB51BEEBF13F4 527360 ----a-w- C:\windows\Sysnative\aeinv.dll 2014-08-14 12:03:50 50A49F3F16EF82E30BFB11E6B6A8F4A6 16871936 ----a-w- C:\windows\Sysnative\Windows.UI.Xaml.dll 2014-08-14 12:03:49 B312E157D20E727F30EAB3A250441B6F 284672 ----a-w- C:\windows\Sysnative\WUDFHost.exe 2014-08-14 12:03:49 9CDC2059A23E3C9B57696178508777E7 99840 ----a-w- C:\windows\Sysnative\WUDFSvc.dll 2014-08-14 12:03:49 42D257559F97B30A94A027EB4555C62F 323584 ----a-w- C:\windows\Sysnative\DaOtpCredentialProvider.dll 2014-08-14 12:03:49 313117AE2B0986ED7D3AA6AE10603239 216368 ----a-w- C:\windows\Sysnative\rsaenh.dll 2014-08-14 12:03:49 1A54E3DF2CBB8DBE8A17C87BB07E3A7E 209408 ----a-w- C:\windows\Sysnative\WUDFPlatform.dll 2014-08-14 12:03:49 08DCA300264238F9AE941302321F3D54 423768 ----a-w- C:\windows\Sysnative\hal.dll 2014-08-14 12:03:43 F381B380B7B2704EA4C0F8D8C49C1C50 623616 ----a-w- C:\windows\Sysnative\MDMAgent.exe 2014-08-14 12:03:42 00AD15C6BA3C337CB68A476C0AD05338 918528 ----a-w- C:\windows\Sysnative\MrmCoreR.dll 2014-08-14 12:03:41 A39C4AB750E0AD4431C7B7F46AB0EBED 4148224 ----a-w- C:\windows\Sysnative\win32k.sys 2014-08-14 12:03:41 87CEF71F9D5951C9379D2F956C07C37D 1336624 ----a-w- C:\windows\Sysnative\gdi32.dll 2014-08-14 12:03:41 68F887EF33C09CDA957A51ECE871D642 2642944 ----a-w- C:\windows\Sysnative\authui.dll 2014-08-14 12:03:41 28E0C3AAA68579ABD9A27B92DFD5F119 2790912 ----a-w- C:\windows\Sysnative\msi.dll 2014-08-14 12:03:41 10D8859CF01C1284603582ABD9B0482C 114520 ----a-w- C:\windows\Sysnative\consent.exe 2014-08-14 12:03:40 08914C8989AB93F5EC3A452D014E2C8D 356352 ----a-w- C:\windows\Sysnative\msihnd.dll 2014-08-11 10:49:08 E670252D36CD6203181A20E285C53A4A 24576 ----a-w- C:\windows\Sysnative\umstartup.etl ====== C:\windows\Sysnative\drivers ===== 2014-08-14 12:04:39 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\windows\Sysnative\drivers\dxgkrnl.sys 2014-08-14 12:04:13 5C42CEE3E2018E1DFC6E3E17240A432A 206848 ----a-w- C:\windows\Sysnative\drivers\mrxsmb20.sys 2014-08-14 12:04:01 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\windows\Sysnative\drivers\mrxsmb.sys 2014-08-14 12:04:00 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\windows\Sysnative\drivers\agilevpn.sys 2014-08-14 12:03:59 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\windows\Sysnative\drivers\vwifimp.sys 2014-08-14 12:03:59 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\windows\Sysnative\drivers\vwififlt.sys 2014-08-14 12:03:49 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\windows\Sysnative\drivers\usbport.sys 2014-08-14 12:03:49 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\windows\Sysnative\drivers\usbd.sys 2014-08-14 12:03:49 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\windows\Sysnative\drivers\WUDFPf.sys 2014-08-14 12:03:49 93435654DCA210298BA0F986EB51C679 419672 -c--a-w- C:\windows\Sysnative\drivers\usbhub.sys 2014-08-14 12:03:49 83C9C45D59C72FEFDAE9A5686BE31FEA 467800 -c--a-w- C:\windows\Sysnative\drivers\USBHUB3.SYS 2014-08-14 12:03:49 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\windows\Sysnative\drivers\WUDFRd.sys 2014-08-14 12:03:49 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\windows\Sysnative\drivers\usbehci.sys 2014-08-14 12:03:49 25AC0B50A71938890970E1508F107196 2518360 ----a-w- C:\windows\Sysnative\drivers\tcpip.sys 2014-08-14 12:03:49 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\windows\Sysnative\drivers\usbuhci.sys 2014-08-01 10:53:07 D18EC2C83C2F773C9476A4FB0AA4C314 295424 ----a-w- C:\windows\Sysnative\drivers\ks.sys 2014-07-30 19:34:47 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-07-30 10:55:03 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\windows\Sysnative\drivers\HipShieldK.sys 2014-07-29 22:49:53 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\windows\Sysnative\drivers\cng.sys 2014-07-29 22:47:45 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\windows\Sysnative\drivers\afd.sys 