==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-04-08 17:36:28 748D1F5A0495A1AA9D44FB51B4C13271 43112 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\Users\BADIR_~1\AppData\Local\Temp ==== 2016-04-08 15:38:03 52E4D982FE075EE6278E3DD9DFEA1069 1362424 ----a-w- C:\Users\badir_000\AppData\Local\Temp\SafeZone Installer\installer.exe 2016-04-08 10:43:33 B571BDEF3606ADFC2E0C6B88E70249A9 2892128 ----a-w- C:\Users\badir_000\AppData\Local\Temp\avg-099b8838-64f0-4e69-b347-c5298547da55.exe 2016-04-07 19:32:32 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\badir_000\AppData\Local\Temp\SDIAG_66547a15-3845-468b-b4b3-5ae3bb5d6b66\NetworkDiagnosticSnapIn.dll 2016-04-07 19:30:58 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\badir_000\AppData\Local\Temp\SDIAG_c94a9a61-bad6-4609-876e-52a5857d7fa6\NetworkDiagnosticSnapIn.dll 2016-04-07 15:34:42 101F278D6E80BB6030B90511869308A9 13621616 ----a-w- C:\Users\badir_000\AppData\Local\Temp\ReimagePackage.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2016-04-08 17:36:46 C514A8F4AC22AFAFE54B7CA515BBEAE2 386096 ----a-w- C:\WINDOWS\Sysnative\aswBoot.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2016-04-08 17:36:57 E46B51C99BB750A81AC6A68362475A5C 65224 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRvrt.sys 2016-04-08 17:36:57 D9079E1A1C2A1F8ED5F37AF8E6CD3161 155304 ----a-w- C:\WINDOWS\Sysnative\drivers\aswStm.sys 2016-04-08 17:36:57 C24A42A7689DB63EEF157797AA7012B5 451040 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsp.sys.1460137032609 2016-04-08 17:36:57 A428CC308673A5E74F91D92E4A2B205D 1055560 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys.1460137032609 2016-04-08 17:36:57 82065730918234A15A3A7AD6153FF8F2 97648 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys.1460137031500 2016-04-08 17:36:57 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F 28656 ----a-w- C:\WINDOWS\Sysnative\drivers\aswHwid.sys 2016-04-08 17:36:57 68E76C1675AC171A84F5B7230652E19D 97648 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys 2016-04-08 17:36:57 619CA9F210F0F36F8162E5B7BFDDA5CD 464256 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsp.sys 2016-04-08 17:36:57 5C0C4440A27074BBABC5D572DD29CA9B 450504 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsp.sys.1460137031500 2016-04-08 17:36:57 42AE0F2BF37CE46EB01A753F96FCC9B8 28144 ----a-w- C:\WINDOWS\Sysnative\drivers\aswKbd.sys 2016-04-08 17:36:57 3BEC32A0B646D914921FD56AA39998C1 273784 ----a-w- C:\WINDOWS\Sysnative\drivers\aswVmm.sys 2016-04-08 17:36:57 2D6B49A071216796106E7804AB2BA7DC 93528 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRdr2.sys 2016-04-08 17:36:57 0BCDF7DF06B4407A7EB0443AADB3DD27 1065208 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys.1460137033265 2016-04-08 17:36:57 01487B49CC9289D7A1DADAD6A9A2C02F 1065720 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys 2016-04-08 17:36:22 E017E15F8EFD7675976743A8FBECCEBB 466400 ----a-w- C:\WINDOWS\Sysnative\drivers\aswNdisFlt.sys 2016-04-08 17:35:34 5C0C4440A27074BBABC5D572DD29CA9B 450504 ----a-w- C:\WINDOWS\Sysnative\drivers\fwmwuwva.sys ====== C:\WINDOWS\Tasks ====== 2016-04-08 21:29:21 D121B449D881F53C34287DEE1FEFA1F4 3964 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier 2016-04-08 21:29:21 82D37E61B040C32E6B6DCCBDC03D39C1 1002 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-04-08 17:38:01 89ACE5CCCF9DED4E7EA39CEB15B9EB00 3020 ----a-w- C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1460137075 2016-04-08 17:37:09 730DF340C126665F83BBC371A082559D 4182 ----a-w- C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-04-08 22:39:48 -------- d-----w- C:\Program Files\trend micro 2016-04-07 16:47:25 -------- d-----w- C:\Program Files\TotalSystemCare ======= C:\PROGRA~2 ===== 2016-04-08 10:51:08 -------- d-----w- C:\PROGRA~2\COMMON~1\AV 2016-04-07 16:16:14 -------- d-----w- C:\PROGRA~2\Registry Recycler 2016-04-05 20:22:53 -------- d-----w- C:\PROGRA~2\Razer ======= C: ===== ====== C:\Users\badir_000\AppData\Roaming ====== 2016-04-08 10:46:22 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\AvgSetupLog 2016-04-08 10:46:16 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg 2016-04-08 10:43:38 -------- d-----w- C:\Users\badir_000\AppData\Local\AvgSetupLog 2016-04-08 10:43:17 -------- d-----w- C:\Users\badir_000\AppData\Local\Avg2015 2016-04-05 20:30:36 -------- d-----w- C:\Users\badir_000\AppData\Local\CEF 2016-03-24 15:41:06 -------- d-----w- C:\Users\badir_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-03-19 20:07:29 -------- d-----w- C:\Users\badir_000\AppData\Locallow\uTorrent ====== C:\Users\badir_000 ====== 2016-04-08 22:39:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\badir_000\Desktop\RSITx64.exe 2016-04-08 16:08:01 76ADA19FB074F9AB91D37A10C3D0A143 5920344 ----a-w- C:\Users\badir_000\Downloads\Avast Crack 2016 Till 