Zoek.exe v5.0.0.0 Updated 07-March-2015 Tool run by ikke on zo 08/03/2015 at 17:43:08,50. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\ikke\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8/03/2015 17:47:28 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\DSPRobotics deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\Users\ikke\AppData\Roaming\uTorrent deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully ==== Installed Programs ====================== Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI Adobe Photoshop CS6 Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update ASIO4ALL Audacity 2.0.6 Bonjour CamStudio 2.7.2 Deckadance 2 Free YouTube Download version 3.2.53.128 Google Chrome Google Update Helper Hydra VSTi/DXi v1.2 IL Shared Libraries iTunes Java 8 Update 31 Java Auto Updater Malwarebytes Anti-Malware versie 2.0.4.1028 ManyCam 4.1.1 ManyDownloader Microsoft .NET Framework 4.5 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mikogo Mozilla Firefox 36.0.1 (x86 nl) Mozilla Maintenance Service Native Instruments Absynth 5 Native Instruments Massive Native Instruments Service Center Ohm Force - Ohmicide VST Origin PDF Settings CS6 Realtek High Definition Audio Driver reFX Nexus VSTi RTAS v2.2.0 reFX Vanguard 1.7.2 rgc:audio z3ta+ 1.5 (x64) Screen Recorder Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft .NET Framework 4.5 (KB2840642v2) Security Update for Microsoft .NET Framework 4.5 (KB2861208) Security Update for Microsoft .NET Framework 4.5 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5 (KB2898864) Security Update for Microsoft .NET Framework 4.5 (KB2901118) Security Update for Microsoft .NET Framework 4.5 (KB2972107) Security Update for Microsoft .NET Framework 4.5 (KB2972216) Security Update for Microsoft .NET Framework 4.5 (KB2978128) Security Update for Microsoft .NET Framework 4.5 (KB2979578v2) SkypeT 7.1 Sonic Charge Microtonic Sonic Charge Plugins Sonic Charge Synplant Sylenth1 v2.21 The Sims 4 Deluxe Edition version 1.3.33.1010 Update 11 Tixati Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft .NET Framework 4.5 (KB2805221) Update for Microsoft .NET Framework 4.5 (KB2805226) VyprVPN Waves Complete V9r24 WinRAR 5.21 beta 2 (64-bit) XviD Video Codec (remove only) Yahoo Messenger Yahoo Software Update Yahoo Toolbar ZoneAlarm Firewall ZoneAlarm Free Firewall ZoneAlarm Security ZoneAlarm Security Toolbar ==== Running Processes ====================== C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Service.exe C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Yahoo\Messenger\YahooMessenger.exe C:\Program Files (x86)\VyprVPN\VyprVPNService.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\VyprVPN\VyprVPN.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Screen Recorder\NSR.exe C:\Program Files (x86)\Screen Recorder\Nepflex.exe C:\Users\ikke\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default ---- Lines zonealarm removed from prefs.js ---- user_pref("extensions.dntp.addonId", "ffxtlbr@zonealarm.com"); user_pref("extensions.ffxtlbr@zonealarm.com.conflict.checked", "true"); user_pref("extensions.xpiState", "{\"app-profile\":{\"ffxtlbr@zonealarm.com\":{\"d\":\"C:\\\\Users\\\\ikke\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox user_pref("extensions.zonealarm.admin", false); user_pref("extensions.zonealarm.aflt", "1001"); user_pref("extensions.zonealarm.appId", "{C56C48A0-DA4E-46F6-9859-1553DC865F84}"); user_pref("extensions.zonealarm.autoRvrt", "false"); user_pref("extensions.zonealarm.cntry", "BE"); user_pref("extensions.zonealarm.dfltLng", "EN"); user_pref("extensions.zonealarm.