Zoek.exe v5.0.0.0 Updated 08-December-2014 Tool run by Rijon on wo 10-12-2014 at 12:01:46,57. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: G:\setups\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-12-09-111123.log 29422 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files (x86)\FireTrust\MailWasher\MailWasherPro.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\System Explorer\SystemExplorer.exe C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe G:\setups\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706 user.js not found ---- Lines clickclean@hotcleaner.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_10-12-2014_1221_.backup ProfilePath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\kuotoozg.default-1391153090336 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_10-12-2014_1221_.backup ProfilePath: C:\Users\Rijon\AppData\Roaming\TomTom\HOME\Profiles\6tb2ga9j.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_10-12-2014_1221_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" not found C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706\extensions\clickclean@hotcleaner.com deleted "C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf4a4c50154a1.job" deleted "C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf27c04674f1b1.job" deleted ==== Folders Found ====================== ==== Files Found ====================== --- C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 30740 Created time: 2092-01-01 02:00:00 Modified time: 2092-01-01 02:00:00 MD5: 53741EA428DBCF3FF54D6A2AA1299A94 SHA1: BBA9C5B6F79C1BE6E89A3D703A3DE4DFAA90658E --- C:\Windows\winsxs\amd64_microsoft-windows-vssservice.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_e23da10d0da7305e\VSSVC.exe.mui --- Company: Microsoft Corporation File Description: Microsoft® Volume Shadow Copy-service File Version: 6.1.7600.16385 (win7_rtm.090713-1255) Product Name: Besturingssysteem Microsoft® Windows® Copyright: © Microsoft Corporation. Alle rechten voorbehouden. Original Filename: VSSVC.EXE.MUI File type: ----a-w- File size: 77312 Created time: 2011-02-19 04:39:29 Modified time: 2011-02-19 04:39:29 MD5: B1979A51503AD037525D733620E04747 SHA1: 3B2771C20664A3250855D0BC256712A8E45E5672 --- C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --- Company: Microsoft Corporation File Description: Microsoft® Volume Shadow Copy Service File Version: 6.1.7600.16385 (win7_rtm.090713-1255) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: VSSVC.EXE File type: ----a-w- File size: 1598976 Created time: 2009-07-13 23:39:12 Modified time: 2009-07-14 01:39:50 MD5: 787898BF9FB6D7BD87A36E2D95C899BA SHA1: A3E0E0D08CEEF14596140FB3C9E68FB0A7EDDD2C --- C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe --- Company: Microsoft Corporation File Description: Microsoft® Volume Shadow Copy Service File Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Product Name: Microsoft® Windows® Operating System Copyright: © Microsoft Corporation. All rights reserved. Original Filename: VSSVC.EXE File type: ----a-w- File size: 1600512 Created time: 2011-02-18 19:49:54 Modified time: 2010-11-20 13:25:28 MD5: B60BA0BC31B0CB414593E169F6F21CC2 SHA1: 1D6F5A5DE7154B75144C6A033C36FD86FF2BBE9B ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 6055 MB CPU Info: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz CPU Speed: 1995.7 MHz Sound Card: Luidsprekers (Realtek High Defi | DFX Speakers (DFX Audio Enhance | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 | NVIDIA GeForce GT 540M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Juniper Network Connect Virtual Adapter | Check Point Virtual Network Adapter For SSL Network Extender #2 | Check Point Virtual Network Adapter For SSL Network Extender | Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Atheros AR9002WB-1NG Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: SlimtypeDVD A DS8A5SH Ports: COM9 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 305.7GB | D: 368.0GB | F: 1863.0GB | G: 1863.0GB Hard Disks - Free: C: 228.2GB | D: 361.6GB | F: 1620.6GB | G: 561.3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/18/11 | _ASUS_ - 6222004 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. N73SV Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated) Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: McAfee Firewall disabled Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 