2014-07-29 22:46:34 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\windows\Sysnative\drivers\wpcfltr.sys 2014-07-29 22:40:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\windows\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf ====== C:\windows\Tasks ====== 2014-07-30 10:24:03 B17E58E770B70EC3BE3AD7861BD9B0E3 3828 ----a-w- C:\windows\Sysnative\Tasks\Adobe Flash Player Updater 2014-07-30 10:24:03 189987DA11A0D9D315C49ECE10BFBA8D 940 ----a-w- C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-30 09:47:21 4BD8DE694BEC8F9027FD51D241E519C3 3568 ----a-w- C:\windows\Sysnative\Tasks\CreateChoiceProcessTask 2014-07-29 22:52:05 A6ECC97A54A6D7F35C803787D083164F 2324 ----a-w- C:\windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3527824352-1243827594-2983982422-500 2014-07-29 22:25:35 8396A422B818487589C4C97B9695BBFC 3994 ----a-w- C:\windows\Sysnative\Tasks\User_Feed_Synchronization-{84ACA3B1-D12E-4E19-A6A1-B49C7EEE0701} 2014-07-29 22:11:55 5B6A10278AA2D4DA0C8A8DD91D6F5293 3600 ----a-w- C:\windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3527824352-1243827594-2983982422-1002 2014-07-29 22:06:57 -------- d-----w- C:\windows\Sysnative\Tasks\WPD ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-08-20 20:12:56 -------- d-----w- C:\Program Files\trend micro 2014-08-02 15:59:18 -------- d-----w- C:\Program Files\NetBeans 8.0 2014-08-02 15:56:50 -------- d-----w- C:\Program Files\Java ======= C:\PROGRA~2 ===== 2014-08-20 19:02:12 -------- d-----w- C:\PROGRA~2\Trend Micro 2014-08-20 11:08:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard 2014-08-02 18:03:33 -------- d-----w- C:\PROGRA~2\SABnzbd 2014-08-02 16:06:10 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-08-01 12:22:57 -------- d-----w- C:\PROGRA~2\Spotnet 2014-07-29 22:27:11 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service ======= C: ===== 2014-08-20 11:09:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Christian\AppData\Roaming ====== 2014-08-20 18:32:37 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Christian\AppData\Local\resmon.resmoncfg 2014-08-20 11:09:26 -------- d-----w- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-08-11 11:05:35 -------- d-----w- C:\Users\Christian\AppData\Local\ElevatedDiagnostics 2014-08-11 11:03:24 -------- d-----w- C:\Users\Christian\AppData\Local\Diagnostics 2014-08-02 18:04:54 -------- d-----w- C:\Users\Christian\AppData\Local\sabnzbd 2014-08-02 18:03:41 -------- d-----w- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd 2014-08-02 16:06:22 -------- d-----w- C:\Users\Christian\AppData\Roaming\NetBeans 2014-08-02 16:06:22 -------- d-----w- C:\Users\Christian\AppData\Local\NetBeans 2014-08-02 16:06:09 -------- d-----w- C:\Users\Christian\AppData\Locallow\Oracle 2014-08-02 15:55:22 -------- d-----w- C:\Users\Christian\AppData\Locallow\Sun 2014-08-01 12:25:20 -------- d-----w- C:\Users\Christian\AppData\Local\Spotnet 2014-08-01 12:22:16 -------- d-----w- C:\Users\Christian\AppData\Roaming\Spotnet 2014-07-30 00:01:49 -------- d-----w- C:\windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2014-07-29 22:40:10 -------- d-s---w- C:\windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2014-07-29 22:27:18 -------- d-----w- C:\Users\Christian\AppData\Roaming\Mozilla 2014-07-29 22:27:18 -------- d-----w- C:\Users\Christian\AppData\Local\Mozilla 2014-07-29 22:26:02 -------- d-sh--w- C:\Users\Christian\AppData\Locallow\EmieUserList 2014-07-29 22:25:51 -------- d-sh--w- C:\Users\Christian\AppData\Local\EmieUserList 2014-07-29 22:25:51 -------- d-sh--w- C:\Users\Christian\AppData\Local\EmieSiteList 2014-07-29 22:25:34 -------- d-sh--w- C:\Users\Christian\AppData\Locallow\EmieSiteList 2014-07-29 22:09:10 -------- d-----w- C:\windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2014-07-29 22:08:20 -------- d-----w- C:\Users\Christian\AppData\Roaming\Intel Corporation 