Zoek.exe v5.0.0.0 Updated 19-February-2014 Tool run by Eigenaar on vr 28/02/2014 at 17:34:35,07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eigenaar\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28/02/2014 17:37:41 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\GrabRez deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Eigenaar\AppData\Roaming\TP deleted successfully C:\Users\Eigenaar\AppData\Local\Adobe deleted successfully C:\Users\Eigenaar\AppData\Local\cache deleted successfully C:\Users\Eigenaar\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30f06672-0e95-41a9-80cb-dee386af99ad} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30f06672-0e95-41a9-80cb-dee386af99ad} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5bc83983-5708-4ac5-b263-59bbfaf85a86} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5bc83983-5708-4ac5-b263-59bbfaf85a86} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9fea7743-7c8b-4d4d-9b54-a088eb853287} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9fea7743-7c8b-4d4d-9b54-a088eb853287} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a8a0b3b-eeb7-4e90-b359-3e01b2c15e82} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a8a0b3b-eeb7-4e90-b359-3e01b2c15e82} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Internet Explorer\SearchScopes\{94bd6970-1a83-41dc-9be5-bf50b3d0238f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{261c67f2-64cd-4696-9821-612409b649d5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30f06672-0e95-41a9-80cb-dee386af99ad} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5bc83983-5708-4ac5-b263-59bbfaf85a86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5bc83983-5708-4ac5-b263-59bbfaf85a86} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9fea7743-7c8b-4d4d-9b54-a088eb853287} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fea7743-7c8b-4d4d-9b54-a088eb853287} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4a8a0b3b-eeb7-4e90-b359-3e01b2c15e82} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{261c67f2-64cd-4696-9821-612409b649d5} deleted successfully HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4a8a0b3b-eeb7-4e90-b359-3e01b2c15e82} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{4a8a0b3b-eeb7-4e90-b359-3e01b2c15e82} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrmon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\AsScrPro.exe C:\Windows\WebCam\S6000\S6000Mnt.exe C:\Users\Eigenaar\AppData\Local\CrossLoop\CrossLoopService.exe C:\PROGRA~2\MYIMAG~2\bar\1.bin\8jbarsvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\outobox\updateoutobox.exe C:\Users\Eigenaar\AppData\Local\Lollipop\Lollipop.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files (x86)\outobox\bin\utiloutobox.exe C:\ExpressGateUtil\VAWinService.exe C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Users\Eigenaar\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyImageConverter_8jService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MyImageConverter_8jService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util outobox deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30f06672-0e95-41a9-80cb-dee386af99ad}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5bc83983-5708-4ac5-b263-59bbfaf85a86}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fea7743-7c8b-4d4d-9b54-a088eb853287}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MyImageConverter Home Page Guard 64 bit"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AVG-Secure-Search-Update_1213b"=- "NextLive"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "MyImageConverter EPM Support"=- "MyImageConverter Search Scope Monitor"=- "MyImageConverter_8j Browser Plugin Loader"=- "MyImageConverter_8j Browser Plugin Loader 64"=- "mobilegeni daemon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Mobogenie not found C:\Program Files (x86)\GrabRez not found C:\Users\Eigenaar\AppData\Roaming\newnext.me deleted C:\Program Files (x86)\The weDownload Manager deleted C:\Users\Eigenaar\AppData\Local\genienext deleted C:\Users\Eigenaar\daemonprocess.txt deleted C:\Users\Eigenaar\.android deleted C:\PROGRA~2\SearchProtect deleted C:\PROGRA~3\Package Cache deleted