Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by RON12 on di 15-04-2014 at 14:48:04,47. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\RON\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== \zoek-results2013-12-20-112008.log 111 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Users\RON\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\taskeng.exe C:\Users\RON\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Empty Folders Check ====================== C:\Users\RON\AppData\Local\{13492EBB-80F1-43D3-B124-93ABA9904582} deleted successfully C:\Users\RON12\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6c63b7f-2171-47fa-ab34-e64c4737169d} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110311301136} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Installed Programs ====================== Aangifte inkomstenbelasting 2009 Aangifte inkomstenbelasting 2010 Aangifte inkomstenbelasting 2011 Aangifte inkomstenbelasting 2012 Aangifte inkomstenbelasting 2013 Acer Arcade Deluxe Acer Backup Manager Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe Flash Player 12 ActiveX Advertising Center Alice Greenfingers Amazonia ATI Catalyst Install Manager AVG 2014 AVG Security Toolbar Backup Manager Advance Bandicam Bandisoft MPEG-1 Decoder Bing Bar Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP560 series MP Drivers Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Chicken Invaders 2 Corel Applications CyberLink PowerDirector D3DX10 Dairy Dash Dream Day First Home DVD Decrypter (Remove Only) DVD Shrink 3.2 Farm Frenzy 2 Freemake Video Converter versie 4.1.3 Freemake Video Downloader Freemake Youtube Mp3 Converter Gebruikersregistratie voor Canon MP560 series Google Earth Google Toolbar for Internet Explorer Google Update Helper Granny In Paradise Heroes of Hellas Hotkey Utility HP-software voor foto- en beeldbewerking 2.0 - All-in-One HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma Identity Card ImagXpress Intel© Matrix Storage Manager iWisoft Flash SWF to Video Converter 3.4 Junk Mail filter update Merriam Websters Spell Jam Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Corporation Microsoft LifeCam Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ Run Time Lib Setup MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml PDF-Viewer Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver SaveVid Plug-in Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition ShowRoom for PowerPoint Speccy Star Defender 4 Suite swMSM Travelmanager Europe UnderCoverXP 1.23 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.0.7 Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 WinRAR ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.5 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mobilegeni daemon"=- "vProt"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\AVG Security Toolbar deleted C:\ProgramData\AVG Secure Search deleted C:\Program Files (x86)\Mobogenie deleted C:\Users\RON12\AppData\Local\genienext deleted C:\Users\RON12\daemonprocess.txt deleted C:\Users\RON12\.android deleted C:\PROGRA~2\GUT120B.tmp deleted C:\PROGRA~2\GUM120A.tmp deleted C:\PROGRA~2\Savevid deleted C:\Users\RON\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk deleted C:\Users\RON12\AppData\Roaming\newnext.me deleted C:\Users\RON\AppData\Local\AVG Secure Search deleted C:\Users\RON12\AppData\Local\Mobogenie deleted C:\Users\RON12\AppData\Local\cache deleted C:\Users\RON\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Users\RON12\Documents\Mobogenie deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.5\avgdttbx.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.0.5\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search" deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Users\RON12\AppData\Roaming\OpenCandy" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.0.5" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.0.5" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.0.5" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.0.5" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\RON12\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-04-09 05:33:37 CCF19C82F6145E4A467F7CB9AF82026C 17073152 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-04-09 05:33:36 A45A13AAC7777C096A073FF1F4F5A0D5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 05:33:26 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-09 05:33:26 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 05:33:26 76161B9D78A275F8F28DD67436013110 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2014-04-09 05:33:26 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2014-04-09 05:33:26 1F76F7CB3C690ACB985C2FD419383B49 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 05:33:26 1E886E327F37F34CC7465F1605D1F3CD 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-04-09 05:33:37 C3E3EFD320D0000BE6F9CDB00CD6086F 23134208 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-04-09 05:33:36 14257E59C8452DCC38B8D55DEDC6EE0D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-04-09 05:33:26 D2A513EE880D71BDE7F0257F38B9D019 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2014-04-09 05:33:26 74959C718FF4594369645F35B7DF19C4 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2014-04-09 05:33:26 7434E01FBCA3CB86539C39412A31D5E1 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2014-04-09 05:33:26 2A107B611C91CD256466C58C0D776E9D 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2014-04-09 05:33:26 0F090A77E664CB0F70AB8D3B230B760C 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-12 10:36:26 CFD0AABD50BF9BEDF550618E48CF7CB7 49952 ----a-w- C:\Windows\Sysnative\drivers\avgtpx64.sys 2014-04-09 05:33:28 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2014-04-09 05:33:28 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2014-04-09 05:33:28 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2014-04-09 05:33:25 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2014-04-01 19:03:14 BAF6FCBA5370EEC834A3A26037EAED0B 236824 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2014-03-31 14:20:54 F86A506DA0BF61402E19DB8AF0684C9A 274200 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys 2014-03-31 14:06:26 DBFB9BEAE2816FDB4B4EF8C89AFA3DF0 130840 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys 2014-03-27 20:14:26 F6CE2F1B6E890FB5EBC04A11A2E31DC1 192792 ----a-w- C:\Windows\Sysnative\drivers\avgidsha.sys 2014-03-27 20:14:24 2D5E8A35808FDA50274CFD22000DAB53 153368 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys 2014-03-27 20:07:10 B323DE78E0C75F3605C7A200F3CF350F 236824 ----a-w- C:\Windows\Sysnative\drivers\avgldx64.sys 2014-03-27 20:03:16 9C6CD518AE78D532FB33240DE11C765D 32536 ----a-w- C:\Windows\Sysnative\drivers\avgrkx64.sys 2014-03-27 09:47:43 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-04-12 10:35:49 -------- d-----w- C:\PROGRA~2\AVG Secure Search ======= ===== ====== C:\Users\RON12\AppData\Roaming ====== 2014-04-07 20:26:28 -------- d-----w- C:\Users\RON\AppData\Roaming\AVG2014 