2050_ Avast Antivirus License Key.exe 2016-04-08 15:26:56 7079B8A6DD85565FEC3E6F039942C75E 208098128 ----a-r- C:\Users\Public\Desktop\avast_premier_antivirus_setup.exe 2016-04-08 13:16:08 D014D9560CD7DB184C01BAE53E766C1A 3480040 ----a-w- C:\Users\badir_000\Downloads\MCPR.exe 2016-04-08 10:45:42 AB51109EDB08CE704DAA3913A25782A0 5066104 ----a-w- C:\Users\badir_000\Downloads\avast_free_antivirus_setup_online.exe 2016-04-07 16:47:08 C158893FA4A0BE931B11F62A2AA36175 7967432 ----a-w- C:\Users\badir_000\Downloads\TotalSystemCare_Installer(1).exe 2016-04-07 16:40:22 C158893FA4A0BE931B11F62A2AA36175 7967432 ----a-w- C:\Users\badir_000\Downloads\TotalSystemCare_Installer.exe 2016-04-07 16:29:28 97E2938252C2926FE920B6EF7216C8D0 3901072 ----a-w- C:\Users\badir_000\Downloads\WinThruster_2016_Setup.exe 2016-04-07 16:15:29 025FEC219E5A0A792DEDDB9F0DF31A86 1131272 ----a-w- C:\Users\badir_000\Downloads\setup_rr.exe 2016-04-05 20:19:23 5FAA29ABF65BA1E159550B5678881565 129757088 ----a-w- C:\Users\badir_000\Downloads\RazerCortexSetup_7.0.135.11872.exe 2016-03-28 11:16:29 AF11D9CF96135C060BBEF7236659916B 26212216 ----a-w- C:\Users\badir_000\Downloads\Belgium eID-QuickInstaller 4.1.13.exe ====== C: exe-files == 2016-04-08 22:39:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Badir.exe 2016-04-08 10:51:08 E29E03F59F4FA7CFF645E8C8794BA0B7 184032 ----a-w- C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe 2016-04-08 10:51:08 E29E03F59F4FA7CFF645E8C8794BA0B7 184032 ----a-w- C:\Program Files (x86)\Common Files\AV\avast! Antivirus\upgrade.exe 2016-04-08 10:51:08 224EFC8B50E88D79DCEB19D658D5C41B 652816 ----a-w- C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe 2016-04-08 10:51:08 224EFC8B50E88D79DCEB19D658D5C41B 652816 ----a-w- C:\Program Files (x86)\Common Files\AV\avast! Antivirus\backup.exe 2016-04-08 10:43:29 5DB315E7300F28688D1D34CCC80F882F 217768 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE 2016-04-08 10:43:26 1ACBEA96AF404136616F989A7CCB503E 559856 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE 2016-04-08 10:43:24 B7A010697B0EFFE3B966B46158AC9D6D 851736 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE 2016-04-08 10:43:24 1C7E035C643042A4B9A39902606E1C48 162912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSREC.EXE 2016-04-08 10:43:16 99A1CEF3ED1DD8DB034E5990B6E56795 16064 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\SmartTagInstall.exe 2016-04-08 10:43:07 60EBEB06F21DBEA8CA54F5C3E1431A55 94048 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE 2016-04-08 10:43:06 D7CE91A98302CBFD778D97A6DD18CE6C 7985960 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe 2016-04-08 10:43:02 35D49BA06039E2CD4A73E54CBC636D57 48840 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe 2016-04-08 10:42:55 B93A4ACCBD65B22746547BB3951EA79C 208968 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOXMLED.EXE 2016-04-08 10:42:54 E05F6EC7087E15B7C6CF638078F30264 5839144 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe 2016-04-08 10:42:47 E1B97CE23930787BAFCAA4410DA83658 9602736 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE 2016-04-08 10:42:42 42AC26B2319CAFD9BD4ED9A971060365 882904 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2016-04-08 10:42:36 E94CD6FC12C22C975DAED6AA7ABD1663 7217832 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\OneDriveSetup.exe 2016-04-08 10:42:36 D0915899EBCA0DEC2E2478D91EEA01A6 483656 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE 2016-04-08 10:42:10 D62DD48AC3C2D1C56BCBE8D9AA87179D 87240 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\NAMECONTROLSERVER.EXE 2016-04-08 10:42:10 D5BD92670A5A4D2F00C8B9B3FDBCD44E 238320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CLVIEW.EXE 2016-04-08 10:42:10 86476286AE02B377CF581145858AA850 1161504 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe 2016-04-08 10:42:10 584984439892865D0044179B08BDB0EA 508160 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE 2016-04-08 10:42:09 CC684E12F90DD0302C1B69A6191B921F 50392 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE 2016-04-08 10:42:09 058E8C8B0E10CE7B3C81A50EB9BE2D9F 700064 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSQRY32.EXE 2016-04-08 10:42:08 CC2F6EF5569D02637F24D001C4428E82 21952704 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2016-04-08 10:42:08 760BCA628083C4970133E462E81C6212 4531456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE 2016-04-08 10:42:08 3EC69B311B7EC4E42AF0BB11DE0CED04 449216 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE 2016-04-08 10:42:08 3CC08F8A62B4C3F346F0BECEE418EE11 490272 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE 2016-04-08 10:42:07 F5C73E8FB7183AD5CD7197BCC3A6B145 526680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe 2016-04-08 10:42:07 36CDF5CBF5F7B3A144E043EA7A41BCEF 163016 