C:\Users\Eigenaar\AppData\Local\SearchProtect deleted C:\Users\Eigenaar\AppData\Local\Mobogenie deleted C:\Users\Eigenaar\AppData\Local\SwvUpdater deleted C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk deleted C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lollipop.lnk deleted C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk deleted C:\Users\Eigenaar\AppData\LocalLow\IAC deleted C:\Windows\tasks\AmiUpdXp.job deleted C:\windows\SysNative\tasks\AmiUpdXp deleted C:\windows\SysNative\tasks\The weDownload Manager-codedownloader deleted C:\windows\SysNative\tasks\The weDownload Manager-enabler deleted C:\windows\SysNative\tasks\The weDownload Manager-firefoxinstaller deleted C:\windows\SysNative\tasks\The weDownload Manager-updater deleted C:\Windows\tasks\The weDownload Manager-codedownloader.job deleted C:\Windows\tasks\The weDownload Manager-enabler.job deleted C:\Windows\tasks\The weDownload Manager-firefoxinstaller.job deleted C:\Windows\tasks\The weDownload Manager-updater.job deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Eigenaar\Documents\Mobogenie deleted C:\Users\Eigenaar\Desktop\MyPC Backup.lnk deleted "C:\Program Files (x86)\outobox\updateoutobox.exe" deleted "C:\Program Files (x86)\MyPC Backup\AWSSDK.dll" deleted "C:\Program Files (x86)\MyPC Backup\GetText.dll" deleted "C:\Program Files (x86)\MyPC Backup\MPCBClient.dll" deleted "C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe" deleted "C:\Program Files (x86)\MyPC Backup\Shared Stack.dll" deleted "C:\Users\Eigenaar\AppData\Local\Lollipop\lollipop.dat" deleted "C:\Users\Eigenaar\AppData\Local\Lollipop\Lollipop.exe" deleted "C:\PROGRA~2\MyPC Backup\AWSSDK.dll" deleted "C:\PROGRA~2\MyPC Backup\GetText.dll" deleted "C:\PROGRA~2\MyPC Backup\MPCBClient.dll" deleted "C:\PROGRA~2\MyPC Backup\MyPC Backup.exe" deleted "C:\PROGRA~2\MyPC Backup\Shared Stack.dll" deleted "C:\Users\Eigenaar\AppData\Local\Lollipop\lollipop.dat" deleted "C:\Users\Eigenaar\AppData\Local\Lollipop\Lollipop.exe" deleted "C:\PROGRA~2\outobox\updateoutobox.exe" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jauxstb64.dll" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrmon.exe" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrmon64.exe" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrstub.dll" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrstub64.dll" not deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jdlghk64.dll" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\AppIntegrator64.exe" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\Hpg64.dll" deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\T8RES.DLL" deleted "C:\Program Files (x86)\outobox\bin\utiloutobox.exe" deleted "C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db" not deleted "C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not deleted "C:\PROGRA~2\MyPC Backup\x64\System.Data.SQLite.dll" deleted "C:\PROGRA~2\outobox\bin\utiloutobox.exe" deleted "C:\Program Files (x86)\MyImageConverter_8j" not deleted "C:\Program Files (x86)\SaveSense" deleted "C:\Program Files (x86)\outobox" not deleted "C:\Program Files (x86)\MyPC Backup" not deleted "C:\Users\Eigenaar\AppData\Local\Lollipop" deleted "C:\PROGRA~2\SaveSense" deleted "C:\PROGRA~2\MyPC Backup" not deleted "C:\PROGRA~2\SaveSense" deleted "C:\Users\Eigenaar\AppData\Local\Lollipop" deleted "C:\PROGRA~2\outobox" not deleted "C:\Program Files (x86)\MyImageConverter_8j\bar" not deleted "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin" not deleted "C:\Program Files (x86)\outobox\bin" not deleted "C:\Program Files (x86)\MyPC Backup\Database" not deleted "C:\Program Files (x86)\MyPC Backup\x64" not deleted "C:\PROGRA~2\MyPC Backup\Database" not deleted "C:\PROGRA~2\MyPC Backup\x64" not deleted "C:\PROGRA~2\outobox\bin" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 6055 MB CPU Info: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz CPU Speed: 2218,5 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 | NVIDIA GeForce GT 630M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) | Bluetooth Device (Personal Area Network) | Atheros AR9002WB-1NG Wireless Network Adapter CD / DVD Drives: 2x (D: | E: | ) D: SlimtypeDVD A DS8A5SH | E: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 673,6GB | Q: 0,0MB Hard Disks - Free: C: 541,8GB | Q: 0,0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 11/30/11 | _ASUS_ - 6222004 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. N73SM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated) Default Browser: Google Chrome 33.0.1750.117 Internet Explorer Version: 11.0.9600.16518 Google Chrome version: 33.0.1750.117 Sun Java version: 1.7.0_51 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-02-20 16:20:17 087C2CF148128EB5C2DA20239500F343 98304 ----a-w- C:\Windows\system32CmdLineExt.dll ====== C:\Users\Eigenaar\AppData\Local\Temp ==== 2014-02-27 21:45:37 28E25F4A41FF7F65F57435ABD858C7BA 25624576 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\Skype.msi 2014-02-27 00:11:42 F187520D360CFD19EF643DBE234D7265 3239696 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\CNC4LauncherUpdate.exe 2014-02-26 13:33:19 FFA0A463D9F735C9F59466C0A9C754CA 1845760 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\4359.exe 2014-02-26 12:12:16 54A127C33ED258E922A22143A24942A0 6169040 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsi6E5\SpSetup.exe 2014-02-26 12:12:15 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\utt52.tmp.exe 2014-02-26 12:11:10 EE41D894A394E210154FB06E8720324F 391200 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\LollipopInstaller_notifications.exe 2014-02-24 18:35:50 C016C4C32857DAFFE6E3EAEB24939592 6177744 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsn8186\SpSetup.exe 2014-02-24 18:35:30 FBAE8734F0EBF8574CE559173893AF4F 20266816 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\Mobogenie_Setup_2.1.37_122100041.exe 2014-02-24 18:35:30 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\sp_downloader.exe 2014-02-24 18:35:30 1DF7D011EA59663A8C37CBBBC6A8019C 6772048 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\1392371628_the_wedownload_manager.exe 2014-02-24 18:35:29 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\pcspeedup.exe 2014-02-24 17:56:27 1B6F552D7C46272FAD4A9B72DD7EB01D 331264 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\setup__6272.exe 2014-02-24 17:56:12 C016C4C32857DAFFE6E3EAEB24939592 6177744 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsd3402\SpSetup.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsy17B8.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nst35C7.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsj37FA.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsd19FA.exe 2014-02-21 15:05:42 84A4F09ECCAD977271AF0B1326DACD23 1183792 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\DM_Y73umbQa8R\DownloadManager.exe 2014-02-20 16:21:10 1BC225E0C1C2F54CC877B654CCF04684 202240 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\patchw32.dll 2014-02-20 16:20:20 F9451DC16E9802578FB1A6BBD3937A1F 212992 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\drm_dyndata_7290008.dll ====== Java Cache ===== 2014-02-18 13:21:10 D9C5D09D8EF3662A953D5AFF0735A801 1417626 ----a-w- C:\Users\Eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\199dc4a0-1a53e652 2014-02-18 13:21:12 A28FAC5A112EF654F115229AE74E65B3 22531 ----a-w- C:\Users\Eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2fb889a6-7edee883 2014-02-18 13:26:57 57750963E06F17D3A58E66DF2154F9D7 84047 ----a-w- C:\Users\Eigenaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\46487aaa-5ee7a872 2014-02-19 18:20:05 86C47CA21A599230CA54E8F5EBDB6A07 124 ----a-w- C:\Users\Eigenaar\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\7\6619ee07-269fbe14 ====== C:\Windows\SysWOW64 ===== 2014-02-19 00:55:11 3D485254E43EF4E4F707346B5731EA9A 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-02-19 00:54:13 B8F28AAC003060E3B125D2447CFC19E2 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-02-19 00:54:13 B5B3334F177CED627C2D7FE38235B6B1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-02-19 00:54:12 85AC8EB265EDCAD86D651D45C5E3AB83 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-02-19 00:54:11 C9D1131E2163CE932DF3EAAF0EEA3673 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-02-19 00:54:11 7D6B20C69CC8EECB8F31D4FAF913BBE8 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-02-19 