2014-07-29 22:07:20 -------- d-----w- C:\Users\Christian\AppData\Local\Power2Go8 2014-07-29 22:07:15 -------- d-----w- C:\Users\Christian\AppData\Local\NVIDIA 2014-07-29 22:06:19 -------- d-----r- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-07-29 22:06:19 -------- d-----r- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-07-29 22:06:13 -------- d-----w- C:\Users\Christian\AppData\Roaming\Adobe 2014-07-29 22:06:10 -------- d-----w- C:\Users\Christian\AppData\Local\VirtualStore 2014-07-29 22:05:54 -------- d-----w- C:\Users\Christian\AppData\Local\Packages 2014-07-29 22:05:27 -------- d-s---w- C:\Users\Christian\AppData\Locallow\Microsoft 2014-07-29 22:05:26 -------- d-s---w- C:\Users\Christian\AppData\Roaming\Microsoft 2014-07-29 22:05:26 -------- d-----w- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-29 22:05:26 -------- d-----w- C:\Users\Christian\AppData\Local\Temp 2014-07-29 22:05:26 -------- d-----w- C:\Users\Christian\AppData\Local\Microsoft 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-29 22:01:34 -------- d-s---w- C:\windows\SysNative\config\systemprofile\AppData\Locallow\Microsoft ====== C:\Users\Christian ====== 2014-08-20 20:11:33 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Christian\Downloads\RSITx64.exe 2014-08-20 18:55:49 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Christian\Downloads\WIGI.exe 2014-08-20 18:53:59 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Christian\Downloads\WhyIGotInfected.exe 2014-08-20 18:14:38 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Christian\Downloads\SpyHunter-Installer(1).exe 2014-08-20 18:04:37 CCCB8107753BE76F18DA8A77463407CE 868376 ----a-w- C:\Users\Christian\Downloads\mssstool64.exe 2014-08-20 17:45:29 DCF40210AD699F013A2AECFE7F27B101 103312640 ----a-w- C:\Users\Christian\Downloads\mpam-fe(1).exe 2014-08-20 17:45:10 F3AFF3008DA79A3002EBA5D68357A591 16524544 ----a-w- C:\Users\Christian\Downloads\mpam-fe.exe 2014-08-20 11:08:04 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Christian\Downloads\SpyHunter-Installer.exe 2014-08-11 11:16:55 5E92730DC7C60CC7AE2B1CD1CF99C628 29611712 ----a-w- C:\Users\Christian\Downloads\Windows-KB890830-x64-V5.14.exe 2014-08-11 11:16:15 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2014-08-11 11:09:18 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Christian\Downloads\MicrosoftFixit.Performance.FISC.133118613879339.1.1.Run.exe 2014-08-02 16:00:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans 2014-08-02 15:58:27 -------- d-----w- C:\Users\Christian\.nbi 2014-08-02 15:57:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-02 15:57:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-08-01 12:22:57 -------- d-----w- C:\ProgramData\Spotnet 2014-08-01 12:22:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet 2014-07-29 22:59:25 -------- d--h--r- C:\Users\Public\AccountPictures 2014-07-29 22:27:12 -------- d-----w- C:\ProgramData\Mozilla 2014-07-29 22:10:47 -------- d---a-w- C:\Users\Christian\OneDrive 2014-07-29 22:06:18 -------- d-----r- C:\Users\Christian\Contacts 2014-07-29 22:05:26 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Christian\ntuser.ini 2014-07-29 22:05:26 -------- d--h--w- C:\Users\Christian\AppData 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Videos 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Saved Games 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Pictures 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Music 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Links 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Favorites 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Downloads 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Documents 2014-07-29 22:05:26 -------- d-----r- C:\Users\Christian\Desktop ====== C: exe-files == 2014-08-23 11:02:29 AA8DFDB2CFF8C225ED0DEF60CEB45DBC 301568 ----a-w- C:\Users\Christian\AppData\Local\Packages\DeviceDoctor.FileOpener_mkdtfchztkfbm\AC\Microsoft\CLR_v4.0_32\NativeImages\FileOpener\88ee4cad6565604ac7e33887fc85697c\FileOpener.ni.exe 2014-08-20 20:12:57 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Christian.exe 2014-08-20 20:11:33 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Christian\Downloads\RSITx64.exe 2014-08-20 18:55:49 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\Christian\Downloads\WIGI.exe 2014-08-20 18:53:59 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\Christian\Downloads\WhyIGotInfected.exe 2014-08-20 18:14:38 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Christian\Downloads\SpyHunter-Installer(1).exe 2014-08-20 18:04:37 CCCB8107753BE76F18DA8A77463407CE 868376 ----a-w- C:\Users\Christian\Downloads\mssstool64.exe 2014-08-20 17:45:29 DCF40210AD699F013A2AECFE7F27B101 103312640 ----a-w- C:\Users\Christian\Downloads\mpam-fe(1).exe 2014-08-20 17:45:10 F3AFF3008DA79A3002EBA5D68357A591 16524544 ----a-w- C:\Users\Christian\Downloads\mpam-fe.exe 2014-08-20 11:09:26 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Christian\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe 2014-08-20 11:09:26 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Christian\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe 2014-08-20 11:09:26 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\Christian\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe 2014-08-20 11:08:23 5C28E508C83A3B0DDBB224B04B1418B9 47329360 ----a-w- C:\Users\Christian\AppData\Local\Temp\SHSetup.exe 2014-08-20 11:08:04 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Christian\Downloads\SpyHunter-Installer.exe === C: other files == 2014-08-22 16:29:21 0497AE6A0E492481DA9CB6A13EDE6250 4918273 ----a-w- C:\Users\Christian\Downloads\wetransfer-fa45de.zip 2014-08-22 14:28:42 EDB535032687085A3ECAF949509B73F4 183231 ----a-w- C:\Users\Christian\AppData\Local\Temp\wetransfer-fa45de\USB ??.zip 2014-08-22 13:38:17 F7E9B4C6738F54BD804C9034D0FEAB65 30213 ----a-w- C:\Users\Christian\Downloads\062-3D8-Controller-Demo.zip 2014-08-20 11:09:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2014-08-20 11:09:28 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Users\Christian\AppData\Local\Temp\ESGScanner.sys ==== Startup Registry Enabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-08-2014 13:38] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\windows\SysNative\tasks\User_Feed_Synchronization-{84ACA3B1-D12E-4E19-A6A1-B49C7EEE0701}" [C:\windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [06-08-2014 13:34] ==== Firefox Extensions ====================== ProfilePath: C:\Users\CHRIST~1\AppData\Roaming\Mozilla\Firefox\Profiles\inj5g3cq.default - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - InstantBuzz Members Toolbar - %ProfilePath%\extensions\instantbuzztoolbar@instantbuzz.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\inj5g3cq.default 9EE20E6E2E3F94714D44F739B9A228F4 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[30-06-2014 15:21] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{62C43E5E-05F7-4757-8EB5-1DA64B7C3473}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {62C43E5E-05F7-4757-8EB5-1DA64B7C3473} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CyberLink PowerDVD 10 MS Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 10 MS Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christian\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Christian\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Christian\AppData\Local\Mozilla\Firefox\Profiles\inj5g3cq.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=56 folders=9 19545128 bytes) ==== Empty Temp Folders ====================== C:\Users\Christian\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\CHRIST~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 23-08-2014 at 15:34:30,97 ======================