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,7 user_pref("extensions.zonealarm.excTlbr", false); user_pref("extensions.zonealarm.ffxUnstlRst", false); user_pref("extensions.zonealarm.hdrMd5", "99E9AB9F41E727394ABC9B2C62567000"); user_pref("extensions.zonealarm.id", "0a0a578d00000000000018a9052ed067"); user_pref("extensions.zonealarm.instlDay", "16493"); user_pref("extensions.zonealarm.instlRef", "ZLN127090750163931-1001"); user_pref("extensions.zonealarm.lastB", "google.com"); user_pref("extensions.zonealarm.lastVrsnTs", "1.8.29.1712:58:54"); user_pref("extensions.zonealarm.newTab", false); user_pref("extensions.zonealarm.prdct", "zonealarm"); user_pref("extensions.zonealarm.prtnrId", "checkpoint"); user_pref("extensions.zonealarm.rvrt", "false"); user_pref("extensions.zonealarm.sg", "NewUSR"); user_pref("extensions.zonealarm.smplGrp", "NewUSR"); user_pref("extensions.zonealarm.tlbrId", "HFA5"); user_pref("extensions.zonealarm.tlbrSrchUrl", "http://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=6b2d15e17da944e8ab1d314e4314d47c&t user_pref("extensions.zonealarm.vrsn", "1.8.29.17"); user_pref("extensions.zonealarm.vrsnTs", "1.8.29.1712:58:54"); user_pref("extensions.zonealarm.vrsni", "1.8.29.17"); ---- Lines zonealarm modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7B0C743D11-F0D9-032E-7453-F2EF2F185D55%7D:6.0.7,firefox%40mega.co.nz:1.0.3,ffxtlbr%40zonealarm.com:1.6.0,%7B97 ---- Lines zonealarm removed from user.js ---- user_pref("extensions.zonealarm.tlbrSrchUrl", "http://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=6b2d15e17da944e8ab1d314e4314d47c&tu=10G9y00Ib2D33N0&sku=&tstsId=&ver=&&q="); user_pref("extensions.zonealarm.id", "0a0a578d00000000000018a9052ed067"); user_pref("extensions.zonealarm.appId", "{C56C48A0-DA4E-46F6-9859-1553DC865F84}"); user_pref("extensions.zonealarm.instlDay", "16493"); user_pref("extensions.zonealarm.vrsn", "1.8.29.17"); user_pref("extensions.zonealarm.vrsni", "1.8.29.17"); user_pref("extensions.zonealarm.vrsnTs", "1.8.29.1712:58:54"); user_pref("extensions.zonealarm.prtnrId", "checkpoint"); user_pref("extensions.zonealarm.prdct", "zonealarm"); user_pref("extensions.zonealarm.aflt", "1001"); user_pref("extensions.zonealarm.smplGrp", "NewUSR"); user_pref("extensions.zonealarm.tlbrId", "HFA5"); user_pref("extensions.zonealarm.instlRef", "ZLN127090750163931-1001"); user_pref("extensions.zonealarm.dfltLng", "EN"); user_pref("extensions.zonealarm.excTlbr", false); user_pref("extensions.zonealarm.ffxUnstlRst", false); user_pref("extensions.zonealarm.admin", false); user_pref("extensions.zonealarm.autoRvrt", "false"); user_pref("extensions.zonealarm.rvrt", "false"); user_pref("extensions.zonealarm.newTab", false); ---- FireFox user.js and prefs.js backups ---- user_20150803_1804_.backup prefs_20150803_1804_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\DSPRobotics not found C:\PROGRA~2\Origin Games not found C:\PROGRA~3\Yahoo! Companion deleted C:\PROGRA~2\Check Point Software Technologies LTD deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~3\Yahoo! deleted C:\PROGRA~3\Package Cache deleted C:\PROGRA~3\EmailNotifier deleted C:\Users\ikke\AppData\Local\CrashRpt deleted C:\Users\ikke\Downloads\[kickass.so]tone2.complete.bundle.v2013.macosx.doa.vsti.au.torrent deleted C:\Users\ikke\Downloads\[kickass.so]waves.all.plugins.bundle.v9r24.torrent deleted C:\Users\ikke\Downloads\[kickass.so]waves.diamond.bundle.v5.2.vst.rtas.for.windows(1).torrent deleted C:\Users\ikke\Downloads\[kickass.so]waves.diamond.bundle.v5.2.vst.rtas.for.windows.torrent deleted C:\Users\ikke\AppData\LocalLow\Yahoo! deleted C:\Users\ikke\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\extensions\firefox@mega.co.nz.xpi deleted C:\Users\Public\Desktop\Many Downloader.lnk deleted C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\extensions\ffxtlbr@zonealarm.com deleted C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\extensions\{0C743D11-F0D9-032E-7453-F2EF2F185D55} deleted "C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\searchplugins\zonealarm.xml" deleted "C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\searchplugins\zonealarm.xml" deleted "C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\searchplugins\zonealarm.xml" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4062 MB CPU Info: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz CPU Speed: 2495,4 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) G41 Express Chipset | Intel(R) G41 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: TAP-VyprVPN Adapter V9 | Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: hp CDDVDW TS-H653R Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 931,4GB Hard Disks - Free: C: 478,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 11/27/09 | HPQOEM - 20091127 Time Zone: Romance Standard Time Motherboard *: FOXCONN ETON Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: ZoneAlarm Free Firewall Firewall disabled Default Browser: Firefox 36.0.1 Internet Explorer Version: 10.0.9200.17229 Mozilla Firefox version: 36.0.1 (x86 nl) Google Chrome version: 41.0.2272.76 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-02-11 16:44:23 3F535687772ABD0F4A953F75E0711CDD 525508562 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\ikke\AppData\Local\Temp ==== 2015-03-06 11:26:07 822A6F116BE8D15BB4683BDC73EEC4E5 1334128 ----a-w- C:\Users\ikke\AppData\Local\Temp\procexp64.exe 2015-02-27 13:19:48 5C30226B8022D5D7E14988807FB8F725 231648632 ----a-w- C:\Users\ikke\AppData\Local\Temp\is1955396272\20B590F1_stp.EXE 2015-02-27 13:18:38 272F3B7EFC6DF7E9E249724AFB4AB84A 11567116 ----a-w- C:\Users\ikke\AppData\Local\Temp\is1955396272\43BD3C70_stp.EXE 2015-02-25 19:02:53 FEABD0D4C776F9D82A6C6BC9C672E18D 40599552 ----a-w- C:\Users\ikke\AppData\Local\Temp\Skype.msi ====== Java Cache ===== 2015-02-25 20:08:49 3E46B0B6E48075C5B8F6FD16BF336811 449 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\53be102-5a47592148d4bb4979f3a8662e330270fc1b0bf3334d45e727436588bdf1001d-6.0.lap 2015-02-25 20:02:36 17B6AF81B78935FE6302C89FEED86ED9 58282 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\58ccb382-749b4d69 2015-02-25 20:02:43 8744BD9679B87DD5BEABAF9A16F6AEB8 805801 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\51538f19-17ac160d 2015-02-25 20:02:35 222D723D41A96CB84CBCF190A3B5ADFD 444 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\b1875a8-d98ec18665ff13d841a88eaa8e60eb42a89072cf9a14a410878057901910e4a2-6.0.lap 2015-02-25 20:02:44 C861962CBD93B47AEDAC2A6B06BC8D2F 91910 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43e90d2b-7f3e0809 2015-02-25 20:08:51 B6CD39BCB3749C1BE14922272ADE9FE0 151021 ----a-w- C:\Users\ikke\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4ba98ef9-29becb32 ====== C:\Windows\SysWOW64 ===== 2015-03-06 17:14:32 EA102A915B12F4F471237C046DAD456E 765312 ----a-w- C:\Windows\SysWOW64\PerfStringBackup.INI 2015-02-25 19:21:53 E51B539FEC6A6485289F650E5E7D5156 701616 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-25 19:21:53 4713ED2510365E9102172816D2CFB832 71344 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-25 19:08:08 13D186FA6F19823C598335443CE233BC 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-25 18:38:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls 2015-02-25 18:14:57 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-25 18:38:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls 2015-02-25 18:14:59 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-02-25 18:14:58 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-02-25 18:14:57 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll ====== C:\Windows\Sysnative\drivers ===== 2015-02-27 12:00:22 E12DB53A9457CA44FC4C93AAE0C3BCCE 431395 ----a-w- C:\Windows\Sysnative\drivers\vsconfig.xml 