00:54:11 6A06EB11F1E5BDAA795DAE7838F9FE20 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-02-19 00:54:11 408805B8083896DC95E6340F4016BEBD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-02-19 00:54:11 260D6B421E5551E8BA75D16B5CA90D9A 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-19 00:54:11 0E7B7C9F483300F9FF97C6A1E4BC4F57 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-02-19 00:54:10 5DD49C02D059C1E6E47A8FB4A076C9B1 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-02-19 00:54:10 34CBED7698D557DDB43F8732FBC2ACB9 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-02-19 00:54:10 0F739443669F3A48F1B2325995117BFE 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-02-19 00:54:09 9C89246184979A070B0C6CCF61C68136 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-02-19 00:54:09 5D9DC6332A4FC66388B09BBE7CF53750 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-02-19 00:54:09 40E68599FE3A10F816217D3789FCE74E 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-02-19 00:54:08 79FA7D8B488F90EDE325963379A6F738 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-02-19 00:54:07 C863E5A2417DF0F2A31ED32C3B2CB23F 17103872 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-02-19 00:54:07 99280392987A1A96C756A9F38C4CE396 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-02-18 13:03:42 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\SysWOW64\locale.nls 2014-02-18 13:03:39 E4561704CBFA193761743E5AF746C669 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-02-18 13:03:39 17B06F23237FCD731FA2E10ECD6EDFE1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-02-18 13:03:28 E01D2AC63453534DB8AD1EA97DEE9C3A 594944 ----a-w- C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-18 13:03:28 BBCE3E9E74C7CEA47FA4115B360AC2C6 423936 ----a-w- C:\Windows\SysWOW64\secproc_isv.dll 2014-02-18 13:03:28 6142C5540C8D2764D59CBC11AF4A5900 572416 ----a-w- C:\Windows\SysWOW64\RMActivate.exe 2014-02-18 13:03:28 0F5FEF37588AF457E02125674F171A4F 508928 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-18 13:03:28 08D323750350A8A29611D1004C0CF319 510976 ----a-w- C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-18 13:03:27 9158DBE2F8483434FC72F320690C9DB8 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-18 13:03:27 7FA485555BF802FE3DB5598004DBDFAC 390144 ----a-w- C:\Windows\SysWOW64\msdrm.dll 2014-02-18 13:03:27 58712A48D31B40EBCB35B47205F87771 87040 ----a-w- C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-18 13:03:27 12A9F24DC9F465DA79AC2272D829A81E 428032 ----a-w- C:\Windows\SysWOW64\secproc.dll 2014-02-18 13:03:26 D96106CF60505734B14F6AE80AAA4B07 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2014-02-18 13:03:26 14800BD31701A5047AC3145BB1E698AE 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-02-19 00:55:11 F67C7D80745379DC4C5332EFFE5AC696 548864 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-02-19 00:54:13 94C59DD02BC7EA0E421055B9946CA861 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-02-19 00:54:13 1D1D7F52EC84294859642A4309FE648E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-02-19 00:54:12 FD08F8BA2437A85F500EFFE3FD3158A6 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-02-19 00:54:12 63B5E990896BA81D604032A48CC80A5C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-02-19 00:54:12 27516B54E116D5EF8B0129B5C829A87C 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-02-19 00:54:11 FCFAEDF0AA1A78A1875FDB798598408B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-02-19 00:54:11 E77092C38028EB0A5C461B3436E0A6D5 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-02-19 00:54:11 E129D34089E70215B65EA611F802FA9A 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-02-19 00:54:11 CDE728C8FB1D6E132CED44835FA44C87 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-02-19 00:54:11 C1E2C16D58D76323800C3EE5E2C5095A 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-02-19 00:54:11 99ED8FBAFD325550D07A32664D9E3CC8 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-02-19 00:54:11 338415F2E9A188875B6E43B5269620B0 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-02-19 00:54:10 F348B2D0983C91392632B4291C517AA4 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-02-19 00:54:10 