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CNFNOT32.EXE 2016-04-08 10:42:06 324977188D2F257BBBBF5FA141FC6BF3 578912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE 2016-04-08 10:41:59 0534585DC8C6BC01067086D32EFB038C 537856 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE 2016-04-08 10:41:11 C78471F07031A3B6742103AE0B64988D 642328 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe 2016-04-08 10:41:08 BF33AB2A68972B6AF64F8E4EBB1278F4 145064 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate64.exe 2016-04-08 10:41:08 27A7CF70BF8092CC80E0476E15EE4D0F 320896 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe 2016-04-08 10:41:08 1E9B3B467F1449C2FB361E8D59FF5D76 124072 ----a-w- C:\Program Files\Microsoft Office 15\root\client\AppVDllSurrogate32.exe 2016-04-08 10:39:26 5D06345B317347B3E0C152CC7533C0D1 19117768 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE 2016-04-08 10:39:22 C7F9003995AE87FEF4CDE47E6E137B1F 1772744 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE 2016-04-08 10:39:22 89969E9A946B5E15B3E9C6853B5FD61D 195248 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE 2016-04-08 10:39:21 6339D87E3D4AB54C17ECD873688FA9CB 15529160 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE 2016-04-08 10:39:02 56B9CA2C9A44BF3090F57CC9456A861E 1932480 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE 2016-04-08 10:39:00 A1057743A38A7B25915FACFB831DDF09 1848392 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE 2016-04-08 10:38:58 82271138B5F849B0B718BCDB51AE4E46 10766544 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE 2016-04-08 10:38:56 344D19D095061C65EF2D481C427C62D3 25735872 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE 2016-04-08 10:38:46 88181E7C0993540B0D98718CBF775A0A 999616 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE 2016-04-08 10:38:42 2A82519355D5E648747A6FF32ACC89CD 90280 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\perfboost.exe 2016-04-08 10:38:40 CF972482D2089B927A3565577B8334CE 205480 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe 2016-04-08 10:38:40 85112B8619D65474F7F0F259A0A32CC4 249000 ----a-w- C:\Program Files\Microsoft Office 15\ClientX64\mavinject32.exe 2016-04-05 20:25:09 690264BE268ACDF07259123A9AB2856B 17600 ----a-w- C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe === C: other files == 2016-04-08 17:36:57 E46B51C99BB750A81AC6A68362475A5C 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2016-04-08 17:36:57 D9079E1A1C2A1F8ED5F37AF8E6CD3161 155304 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2016-04-08 17:36:57 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2016-04-08 17:36:57 68E76C1675AC171A84F5B7230652E19D 97648 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys 2016-04-08 17:36:57 619CA9F210F0F36F8162E5B7BFDDA5CD 464256 ----a-w- C:\Windows\System32\drivers\aswsp.sys 2016-04-08 17:36:57 42AE0F2BF37CE46EB01A753F96FCC9B8 28144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2016-04-08 17:36:57 3BEC32A0B646D914921FD56AA39998C1 273784 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2016-04-08 17:36:57 2D6B49A071216796106E7804AB2BA7DC 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2016-04-08 17:36:57 01487B49CC9289D7A1DADAD6A9A2C02F 1065720 ----a-w- C:\Windows\System32\drivers\aswsnx.sys 2016-04-08 17:36:22 E017E15F8EFD7675976743A8FBECCEBB 466400 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2016-04-08 17:35:34 5C0C4440A27074BBABC5D572DD29CA9B 450504 ----a-w- C:\Windows\System32\drivers\fwmwuwva.sys 2016-04-08 11:10:53 9FF3F1B734A3704C987003EB2BAD2C18 1575468 ----a-w- C:\Users\badir_000\AppData\Local\Temp\scoped_dir_848_21902\ad-block.crx 2016-04-05 20:30:34 48932508C9E6F2285803252D5A225C0C 544 ----a-w- C:\Program Files (x86)\Razer\Razer Cortex\RazerCortexInfo.bat 2016-04-04 20:39:31 4D3DCDD3AB114AFFAFE36014A0299523 36853 ----a-w- C:\Users\badir_000\Downloads\keyscan09.zip ==== Orphaned Tasks deleted from Registry ====================== 0116tbUpdateInfo deleted avast Emergency Update deleted Norton Product Installer deleted {DD552472-A185-4a0c-AC58-90AA40E9E26A} deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3300143506-2763790894-2804036282-1005\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\badir_000\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Dropbox Update"="C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "ManyCam"="C:\Program Files (x86)\ManyCam\ManyCam.exe --silent" "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.exe /autostart /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE" "YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" "YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s" "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" "RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" "Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "RazerCortex"="C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\badir_000\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Dropbox Update"="C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "ManyCam"="C:\Program Files (x86)\ManyCam\ManyCam.exe --silent" "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.exe /autostart /min" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\windows\system32\igfxtray.