2015-02-24 19:12:58 DF56B9F206B99020D79AC560622F8F91 44896 ----a-w- C:\Windows\Sysnative\drivers\tapvyprvpn.sys 2015-02-11 15:44:27 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 15:44:26 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 15:44:26 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-02-11 10:56:39 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-02-11 10:56:06 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-02-11 10:56:06 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-02-11 10:56:06 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2015-02-26 12:33:38 CF0F9A31B936CCE07A961FA78B8FE2F3 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-26 12:33:38 7262B151C5C2B140FFF0666AC0405A6D 4048 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2015-02-26 12:33:37 92D547CEEF9F0066D9CC79A8C47DBF5E 3796 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2015-02-26 12:33:36 FF77567976FFBAF057650BB11B18E0CA 1048 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-25 19:21:55 309B90EBD45893FBC5CEA1BA114E694F 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-25 19:21:55 1D92BFD850526ABDC2D0B5252F332538 3768 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-06 11:44:08 -------- d-----w- C:\Program Files\trend micro 2015-03-04 11:38:44 -------- d-----w- C:\Program Files\Realtek 2015-03-01 16:22:32 -------- d-----w- C:\Program Files\Adobe 2015-03-01 16:15:45 -------- d-----w- C:\Program Files\Common Files\Adobe 2015-02-27 13:19:34 -------- d-----w- C:\Program Files\CamStudio 2.7 2015-02-25 19:36:27 -------- d-----w- C:\Program Files\Visicom Media 2015-02-20 21:46:35 -------- d-----w- C:\Program Files\Sonic Charge 2015-02-20 12:28:36 -------- d-----w- C:\Program Files\iPod 2015-02-20 12:28:35 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2015-03-06 17:07:52 -------- d-----w- C:\PROGRA~2\VyprVPN 2015-03-01 16:20:46 -------- d-----w- C:\PROGRA~2\Adobe 2015-03-01 16:10:58 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe 2015-02-28 16:56:22 -------- d-----w- C:\PROGRA~2\XviD 2015-02-28 16:56:02 -------- d-----w- C:\PROGRA~2\Screen Recorder 2015-02-28 10:01:31 -------- d--h--w- C:\PROGRA~2\Temp 2015-02-27 11:58:35 -------- d-----w- C:\PROGRA~2\CheckPoint 2015-02-26 12:33:30 -------- d-----w- C:\PROGRA~2\Google 2015-02-25 19:48:01 -------- d-----w- C:\PROGRA~2\Yahoo! 2015-02-25 19:36:57 -------- d-----w- C:\PROGRA~2\ManyCam 2015-02-25 19:08:11 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-02-25 19:07:36 -------- d-----w- C:\PROGRA~2\Java 2015-02-25 19:03:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-02-25 19:03:36 -------- d-----r- C:\PROGRA~2\Skype 2015-02-20 12:28:37 -------- d-----w- C:\PROGRA~2\iTunes 2015-02-20 10:26:39 -------- d-----w- C:\PROGRA~2\Origin 2015-02-16 19:36:33 -------- d-----w- C:\PROGRA~2\GMT-MAX.ORG 2015-02-13 11:23:39 -------- d-----w- C:\PROGRA~2\Audacity 2015-02-10 12:27:27 -------- d-----w- C:\PROGRA~2\Reveal Sound 2015-02-08 22:43:50 -------- d-----w- C:\PROGRA~2\Rob Papen ======= C: ===== ====== C:\Users\ikke\AppData\Roaming ====== 2015-03-06 17:41:10 -------- d-----w- C:\Users\ikke\AppData\Local\Golden_Frog,_GmbH 2015-03-06 17:40:37 -------- d-----w- C:\Users\ikke\AppData\Local\Golden Frog, GmbH 2015-03-06 17:30:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Golden_Frog,_GmbH 2015-03-02 13:57:56 -------- d-----w- C:\Users\ikke\AppData\Locallow\Adobe 2015-02-28 18:04:51 -------- d-----w- C:\Users\ikke\AppData\Roaming\Rylstim Screen Recorder 2015-02-28 16:56:23 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD 2015-02-27 18:29:08 9B1D1C1C1FDD98F1369A67A4E1B1DF6E 408 ----a-w- C:\Users\ikke\AppData\Roaming\CamShapes.ini 2015-02-27 18:29:08 53EBD09A73D82DD916A0E78EFB87F308 408 ----a-w- C:\Users\ikke\AppData\Roaming\CamLayout.ini 