D016F5092E4FFC41147E8555A71D2DDE 23170048 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-02-19 00:54:10 3906C9640406FC0FC00A324947C74893 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-02-19 00:54:09 83296DE8CFFEADA636DCC1AB2E3BF643 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-02-19 00:54:09 6300AD525D639CECBB3D144B6D7B30F9 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-02-19 00:54:09 263B6E451526A90FF8B1CEC759F22956 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-02-19 00:54:09 22874047B810B5B174C68ACD7C0B6510 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-02-19 00:54:08 DB02F4D37E5F7F07A0D0F9FAA68249EE 13051392 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-02-19 00:54:07 5922EEA922D3AD686342F866CAEE851F 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-02-18 13:03:42 EA093130471090037BB70A4AF86FAD1B 420008 ----a-w- C:\Windows\Sysnative\locale.nls 2014-02-18 13:03:39 CD2C20CC3B385A32701F78C0ACBBE9F3 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-02-18 13:03:39 0D298133C359AB8CB9EB4FA178BF3947 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-02-18 13:03:28 C6AC2C91541D24F9E236A670C0CA793D 528384 ----a-w- C:\Windows\Sysnative\msdrm.dll 2014-02-18 13:03:28 5693212AB2EBCACBBE05EC3A642113E2 485888 ----a-w- C:\Windows\Sysnative\secproc_isv.dll 2014-02-18 13:03:28 399FC1B75790EE606A6FD9F2FB4C891C 488448 ----a-w- C:\Windows\Sysnative\secproc.dll 2014-02-18 13:03:28 297926B15AE5390409F1007EB28A8EFB 552960 ----a-w- C:\Windows\Sysnative\RMActivate_ssp_isv.exe 2014-02-18 13:03:28 1B3741488AA7E237961A29D1E7A44C0A 626176 ----a-w- C:\Windows\Sysnative\RMActivate.exe 2014-02-18 13:03:28 17CF3B3F68272BD40C878D4DBAB0EBC9 658432 ----a-w- C:\Windows\Sysnative\RMActivate_isv.exe 2014-02-18 13:03:28 03F8F411F118CFDA508E77C747BB05EA 553984 ----a-w- C:\Windows\Sysnative\RMActivate_ssp.exe 2014-02-18 13:03:27 DC6DD779F35BB42E2E76FDFEC565C251 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp_isv.dll 2014-02-18 13:03:27 B41B1FEDEBBD955B4E25676B42087885 123392 ----a-w- C:\Windows\Sysnative\secproc_ssp.dll 2014-02-18 13:03:26 E8710B5DDA963E6BA198DF5FB209E72A 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2014-02-18 13:03:26 C676E5EA388AF7C4C031F56F9B42E362 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll ====== C:\Windows\Sysnative\drivers ===== 2014-02-20 16:06:51 E2CA2BC3B16BDA6E6F80F54C88486877 283064 ----a-w- C:\Windows\Sysnative\drivers\dtsoftbus01.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-27 13:37:15 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-02-27 21:45:59 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-02-27 21:45:59 -------- d-----r- C:\PROGRA~2\Skype 2014-02-26 15:08:05 -------- d--h--w- C:\PROGRA~2\COMMON~1\EAInstaller 2014-02-26 15:08:03 -------- d-----w- C:\PROGRA~2\WestwoodOnline 2014-02-26 15:07:58 -------- d-----w- C:\PROGRA~2\WestwoodChat 2014-02-26 13:47:33 -------- d-----w- C:\PROGRA~2\Origin Games 2014-02-26 13:33:46 -------- d-----w- C:\PROGRA~2\Free Games 115 2014-02-26 13:33:36 -------- d-----w- C:\PROGRA~2\Origin 2014-02-26 12:30:14 -------- d-----w- C:\PROGRA~2\Renegade X 2014-02-20 16:13:16 -------- d-----w- C:\PROGRA~2\Electronic Arts 2014-02-20 16:06:44 -------- d-----w- C:\PROGRA~2\DAEMON Tools Pro ======= C: ===== ====== C:\Users\Eigenaar\AppData\Roaming ====== 2014-02-28 16:20:41 -------- d-----r- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-02-27 22:08:52 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\NVIDIA 2014-02-27 21:46:08 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Skype 2014-02-27 21:46:05 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Skype 2014-02-27 00:32:43 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Command and Conquer 4 2014-02-27 00:32:41 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Electronic_Arts_Inc 2014-02-26 16:15:26 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Command and Conquer 3 Kanes Wrath 2014-02-26 16:12:02 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\FLEXnet 2014-02-26 16:11:59 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Nuance 2014-02-26 16:11:40 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Zeon 2014-02-26 13:34:26 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Origin 