10.0.1 (x86 nl) Mozilla Firefox version: 10.0.2 (x86 nl) Mozilla Firefox version: 11.0 (x86 nl) Mozilla Firefox version: 12.0 (x86 nl) Mozilla Firefox version: 13.0 (x86 nl) Mozilla Firefox version: 13.0.1 (x86 nl) Mozilla Firefox version: 14.0.1 (x86 nl) Mozilla Firefox version: 15.0.1 (x86 nl) Mozilla Firefox version: 16.0.2 (x86 nl) Mozilla Firefox version: 17.0.1 (x86 nl) Mozilla Firefox version: 18.0 (x86 nl) Mozilla Firefox version: 18.0.1 (x86 nl) Mozilla Firefox version: 18.0.2 (x86 nl) Mozilla Firefox version: 19.0 (x86 nl) Mozilla Firefox version: 19.0.2 (x86 nl) Mozilla Firefox version: 20.0 (x86 nl) Mozilla Firefox version: 20.0.1 (x86 nl) Mozilla Firefox version: 21.0 (x86 nl) Mozilla Firefox version: 22.0 (x86 nl) Mozilla Firefox version: 23.0 (x86 nl) Mozilla Firefox version: 23.0.1 (x86 nl) Mozilla Firefox version: 24.0 (x86 nl) Mozilla Firefox version: 25.0 (x86 nl) Mozilla Firefox version: 25.0.1 (x86 nl) Mozilla Firefox version: 26.0 (x86 nl) Mozilla Firefox version: 27.0 (x86 nl) Mozilla Firefox version: 27.0.1 (x86 nl) Mozilla Firefox version: 28.0 (x86 nl) Mozilla Firefox version: 29.0 (x86 nl) Mozilla Firefox version: 32.0 (x86 nl) Mozilla Firefox version: 32.0.1 (x86 nl) Mozilla Firefox version: 32.0.2 (x86 nl) Mozilla Firefox version: 33.0.1 (x86 nl) Mozilla Firefox version: 33.0.2 (x86 nl) Mozilla Firefox version: 7.0.1 (x86 nl) Mozilla Firefox version: 8.0 (x86 nl) Mozilla Firefox version: 9.0 (x86 nl) Mozilla Firefox version: 9.0.1 (x86 nl) Google Chrome version: 39.0.2171.71 Adobe Reader version: 11.0.9.29 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) Flash Player version: 15.0.0.239 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Rijon\AppData\Local\Temp ==== 2014-12-09 14:19:39 BA878CA6598D984FC2066A2B56C37263 411376 ----a-w- C:\Users\Rijon\AppData\Local\Temp\SSUPDATE64.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-10 07:18:19 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-12-10 07:14:55 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-12-10 07:14:55 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 07:14:54 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 07:14:54 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-12-10 07:14:54 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 07:14:54 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 07:14:54 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 07:14:54 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 07:14:54 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-12-10 07:14:53 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-12-10 07:14:53 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 07:14:53 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 07:14:53 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 07:14:52 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 07:14:52 D90585C3BE942DAAFBDC868FDC061844 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 07:14:52 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-12-10 07:14:52 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-12-10 07:14:52 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 07:14:52 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 07:14:52 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-12-10 07:14:50 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-12-10 07:14:50 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-12-10 07:14:50 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-12-10 07:14:50 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 07:14:49 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-12-10 07:14:49 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 07:13:45 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2014-12-10 07:13:36 9ECFE118A6EBB0CA28F5AB8E54F12BF1 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2014-12-10 07:13:32 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 07:11:56 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-10 07:11:54 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 07:11:54 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 07:11:54 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 07:11:54 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 07:11:54 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll 2014-12-01 21:29:28 1E7CDE8F155F3B6FDCFDB0F46378D4BE 42 ----a-w- C:\Windows\SysWOW64\AK083E209605E394C.lie 2014-11-30 06:11:33 57BCD4649CD7CA0FEBB31E5EA18796A8 30008 ----a-w- C:\Windows\SysWOW64\uxtuneup.