2015-02-27 18:29:08 17C59CBE8CE682CEC5F22A6A7C979A2E 65616 ----a-w- C:\Users\ikke\AppData\Roaming\Camdata.ini 2015-02-27 16:10:44 C5FBB0674FB6259D98B84F4C19A8575C 4538 ----a-w- C:\Users\ikke\AppData\Roaming\CamStudio.cfg 2015-02-27 13:28:16 9E3D46FEA2CB93CF7CBA1E216DC5E68A 96 ----a-w- C:\Users\ikke\AppData\Roaming\version2.xml 2015-02-27 11:58:40 -------- d-----w- C:\Users\ikke\AppData\Roaming\Check Point Software Technologies LTD 2015-02-26 12:53:13 -------- d-----w- C:\Users\ikke\AppData\Local\Mikogo 2015-02-26 12:46:10 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mikogo 2015-02-26 12:45:43 -------- d-----w- C:\Users\ikke\AppData\Roaming\Mikogo 2015-02-26 12:38:45 -------- d-----w- C:\Users\ikke\AppData\Local\Screenleap 2015-02-26 12:33:20 -------- d-----w- C:\Users\ikke\AppData\Local\Google 2015-02-25 20:02:41 -------- d-----w- C:\Users\ikke\AppData\Local\QuickScreenShare 2015-02-25 19:49:31 -------- d-----w- C:\Users\ikke\AppData\Roaming\Yahoo! 2015-02-25 19:38:59 -------- d-----w- C:\Users\ikke\AppData\Local\ManyCam 2015-02-25 19:37:20 -------- d-----w- C:\Users\ikke\AppData\Roaming\ManyCam 2015-02-25 19:21:19 -------- d-----w- C:\Users\ikke\AppData\Local\Adobe 2015-02-25 19:06:57 -------- d-----w- C:\Users\ikke\AppData\Locallow\Sun 2015-02-25 19:03:56 -------- d-----w- C:\Users\ikke\AppData\Local\Skype 2015-02-25 19:03:51 -------- d-----w- C:\Users\ikke\AppData\Roaming\Skype 2015-02-24 16:20:52 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samples Share 2015-02-24 12:36:43 -------- d-----w- C:\Users\ikke\AppData\Roaming\Teragon Audio 2015-02-20 21:57:20 -------- d-----w- C:\Users\ikke\AppData\Local\Sonic Charge 2015-02-20 10:30:06 -------- d-----w- C:\Users\ikke\AppData\Roaming\Origin 2015-02-20 10:30:04 -------- d-----w- C:\Users\ikke\AppData\Local\Origin 2015-02-16 13:11:47 -------- d-----w- C:\Users\ikke\AppData\Local\Quickscope_Simulator 2015-02-13 11:25:40 -------- d-----w- C:\Users\ikke\AppData\Roaming\Audacity 2015-02-10 12:27:09 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reveal Sound 2015-02-08 22:43:47 -------- d-----w- C:\Users\ikke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rob Papen ====== C:\Users\ikke ====== 2015-03-06 17:30:46 -------- d-----w- C:\ProgramData\Golden Frog, GmbH 2015-03-06 17:07:04 4C874DCC40A4BCE7432017A121221624 4264256 ----a-w- C:\Users\ikke\Downloads\VyprVPN-2.7.0.4852-installer.exe 2015-03-06 11:42:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\ikke\Desktop\RSITx64.exe 2015-03-06 11:34:00 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\ikke\Desktop\WIGI.exe 2015-03-06 11:33:30 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\ikke\Desktop\WhyIGotInfected.exe 2015-03-04 11:33:33 6868295CA1A0950B9D6B8531738D23EE 159144 ----a-w- C:\Users\ikke\Downloads\WindowsActivationUpdate.exe 2015-03-01 16:23:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2015-03-01 16:10:56 -------- d-----w- C:\ProgramData\Adobe 2015-02-28 16:56:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD 2015-02-28 16:56:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen Recorder 2015-02-28 16:54:58 F523A2C27DB893620054A8F05AB0E237 1482743 ----a-w- C:\Users\ikke\Downloads\Rylstim-Screen-Recorder.exe 2015-02-28 09:58:01 B6FD7C933D4D24CD0C51E1EC00DF3BC8 111172669 ----a-w- C:\Users\ikke\Downloads\0001-32bit_Win7_Win8_Win81_R275.exe 2015-02-27 13:19:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7 2015-02-27 13:17:46 8DD5374D5991AC01706F1BE41343BE2A 767872 ----a-w- C:\Users\ikke\Downloads\CamStudioSetup_v2.7.2.exe 2015-02-27 12:00:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2015-02-27 11:50:30 57C00B223B639EFE253AF598F1841023 44 ----a-w- C:\Users\ikke\.screenleap 2015-02-26 12:53:07 C4FB3BCE9A507077AFFB3EE2594796D4 6648656 ----a-w- C:\Users\ikke\Downloads\Mikogo20150226135255_988994824_-00696b6b65__.exe 