2014-02-26 13:34:24 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Origin 2014-02-26 12:31:41 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renegade X 2014-02-26 12:11:20 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\uTorrent 2014-02-24 18:36:28 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan 2014-02-24 18:36:28 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\QuickScan 2014-02-20 16:23:28 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\Command & Conquer 3 Tiberium Wars 2014-02-20 16:20:20 -------- d--h--r- C:\Users\Eigenaar\AppData\Roaming\SecuROM 2014-02-20 16:06:47 -------- d-----w- C:\Users\Eigenaar\AppData\Roaming\DAEMON Tools Pro 2014-02-03 23:10:07 -------- d-----w- C:\Users\Eigenaar\AppData\Local\Diagnostics ====== C:\Users\Eigenaar ====== 2014-02-27 21:45:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-02-27 21:45:56 -------- d-----w- C:\ProgramData\Skype 2014-02-27 21:45:19 EA5134AB3B6E787EEEAE9DFD38DF259B 1678496 ----a-w- C:\Users\Eigenaar\Downloads\SkypeSetup.exe 2014-02-26 15:08:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online 2014-02-26 15:07:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Chat 2014-02-26 13:33:38 -------- d-----w- C:\ProgramData\Origin 2014-02-26 13:33:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-02-26 13:33:37 -------- d-----w- C:\ProgramData\Electronic Arts 2014-02-20 16:08:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro 2014-02-20 16:05:55 -------- d-----w- C:\ProgramData\DAEMON Tools Pro ====== C: exe-files == 2014-02-28 16:27:00 AC805F656AF5C1652855B6046A083ED2 16133984 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.0.202\deploy\League of Legends.exe 2014-02-27 21:45:19 EA5134AB3B6E787EEEAE9DFD38DF259B 1678496 ----a-w- C:\Users\Eigenaar\Downloads\SkypeSetup.exe 2014-02-27 13:37:15 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Eigenaar.exe 2014-02-27 13:36:52 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3WRAYH8\RSITx64.exe 2014-02-27 13:36:24 AAD294DAE3A1B2F6F05220832419E720 369896 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005871\updatus.17944800_RUNASUSER.exe 2014-02-27 00:47:00 F01125B503F680BCF5A65715C51B7608 35221144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes 2\RelicCoH2.exe 2014-02-27 00:47:00 D97170044D1B19514B961AFF2CFB1044 1222144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes 2\Archive.exe 2014-02-27 00:47:00 6CDFB07ACD92F94FECE0B957938C7811 27058176 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Company of Heroes 2\WorldBuilder_CoH_2.exe 2014-02-27 00:25:00 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer Red Alert 3\Cleanup.exe 2014-02-27 00:11:42 F187520D360CFD19EF643DBE234D7265 3239696 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\CNC4LauncherUpdate.exe 2014-02-26 19:29:58 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command Conquer 4 Tiberian Twilight\Cleanup.exe 2014-02-26 19:28:12 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer Generals Zero Hour\Cleanup.exe 2014-02-26 19:26:16 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer Tiberian Sun\Cleanup.exe 2014-02-26 19:16:51 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer Red Alert\Cleanup.exe 2014-02-26 19:14:08 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Renegade\Cleanup.exe 2014-02-26 19:04:33 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer Red Alert II\Cleanup.exe 2014-02-26 16:13:00 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer 3 TW and KW\Cleanup.exe 2014-02-26 15:28:15 2A5753E3566F88E00F9DD45FA73BA049 565128 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Command and Conquer The Ultimate Collection Additional Content\Cleanup.exe 2014-02-26 15:08:06 9E61CADCCD0F086D18A3DF52A10D9E2D 567176 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\CNC and The Covert Operations\Cleanup.exe 2014-02-26 13:47:03 30E18A4BF47EAD2BBFBAA8D38AE16D8A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2222989199-4271063845-2366573013-1001\$IAGI2R5.exe 2014-02-26 13:34:04 FB0F8E9F57435D47372E8366DAFE0EB2 14176 ----a-w- C:\Program Files (x86)\Origin\igoproxy64.exe 2014-02-26 13:34:04 B38C17D32F4F0A32174EBEA7E9D8F9C5 531312 ----a-w- C:\Program