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-10 07:18:18 6E1DDE0E72FB8268F42F6777CE4C5036 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2014-12-10 07:14:54 F987718A5CA053DC23E94A531F1754A4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-12-10 07:14:54 D471F7A428C21DB04D810445D12D68E0 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-12-10 07:14:54 9F07E8FC75C5F98A783ABFD3005EFC22 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-12-10 07:14:54 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-12-10 07:14:54 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-12-10 07:14:54 077AEB068A51B396F25BBCAB0944FC3A 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-12-10 07:14:53 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-12-10 07:14:53 5BF0BAA1E5EF724287565E97C9219254 389296 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-12-10 07:14:52 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-12-10 07:14:52 B4E481E9498CE22113628C4E9EA24427 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-12-10 07:14:52 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-12-10 07:14:52 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-12-10 07:14:51 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-12-10 07:14:51 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-12-10 07:14:51 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-12-10 07:14:51 23AE7A3B44D5C550B81347288CE3230E 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-12-10 07:14:50 DFECAE6D925FBC9078870E16F98C471F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-12-10 07:14:50 5F24313333AB409251152CAFADA40015 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-12-10 07:14:49 F7CCA58B973FB5EAED8D1F12DD3E51F6 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-12-10 07:14:49 8EF01E2EF21D41A23FF70B28179F9ABE 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-12-10 07:14:49 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-12-10 07:14:48 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-12-10 07:14:48 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-12-10 07:14:48 7AC115968B8856004920057B2271224C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-12-10 07:14:48 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-12-10 07:14:48 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-12-10 07:14:48 021DFF3CB0ADCD19B3AAA00A650FDEE2 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-12-10 07:14:47 89296EF4A3729A049DA25B7D67A04078 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-12-10 07:14:47 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-12-10 07:14:46 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-12-10 07:13:45 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2014-12-10 07:13:42 F0356290BA3940F31AFF5566501495F7 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-12-10 07:13:42 E00981CF227CEEBE7B5A8D99C76D1116 741376 ----a-w- C:\Windows\Sysnative\invagent.dll 2014-12-10 07:13:42 DAF13A81A5FC895D68B1D9A72F65F4CB 413184 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-12-10 07:13:42 D257AF48934D2167BE15AA4008176381 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-12-10 07:13:42 985558125FEEC89AB4AD142158B066D7 830976 ----a-w- C:\Windows\Sysnative\appraiser.dll 2014-12-10 07:13:42 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2014-12-10 07:13:42 4253086737D81D7C9C160FDE6C037F44 396800 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-12-10 07:13:41 5CD6E919CE938A98AB25A2EA2C8C4EDA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-12-10 07:13:36 D63B8B7FFF2D5BB8F00D51972501086D 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2014-12-10 07:13:32 A9A0BFD706B3A24C403EEFEB0790D011 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2014-12-10 07:11:56 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\Sysnative\charmap.exe 2014-12-10 07:11:55 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\Windows\Sysnative\WsmSvc.dll 2014-12-10 07:11:54 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\Windows\Sysnative\WSManMigrationPlugin.dll 2014-12-10 07:11:54 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\Windows\Sysnative\WsmAuto.dll 2014-12-10 07:11:54 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll 2014-12-10 07:11:54 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\Sysnative\WSManHTTPConfig.exe 2014-12-01 16:17:18 9A642F163F1FB12DE395A6010A9AD687 189920 ----a-w- C:\Windows\Sysnative\mfevtps.exe 2014-11-30 06:11:33 A7649519DFE623683FA5062311A3D337 36664 ----a-w- C:\Windows\Sysnative\uxtuneup.