2015-02-26 12:45:34 84DCFCCB5882BC74DB6B0C690DFB43DF 11087144 ----a-w- C:\Users\ikke\Downloads\mikogo-starter.exe 2015-02-26 12:34:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-26 12:33:09 1A6A345D0CF74C4E17DA141F7E54221F 880208 ----a-w- C:\Users\ikke\Downloads\ChromeSetup.exe 2015-02-25 19:49:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2015-02-25 19:47:46 14146C17D988AABD7553E1C48D7FD976 691576 ----a-w- C:\Users\ikke\Downloads\msgr11us.exe 2015-02-25 19:38:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2015-02-25 19:36:58 -------- d-----w- C:\ProgramData\ManyCam 2015-02-25 19:36:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media 2015-02-25 19:36:30 -------- d-----w- C:\ProgramData\Visicom Media 2015-02-25 19:35:25 F5F46BBD587843F3F3142606F4F4B616 295960 ----a-w- C:\Users\ikke\Downloads\ManyCamWebInstaller.exe 2015-02-25 19:24:28 -------- d-----w- C:\Users\ikke\Tracing 2015-02-25 19:08:13 -------- d-----w- C:\ProgramData\Sun 2015-02-25 19:07:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-25 19:07:41 -------- d-----w- C:\ProgramData\Oracle 2015-02-25 19:06:52 6713E17AFCB3A28191A747DC8C475721 639912 ----a-w- C:\Users\ikke\Downloads\jxpiinstall.exe 2015-02-25 19:03:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-25 19:03:24 -------- d-----w- C:\ProgramData\Skype 2015-02-25 19:02:29 563B164F49F6A3FD88178B0266648A3D 1548384 ----a-w- C:\Users\ikke\Downloads\SkypeSetup.exe 2015-02-24 14:50:01 -------- dc-h--w- C:\ProgramData\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE} 2015-02-24 14:37:50 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} 2015-02-20 21:46:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge 2015-02-20 12:29:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-20 12:28:35 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-20 10:27:15 -------- d-----w- C:\ProgramData\Origin 2015-02-20 10:27:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-02-20 10:27:13 -------- d-----w- C:\ProgramData\Electronic Arts 2015-02-16 20:09:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG 2015-02-11 22:59:29 -------- d-----w- C:\ProgramData\CheckPoint ====== C: exe-files == 2015-03-08 02:49:02 A26A9B69B042395C6BC034D32137D3BF 1676600 ----a-w- C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe 2015-03-06 17:08:08 D02DC8B69A702A47C083278938C4D2F1 50352408 ----a-w- C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7URBQC16\dotnetfx45_full_x86_x64[1].exe 2015-03-06 17:07:04 4C874DCC40A4BCE7432017A121221624 4264256 ----a-w- C:\Users\ikke\Downloads\VyprVPN-2.7.0.4852-installer.exe 2015-03-06 11:44:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\ikke.exe 2015-03-06 11:42:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\ikke\Desktop\RSITx64.exe 2015-03-06 11:34:00 C78EEFBC22F5507BFF4A0CF83567DB22 980480 ----a-w- C:\Users\ikke\Desktop\WIGI.exe 2015-03-06 11:33:30 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\ikke\Desktop\WhyIGotInfected.exe 2015-03-06 11:26:07 822A6F116BE8D15BB4683BDC73EEC4E5 1334128 ----a-w- C:\Users\ikke\AppData\Local\Temp\procexp64.exe 2015-03-06 11:25:53 92E04BCF92CF588F434393D0B3B6BCA2 2480312 ----a-w- C:\Users\ikke\Downloads\ProcessExplorer\procexp.exe 2015-03-04 11:33:33 6868295CA1A0950B9D6B8531738D23EE 159144 ----a-w- C:\Users\ikke\Downloads\WindowsActivationUpdate.exe 2015-03-04 11:10:28 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D0A5EAAC-7F47-41C6-9C91-D61827DF088F}\41.0.2272.76_40.0.2214.115_chrome_updater.exe 2015-03-04 11:10:25 7EA5D6C2CE669BBCCEF968DEDC37E2AF 9092688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.76\41.0.2272.76_40.0.2214.115_chrome_updater.exe === C: other files == 2015-03-06 17:42:02 37E3392BB8FCEADE186C7E3816004E5F 148 ----a-w- C:\Users\ikke\AppData\Local\Temp\VyprVPNRestart.bat 2015-03-06 17:31:01 A666A709F546719AB2BE55A2A5CA447F 229 ----a-w- C:\Program Files (x86)\VyprVPN\InstallCertificates.bat 2015-03-06 17:30:36 37241B5327FC15721E9A75DE37E5ED9D 193 ----a-w- C:\Program Files (x86)\VyprVPN\OpenVPN\util\addtap.bat 2015-03-06 17:30:36 362ACDA9A9E8FFDA0F1A6C6305DA9036 258 ----a-w- C:\Program Files (x86)\VyprVPN\OpenVPN\util\deltapall.bat 2015-03-06 11:25:03 FE7F83689172CC17185D6FB1AEFDFC6E 1188194 ----a-w- C:\Users\ikke\Downloads\ProcessExplorer.