Files (x86)\Origin\OriginCrashReporter.exe 2014-02-26 13:34:04 B0B261B243EB53D6080AF9554DF9642C 8886104 ----a-w- C:\Program Files (x86)\Origin\OriginER.exe 2014-02-26 13:34:04 AE0E4BCF38C683CAF3468FA6476D717F 1219952 ----a-w- C:\Program Files (x86)\Origin\OriginClientService.exe 2014-02-26 13:34:03 F920621A848115ADE15E7F0922130401 96632 ----a-w- C:\Program Files (x86)\Origin\legacyPM\EACoreServer.exe 2014-02-26 13:34:03 F2C037BE90E479A72FBDBC34BF7A1647 1628032 ----a-w- C:\Program Files (x86)\Origin\legacyPM\EAProxyInstaller.exe 2014-02-26 13:34:03 7F94D00603AC062768B31EDB41C3DB6A 830832 ----a-w- C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe 2014-02-26 13:34:03 736DFBE85CE56FF569E9B2B626FE4B76 471416 ----a-w- C:\Program Files (x86)\Origin\legacyPM\PatchProgress.exe 2014-02-26 13:34:03 56AD75E5527EA5F36203CE79C54664E4 1332648 ----a-w- C:\Program Files (x86)\Origin\legacyPM\OriginUninstall.exe 2014-02-26 13:34:03 459825F17783BFC987ACCFB7AABAABA3 402800 ----a-w- C:\Program Files (x86)\Origin\legacyPM\MessageDlg.exe 2014-02-26 13:34:03 32AD50DBC71EA7DF0128CC8F4C1C4C31 1632616 ----a-w- C:\Program Files (x86)\Origin\EAProxyInstaller.exe 2014-02-26 13:33:19 FFA0A463D9F735C9F59466C0A9C754CA 1845760 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\4359.exe 2014-02-26 13:33:19 F0BC5A32CA2FC7E0C98268FAA1C138E7 11818720 ----a-w- C:\$Recycle.Bin\S-1-5-21-2222989199-4271063845-2366573013-1001\$RAGI2R5.exe 2014-02-26 12:31:41 059230E708D3EC43EDA72D0948413F3A 162072 ----a-w- C:\Program Files (x86)\Renegade X\Uninstall-Renegade X.exe 2014-02-26 12:12:26 923DE81FEE5257055E645AE9236B91D9 1307736 ----a-w- C:\Users\Eigenaar\AppData\Roaming\uTorrent\updates\3.3.2_30488.exe 2014-02-26 12:12:17 54A127C33ED258E922A22143A24942A0 6169040 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUQQEOI\SPSetup[1].exe 2014-02-26 12:12:16 AE49F50009008338A6109E5EFD3A77C1 124048 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2F0OA19\spstub[1].exe 2014-02-26 12:12:16 54A127C33ED258E922A22143A24942A0 6169040 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsi6E5\SpSetup.exe 2014-02-26 12:12:15 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\utt52.tmp.exe 2014-02-26 12:12:12 923DE81FEE5257055E645AE9236B91D9 1307736 ----a-w- C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe 2014-02-26 12:11:10 EE41D894A394E210154FB06E8720324F 391200 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\LollipopInstaller_notifications.exe 2014-02-25 05:29:58 69FCFBEC48C987B26612E58E50B47ED0 197120 ----a-w- C:\Program Files (x86)\Renegade X\Renegade X.exe 2014-02-24 18:35:50 C016C4C32857DAFFE6E3EAEB24939592 6177744 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsn8186\SpSetup.exe 2014-02-24 18:35:50 C016C4C32857DAFFE6E3EAEB24939592 6177744 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJMI3XZS\SPSetup[1].exe 2014-02-24 18:35:30 FBAE8734F0EBF8574CE559173893AF4F 20266816 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\Mobogenie_Setup_2.1.37_122100041.exe 2014-02-24 18:35:30 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\sp_downloader.exe 2014-02-24 18:35:30 1DF7D011EA59663A8C37CBBBC6A8019C 6772048 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\1392371628_the_wedownload_manager.exe 2014-02-24 18:35:29 715652A32ED8ABB89492445A38FC20D0 5484016 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\pcspeedup.exe 2014-02-24 17:57:19 F499DE640B2476E3D077569D86311B0F 57024 ----a-w- C:\Program Files (x86)\Steam\bin\x86launcher.exe 2014-02-24 17:56:27 1B6F552D7C46272FAD4A9B72DD7EB01D 331264 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\setup__6272.exe 2014-02-24 17:56:12 C016C4C32857DAFFE6E3EAEB24939592 6177744 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsd3402\SpSetup.exe 2014-02-24 17:56:10 9FB9D49C2DB7EDD1084AB765D619F5C6 66368 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SAUQQEOI\sp-downloader[1].exe 2014-02-24 17:56:04 0D9C8BDD15F6C01F34E58AFD22511EE9 2807800 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2F0OA19\Setup[1].exe 2014-02-24 17:55:29 8F28BB59B59B75BA5B8EE16FB7C84FC2 284184 ----a-w- C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2F0OA19\torntvdownloader4[1].exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsy17B8.