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-10 07:13:32 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys 2014-12-01 16:25:13 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys ====== C:\Windows\Tasks ====== 2014-12-01 16:02:11 AB47A5B1AF8A85B9AA447755BC8A1E17 3302 ----a-w- C:\Windows\Sysnative\Tasks\{717EEA48-AB0B-4407-B5B4-3A8085557980} 2014-11-30 12:53:02 E7169BF52C33D1B083F40E7EF64C22EE 2762 ----a-w- C:\Windows\Sysnative\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 2014-11-12 14:10:32 EAF1C5F09E6F69FA9FBFFAF8419F6BE6 3338 ----a-w- C:\Windows\Sysnative\Tasks\SpyHunter4Startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-07 13:22:38 -------- d-----w- C:\Program Files\ReviverSoft 2014-12-04 06:59:20 -------- d-----w- C:\Program Files\Speccy 2014-12-01 21:39:52 -------- d-----w- C:\Program Files\Perfect Uninstaller 2014-12-01 11:12:10 -------- d--h--w- C:\Program Files\Uninstall Information 2014-11-28 20:09:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware ======= C:\PROGRA~2 ===== 2014-12-09 15:59:02 -------- d-----w- C:\PROGRA~2\Ashampoo 2014-12-01 11:12:35 -------- d--h--w- C:\PROGRA~2\Uninstall Information 2014-12-01 10:39:54 -------- d-----w- C:\PROGRA~2\Tweaking.com ======= C: ===== ====== C:\Users\Rijon\AppData\Roaming ====== 2014-12-10 10:54:52 -------- d-----w- C:\Users\Rijon\AppData\Local\CrashDumps 2014-12-09 16:00:49 -------- d-----w- C:\Users\Rijon\AppData\Roaming\Ashampoo 2014-12-09 15:59:59 -------- d-----w- C:\Users\Rijon\AppData\Local\ashampoo 2014-12-09 11:08:18 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp 2014-12-09 11:08:18 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-12-09 11:08:18 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-12-09 11:08:18 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2014-12-09 11:08:17 -------- d-----w- C:\Users\Rijon\AppData\Local\Temp 2014-12-02 11:57:47 -------- d-----w- C:\Users\Rijon\AppData\Roaming\SUPERAntiSpyware.com 2014-11-17 09:40:08 -------- d-----w- C:\Users\Rijon\AppData\Local\PopcornTimeDesktop 2014-11-15 06:53:03 FE845BEEC76A4CFB519997F7F62B3FC1 115976 ----a-w- C:\Users\Rijon\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-12 14:12:19 -------- d-sh--w- C:\Users\Rijon\AppData\Locallow\EmieBrowserModeList 2014-11-12 14:10:37 -------- d-sh--w- C:\Users\Rijon\AppData\Local\EmieBrowserModeList 2014-11-12 14:10:28 -------- d-----w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter ====== C:\Users\Rijon ====== 2014-12-09 15:59:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-12-09 15:59:08 -------- d-----w- C:\ProgramData\Ashampoo 2014-12-07 13:25:55 -------- d-----w- C:\ProgramData\RegistryReviver.exe 2014-12-07 13:22:40 -------- d-----w- C:\ProgramData\ReviverSoft 2014-12-07 13:22:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft 2014-12-04 06:59:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-12-02 11:57:43 -------- d-----w- C:\ProgramData\!SASCORE 2014-12-02 11:57:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-12-01 21:39:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller 2014-12-01 10:40:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-11-29 21:44:01 -------- d-sh--w- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-11-28 13:03:43 -------- d-----w- C:\ProgramData\Acoustica 2014-11-28 12:18:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2014-11-28 12:18:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-11-27 16:52:21 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2014-11-27 13:47:20 -------- d-----w- C:\ProgramData\ASUS 2014-11-27 13:32:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust 2014-11-27 13:31:58 -------- d-----w- C:\ProgramData\Firetrust 2014-11-27 13:20:28 -------- d-----w- C:\ProgramData\Sun 2014-11-27 13:20:19 -------- d-----w- C:\ProgramData\Oracle 2014-11-27 13:20:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-27 13:18:22 -------- d-----w- C:\ProgramData\Adobe 2014-11-27 12:45:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotnet 2014-11-27 12:04:34 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-11-27 