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Ijtwsoft"="regsvr32.exe C:\Users\ikke\AppData\Local\Ijtwsoft\WEBAPPDBG.DLL" "Ahcbworks"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\ikke\AppData\Local\AZCworks\cpuz.dll" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" "Mikogo"="C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe -asp" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Ijtwsoft"="regsvr32.exe C:\Users\ikke\AppData\Local\Ijtwsoft\WEBAPPDBG.DLL" "Ahcbworks"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\ikke\AppData\Local\AZCworks\cpuz.dll" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" "Mikogo"="C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe -asp" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/02/2015 21:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/02/2015 13:33] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/02/2015 13:33] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default user_pref("browser.startup.homepage", "google.com"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default - Undetermined - {0C743D11-F0D9-032E-7453-F2EF2F185D55} - Undetermined - firefox@mega.co.nz - Undetermined - ffxtlbr@zonealarm.com - Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Deleted Firefox Extensions ====================== C:\Users\ikke\AppData\Roaming\Mozilla\Firefox\Profiles\azl0lchs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted ==== Chromium Look ====================== Google Slides - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Hangouts - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl Google Wallet - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - ikke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-755594152-3724653302-3261122093-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Ijtwsoft] regsvr32.exe C:\Users\ikke\AppData\Local\Ijtwsoft\WEBAPPDBG.DLL O4 - HKCU\..\Run: [Ahcbworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\ikke\AppData\Local\AZCworks\cpuz.dll O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Mikogo] "C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-host.exe" -asp O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mikogo-Service - BeamYourScreen GmbH - C:\Users\ikke\AppData\Roaming\Mikogo\Mikogo-Service.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VyprVPN - Golden Frog, GmbH. - C:\Program Files (x86)\VyprVPN\VyprVPNService.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EGHJSBN will be deleted at reboot C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7MU07CF8 will be deleted at reboot C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0OCADOD will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\ikke\AppData\Local\Mozilla\Firefox\Profiles\azl0lchs.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\ikke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=394 folders=110 58254299 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\ikke\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ikke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6EGHJSBN" not found "C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7MU07CF8" not found "C:\Users\ikke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0OCADOD" not found ==== EOF on zo 08/03/2015 at 18:21:38,33 ======================