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nst35C7.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsj37FA.exe 2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Users\Eigenaar\AppData\Local\Temp\nsd19FA.exe 2014-02-24 13:48:35 468A101DDD8C3C16C4AE9453569D5D7B 369240 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00005855\updatus.17919999_RUNASUSER.exe 2014-02-21 16:48:10 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2222989199-4271063845-2366573013-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "SonicMasterTray"="C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" "FLxHCIm64"="C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" "S6000Mnt"="C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "VAWinAgent"="C:\ExpressGateUtil\VAWinAgent.exe" "RemoteControl10"="C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" "UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "uTorrent"="C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 " "AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2011-10-19 04:34:37 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk 2013-12-27 22:23:25 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [21/02/2014 17:47] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/01/2014 16:28] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Patch 10430001" [C:\Windows\AsPatch10430001.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fjpdnoojnohifgekbkmnfbiobhcbedka - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx[] Google Docs - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SaveSense - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeiiacdhfmpdeckdaifnjaemmkkdlkf outobox - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka Google Wallet - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjpdnoojnohifgekbkmnfbiobhcbedka_0.localstorage deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjpdnoojnohifgekbkmnfbiobhcbedka_0.localstorage-journal deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeiiacdhfmpdeckdaifnjaemmkkdlkf deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_doeiiacdhfmpdeckdaifnjaemmkkdlkf_0.localstorage deleted successfully C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_doeiiacdhfmpdeckdaifnjaemmkkdlkf_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trovigo.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD7B98BBA-5779-42DC-A9EE-4688F6C04644&SSPV=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trovigo.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD7B98BBA-5779-42DC-A9EE-4688F6C04644&SSPV=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="http://search.conduit.com/Results.aspx?ctid=CT3324758&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD7B98BBA-5779-42DC-A9EE-4688F6C04644&q={searchTerms}&SSPV=" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" O4 - HKLM\..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Eigenaar\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Eigenaar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\Eigenaar\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2222989199-4271063845-2366573013-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2222989199-4271063845-2366573013-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: FancyStart daemon.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\Eigenaar\AppData\Local\CrossLoop\CrossLoopService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Eigenaar\AppData\Local\CrossLoop\tvnserver.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1656 folders=206 232418727 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eigenaar\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Eigenaar\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\MyImageConverter_8j\bar\1.bin\8jbrstub64.dll" not found "C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db" not found "C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not found "C:\Program Files (x86)\MyImageConverter_8j" not found "C:\Program Files (x86)\outobox" not found "C:\Program Files (x86)\MyPC Backup" not found "C:\PROGRA~2\MyPC Backup" not found "C:\PROGRA~2\outobox" not found ==== EOF on vr 28/02/2014 at 17:56:05,64 ======================