07:15:34 -------- d-----w- C:\ProgramData\TEMP 2014-11-27 06:23:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2014-11-26 14:06:02 -------- d-----w- C:\ProgramData\Microsoft Help 2014-11-26 14:04:52 -------- d-----w- C:\ProgramData\Spotnet 2014-11-26 14:04:42 -------- d-----w- C:\ProgramData\IObit 2014-11-26 12:58:18 -------- d-----w- C:\ProgramData\vso 2014-11-26 12:51:34 -------- d--h--w- C:\ProgramData\.Syncables 2014-11-26 12:51:34 -------- d-----w- C:\ProgramData\Intel 2014-11-26 12:45:49 -------- d-----w- C:\ProgramData\HP 2014-11-26 12:45:46 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2014-11-26 12:45:43 -------- d-----w- C:\ProgramData\NVIDIA 2014-11-26 12:44:06 -------- d-----w- C:\ProgramData\Microsoft 2014-11-26 12:43:04 -------- d-----w- C:\ProgramData\SystemExplorer 2014-11-12 12:56:37 -------- d-----w- C:\Users\Rijon\Start Menu ====== C: exe-files == 2014-12-10 10:31:05 88099BAE5E8DF6E1E081C80BDF536BCD 429800 ----a-w- C:\Users\Rijon\AppData\Local\NVIDIA\NvBackend\Packages\00006952\CoProc update.19123910.exe 2014-12-10 07:14:54 A8A8FD02E3A9264A603892DE1F522166 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-12-10 07:14:54 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-12-10 07:14:54 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-12-10 07:14:53 B7BCC767AC0E76384BCDC292184DD8C8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-12-10 07:14:53 43CE0C99DBC0F96DB2B7259B0BE0930E 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-12-10 07:14:52 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-12-10 07:14:52 D90585C3BE942DAAFBDC868FDC061844 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 07:14:52 A24BFBAE8B50A6780B68FF3673FAB52F 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-12-10 07:14:51 C3D17F3199D39A2AB85956A63731F188 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-12-10 07:14:51 2A9DA9E7462EBA3F6D2036E8D18FF773 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-12-10 07:14:50 5F24313333AB409251152CAFADA40015 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-12-10 07:13:45 BE8F985609BE0809B7E29960AC997511 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe 2014-12-10 07:13:42 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\System32\aitstatic.exe 2014-12-10 07:13:42 65536EB5F53B76562BBE0DE332A8BA3C 66216 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2014-12-10 07:13:41 CCEE34CF7D700825AD839FAB298A0129 46760 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-12-10 07:13:41 A192555B09BD2A45940D7E449F311AF6 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-12-10 07:11:56 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-10 07:11:56 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\System32\charmap.exe 2014-12-10 07:11:54 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 07:11:54 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2014-12-09 15:59:15 BDBA5F930E8174EA4D5AEAB2CCD80249 589168 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\ashDriverSetup.exe 2014-12-09 15:59:15 8EF258F01A20CA62C4CFAAEAFC5C0255 4205424 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\backupextractor15.exe 2014-12-09 15:59:14 BB38E1D523259A444F75A936856D06B4 3348848 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\ashsecexplorer.exe 2014-12-09 15:59:14 B9C6B5BFF30793C3E109F26E0648B192 924016 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\BurningStudioProgress.exe 2014-12-09 15:59:14 228D941BC9FAF760C5786CFA90B6A627 2719600 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\mge_slv.exe 2014-12-09 15:59:11 B07386044C56260053A27AE1EB6F266F 2788208 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\autorun.exe 2014-12-09 15:59:10 EC8350F55149D07397E061613133A587 143216 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\amf_slv.exe 2014-12-09 15:59:10 E9706E3F4EED0905912EC60A581A5558 1122672 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\CancelAutoplay2.exe 2014-12-09 15:59:08 BC65A620A1C6827CC6329D13EF4354CA 4206448 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe 2014-12-09 15:59:06 EDAB354806A0A31893C50096A3079316 104760 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\updateMediator.exe 2014-12-09 15:59:02 AC6BA0A6F83BFEFD84B17C9A3F4B0712 1277424 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\unins000.exe 2014-12-09 14:19:39 BA878CA6598D984FC2066A2B56C37263 411376 ----a-w- C:\Users\Rijon\AppData\Local\Temp\SSUPDATE64.EXE 2014-12-08 16:35:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\RSITx64.exe 2014-12-07 13:09:29 EA5EEA1C196D50375BBAEA9122C8EDFF 4161536 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\RegistryReviverInstaller.exe 2014-12-06 08:51:28 F029262FFCF08C83BF0467AE2A1BA10F 718084 ----a-w- C:\Program Files (x86)\Spotnet\unins001.exe 2014-12-06 07:19:25 99CD14EFE0F5A39FD6FA63B0D62F5E88 4451032 ----a-w- C:\Users\Rijon\AppData\Local\NVIDIA\NvBackend\Packages\00006942\DAO.19113547.exe 2014-12-04 06:56:20 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\spsetup126.exe === C: other files == 2014-12-10 07:13:32 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys 2014-12-09 15:59:45 E1A03C4D7162DD2AAB843584E4C8EE26 18825 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\skins\wxpreview\anim_encoding.zip 2014-12-09 15:59:43 DC63B4A146008D92D0B964955F4D5610 2199364 ----a-w- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\python\Lib.zip 2014-12-06 08:45:38 A8BA8565584EEF68857659E735AC4A97 12790632 ----a-w- C:\Users\Rijon\AppData\Local\Downloads\Spotnet-FTDlook_dec2012.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-644121108-1263804581-3321629488-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN14Q2C0CZ05MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1 " "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91140000-0011-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" "{90140000-0018-0413-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{91140000-0011-0000-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" "{90140000-0018-0413-0000-0000000FF1CE}"="C:\Windows\system32\cmd.exe /C del C:\ProgramData\Microsoft Help\Rgstrtn.lck /Q /A:H" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "SonicMasterTray"="C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" "FLxHCIm"="C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "VAWinAgent"="C:\ExpressGateUtil\VAWinAgent.exe " "RemoteControl10"="C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" "UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SystemExplorerAutoStart"="C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY" "mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe /platui /runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN14Q2C0CZ05MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1 " "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtherosBtStack"="C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe " "AthBtTray"="C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe " "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2014-01-13 08:23:02 1956 ----a-w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk 2014-11-27 13:37:26 1154 ----a-w- C:\Users\Rijon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 06:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 06:27] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\awditSkipUAC" [C:\Users\Rijon\AppData\Roaming\Reincubate\awdit Desktop\awdit-desktop.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Rijon)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Rijon\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3070 B611 series" ["C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2012" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\{07E2ECC4-29C7-4EC3-A776-C3E69A167A96}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{0CACDB23-E95C-46AC-80B5-EF7813CB2DB0}" [C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe] "C:\Windows\SysNative\tasks\{109D6723-712F-4FC9-B3AA-3FD118C0D289}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{10B7FE5E-EE75-451B-A7E6-63C5667CE3BA}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{170C416F-5160-44AE-A72E-A5CD8EEC1F7A}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{1F5D6B6F-6129-4058-B395-5091A4ADF7FC}" [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe] "C:\Windows\SysNative\tasks\{217CFED6-A10B-44A5-ABAB-631318207A9B}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{31646315-966C-4F7B-8AA3-DF42BE9CA9EF}" [C:\Program Files (x86)\DFX\DFX.exe] "C:\Windows\SysNative\tasks\{47D01D11-9ADD-4E37-B08E-19AFC87DCBF8}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{51849723-58D8-4BCE-94BA-48A60DD4E352}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{5CDF9262-576B-496B-9D96-A20883BC1B51}" [C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe] "C:\Windows\SysNative\tasks\{6B2EFC00-56AF-4316-B65F-83830E9C94E6}" [C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe] "C:\Windows\SysNative\tasks\{6D4CCEEF-9DB4-45BF-B675-76C570DAFABF}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{7180B7C4-2E24-4DED-919C-D0C4A497A526}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{731D1A89-6B0D-4D18-BF57-A6CB33B55A44}" [C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe] "C:\Windows\SysNative\tasks\{8F10A1B8-C14B-4CEF-9014-01BF86E06713}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{A2A2ABBD-D449-4AE0-AB1C-9C1B32DF706C}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{A381054B-4C72-4948-A928-029C9F033D89}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{A60E0330-A2D3-4AA7-A53A-DC4521951214}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{ADB24E89-EAF3-4676-9FD0-C08C7DF7D5D2}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{B021E925-2465-417C-A89E-D913828EA70F}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{D99207A7-E77A-437C-8398-9EF56E846EDE}" [F:\DTVP_Launcher.exe] "C:\Windows\SysNative\tasks\{DE651C09-86D0-4D41-849F-65C6DDD3D0D4}" [C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe] "C:\Windows\SysNative\tasks\{E595115E-6686-4D54-91F7-DBB558ADBF92}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\{E7BA9C85-5342-48C0-BB5D-1AF80D9B9C0D}" [C:\Program Files (x86)\Philips\Philips Digital Media Manager\PCDMM\PCDMM.exe] "C:\Windows\SysNative\tasks\{E981C966-85CC-4047-A217-BBECFB1AD5A4}" [C:\Program Files\McAfee.com\Agent\mcagent.exe] "C:\Windows\SysNative\tasks\{EE7EDEB2-1AB3-4620-8D85-B6E312377347}" [C:\FLAC To MP3\flac2mp3.exe] "C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [07-12-2014 06:35] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706 - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - clickclean@hotcleaner.com - Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Rijon\AppData\Roaming\TomTom\HOME\Profiles\6tb2ga9j.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.8.544.1836@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.057.562242@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Rijon\AppData\Roaming\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706 8303B3CEC05500F763B4FA75210598BB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Slides - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf VLC for Chrome - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fapffilknndicpjinfcjjcnladnmjgdm SiteAdvisor - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho ClickClean - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod Google Wallet - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghgabhipcejejjmhhchfonmamedcbeod deleted successfully C:\Users\Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_ghgabhipcejejjmhhchfonmamedcbeod_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/?gfe_rd=cr&ei=Iap9VMeDD4ug-wa0qIH4Dw" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/?gfe_rd=cr&ei=Iap9VMeDD4ug-wa0qIH4Dw" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN14Q2C0CZ05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [{90140000-0018-0413-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user') O4 - Startup: Inktwaarschuwingen controleren - .lnk = ? O4 - Startup: MailWasherPro.lnk = C:\Program Files (x86)\FireTrust\MailWasher\MailWasherPro.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.intranet,lan O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.intranet,lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.intranet,lan O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rijon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rijon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Rijon\AppData\Local\Mozilla\Firefox\Profiles\cdnzskek.default-1394974712706\cache2 emptied successfully C:\Users\Rijon\AppData\Local\Mozilla\Firefox\Profiles\lfyf67y1.default-1361697865420\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Rijon\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=267 folders=194 9151847 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Gast\AppData\Local\temp emptied successfully C:\Users\HomeGroupUser$\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\Rijon\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Rijon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 10-12-2014 at 12:44:34,14 ======================