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t" "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "BtPreLoad"="C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EventLog] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Wecsvc] ==== Startup Folders ====================== 2014-11-24 18:52:47 1208 ----a-w- C:\Users\badir_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-08-18 22:15:45 1337 ----a-w- C:\Users\badir_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk 2013-05-25 18:27:04 1120 ----a-w- C:\Users\rahma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [08/04/2016 23:29] C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/04/2016 23:29] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005Core.job --a-------- C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 01:13] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005UA.job --a-------- C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 01:13] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005Core.job --a-------- C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/11/2013 22:58] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005UA.job --a-------- C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/11/2013 22:58] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005Core" [C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005UA" [C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005Core" [C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3300143506-2763790894-2804036282-1005UA" [C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1388573795" [C:\Users\badir_000\AppData\Local\Programs\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1460137075" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"] "C:\WINDOWS\SysNative\tasks\TunnelBear" [C:\Program Files (x86)\TunnelBear\TunnelBear.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{280BA869-3D11-4065-996B-EDB9C8282B07}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{855CFC05-3AA5-4CC6-8564-B15A4FF1CF67}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{EAF410EB-D37D-4921-B0D7-F322B4662EAF}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\lsc.exe -updatestatus] "C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan] "C:\WINDOWS\SysNative\tasks\Lenovo\LSC\RebootCountTask" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -rebootcount] "C:\WINDOWS\SysNative\tasks\Lenovo\LSC\Time72Task" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -canupdate] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/04/2016 19:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\BADIR_~1\AppData\Roaming\Mozilla\Firefox\Profiles\oc1786o6.default-1440065958961 - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\badir_000\AppData\Roaming\Mozilla\Firefox\Profiles\oc1786o6.default-1440065958961 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 0E8B2D0D9E3415A91EF259CE1112C579 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director 684F2DF31062413E094280891DCB6EE1 - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll - Shockwave for Director / Shockwave for Director 57C7E359ED8D049132EED23EFA444C63 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll - Shockwave Flash 3CD19649B2C3023D65E67C056457A2BC - C:\Users\badir_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== Google Chrome Version: 46.0.2471.2 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/04/2016 19:36] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 11:47] Google Slides - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf https //mynamedomain.koko/00 - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Google Sheets - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap https //mynamedomain.koko/00 - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi https //mynamedomain.koko/00 - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl https //mynamedomain.koko/00 - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo Chrome Web Store Payments - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - badir_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Send to Maps - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhggankplfegmjjngfmhfajedmiikolo YouTube - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Synergyse Training for Apps - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh Google Wallet - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Send to Maps - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhggankplfegmjjngfmhfajedmiikolo YouTube - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf http //mynamedomain.koko/00 - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd Synergyse Training for Apps - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh Google Wallet - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda http //mynamedomain.koko/00 - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj Gmail - sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\rahma\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://start.qone8.com/?type=hp&ts=1382712298&from=amt&uid=ST1000LM024XHN-M101MBB_S2U5J9GD115562", ==== Chromium Fix ====================== C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_immo.trovit.fr_0.localstorage deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_immo.trovit.fr_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static-server1.wrestling-network.net_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static-server1.wrestling-network.net_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage deleted successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully C:\Users\rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhggankplfegmjjngfmhfajedmiikolo deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhggankplfegmjjngfmhfajedmiikolo deleted successfully C:\Users\rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic deleted successfully C:\Users\rahma\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh deleted successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkloemkmldbemijiamdiolojbffnjlh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{2F83D103-44C8-45D3-A002-3D169161A43B} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS HKLM\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{2F83D103-44C8-45D3-A002-3D169161A43B} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS HKLM\Wow6432Node\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 HKCU\SearchScopes "DefaultScope"="{2F83D103-44C8-45D3-A002-3D169161A43B}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{2F83D103-44C8-45D3-A002-3D169161A43B} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} - No_Url_Value ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E09412E-7A0E-4C61-B304-888C760F61D4} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Facebook Update] "C:\Users\badir_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\badir_000\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\badir_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min O4 - Startup: Dropbox.lnk = badir_000\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{6861107A-09FB-49D2-95F0-66F1DE3E3FCB}: NameServer = 95.169.183.219,89.41.60.38 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll O23 - Service: Emsisoft Anti-Malware 8.0 - Service (a2AntiMalware) - Emsisoft Ltd - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\badir_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\badir_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\sabri_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\sabri_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\badir_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\badir_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\sabri_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\sabri_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\badir_000\AppData\Local\Mozilla\Firefox\Profiles\oc1786o6.default-1440065958961\cache2 will be emptied at reboot C:\Users\badir_000\AppData\Roaming\Mozilla\Firefox\Profiles\oc1786o6.default-1440065958961\storage\default\https+++www.pinterest.com\cache emptied successfully C:\Users\rahma\AppData\Local\Mozilla\Firefox\Profiles\0wj4a1xy.default\Cache emptied successfully C:\Users\rahma\AppData\Local\Mozilla\Firefox\Profiles\0wj4a1xy.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\badir_000\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\badir_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\rahma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\sabri_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2605 folders=411 517696098 bytes) ==== Empty Temp Folders ====================== C:\Users\badir_000\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\rahma\AppData\Local\Temp emptied successfully C:\Users\sabri_000\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\BADIR_~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\Wondershare\WAF\2.1.6.0\WsAppCommon.dll" not found "C:\PROGRA~2\Wondershare\WAF\2.1.6.0\WsAppService.exe" not found "C:\PROGRA~2\Wondershare" not found "C:\Users\badir_000\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QQVQFKAS\static.funnygames.nl" not found "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 09/04/2016 at 13:10:26,84 ======================