2014-04-07 20:26:20 -------- d-----w- C:\Users\RON12\AppData\Roaming\AVG2014 2014-04-07 20:26:04 -------- d-----w- C:\Users\RON\AppData\Local\Avg2014 2014-04-07 20:26:03 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014 2014-04-07 20:25:47 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014 2014-04-07 20:25:05 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014 2014-04-07 20:22:58 -------- d-----w- C:\Users\RON12\AppData\Local\Avg2014 ====== C:\Users\RON12 ====== 2014-04-07 20:25:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-04-07 20:25:26 -------- d-----w- C:\ProgramData\AVG2014 2014-04-07 07:38:46 F4BC9F24AB2389F0D18812865157E97A 549426 ----a-w- C:\Users\RON\Desktop\WhyIGotInfected.exe ====== C: exe-files == 2014-04-14 08:54:08 8843FB3B27A50E742D114BB892DCB9B0 305168 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgndisa.exe 2014-04-14 08:52:16 FC589448F13D998F151D11E1D543C614 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe 2014-04-14 08:52:16 F11631852CD9D8C4F6ABFC64F30AE513 6089216 ----a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\update\backup\avgmfapx.exe 2014-04-14 08:52:16 8F9D0265F4CB7674F54D82EA25AE3992 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe 2014-04-14 08:52:16 87C96EE0BFF3AC495CBDC951FA5CE8A0 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe 2014-04-14 08:52:16 1F323C17E6E41653C09A1B8C14ECF794 6089216 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe 2014-04-12 10:35:43 1B2261DC4D131B2C699386D2100A599C 5071896 ----a-w- C:\Windows\Temp\ri_{C3F753B9-394C-433F-8BBA-DCC8C7B6D74B}.exe 2014-04-12 10:31:02 F52D3145E3750077A8F26FF7E81C98CF 7111488 ----a-w- C:\Program Files (x86)\AVG\AVG2014\Notification\Launcher.exe 2014-04-09 14:17:50 A6055AD07E09C83C8DF6AE5D745D06E2 2945040 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe 2014-04-09 05:46:11 AF3F84DE1D713CF4A7403DFCF5B226C7 1268816 ----a-w- C:\Users\RON\AppData\Roaming\uTorrent\updates\3.4.1_30740.exe 2014-04-09 05:33:26 A30AB03E7C837A17AC70E67E63B8E2F6 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2014-04-09 05:33:26 9F3D88540DB73F5213D5044CB50006DF 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2014-04-09 05:33:26 2E1D6624EE2C3F454CADF09DC59E78B0 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe === C: other files == 2014-04-12 10:36:26 CFD0AABD50BF9BEDF550618E48CF7CB7 49952 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2014-04-09 05:33:28 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2014-04-09 05:33:28 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2014-04-09 05:33:28 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2014-04-09 05:33:25 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\RON\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-21-1255420860-2708843325-1920694139-1006\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\RON12\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\RON12\AppData\Roaming\newnext.me\nengine.dll,EntryPoint -m l" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "PlayMovie"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeDeluxeAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecLiveUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Hotkey Utility" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Acer\\Hotkey Utility\\HotkeyUtility.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAAnotif" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LifeCam] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LifeCam" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft LifeCam\\LifeExp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes Anti-Malware (reboot)" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwlDaemon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EgisTec\\MyWinLocker 3\\x86\\mwlDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AVG Security Toolbar Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AVGIDSAgent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\avgwd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Greg_Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAANTMON] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IJPLMSVC] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Nero BackItUp Scheduler 4.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SBSDWSCService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-03-2014 09:14] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2011 17:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11-05-2011 17:19] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{67CF27D5-CE2A-48B9-8B33-0323E9935BFD}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{412762FA-EDD6-4646-9A7B-91549C5D1D83}" [C:\Program Files (x86)\AVG\AVG10\avgui.exe] "C:\Windows\SysNative\tasks\{93018F3F-1C05-4AB2-BC9E-BD0053B6E183}" [C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe] "C:\Windows\SysNative\tasks\{D8C98761-3232-46F2-BD7F-EF7F8868AAF5}" [C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ytfmdownloader@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" [10-06-2013 21:45] ==== Firefox Extensions ====================== ProfilePath: C:\Users\RON\AppData\Roaming\Mozilla\Firefox\Profiles\2i7kio6k.default - Undetermined - C:\Program Files (x86)\AVG\AVG10\Firefox4 ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05-02-2013 03:05] ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07-05-2013 06:12] jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[] ==== Chrome Fix ====================== C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx deleted successfully C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot) deleted successfully ==== HijackThis Entries ====================== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\RON12\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l O4 - HKUS\S-1-5-21-1255420860-2708843325-1920694139-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'RON') O4 - HKUS\S-1-5-21-1255420860-2708843325-1920694139-1000\..\Run: [Spotify Web Helper] "C:\Users\RON\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (User 'RON') O4 - HKUS\S-1-5-21-1255420860-2708843325-1920694139-1000\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'RON') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RON12\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\RON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VDQDAP2 will be deleted at reboot C:\Users\RON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55EDFPJE will be deleted at reboot C:\Users\RON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BYMGMAJ will be deleted at reboot C:\Users\RON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJ01ZF6J will be deleted at reboot C:\Users\RON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKCWY9BY will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=433 folders=118 100415387 bytes) ==== Empty Temp Folders ====================== C:\Users\RON\AppData\Local\Temp will be emptied at reboot C:\Users\RON12\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot