Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by nel on do 01-05-2014 at 10:38:48,57. Microsoft Windows 7 Home Premium 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\nel\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 1-5-2014 10:40:50 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Babylon deleted successfully C:\Users\Administrator\AppData\Roaming\Adobe deleted successfully C:\Users\Gast\AppData\Roaming\Google deleted successfully C:\Users\nel\AppData\Roaming\PerformerSoft deleted successfully C:\Users\nel\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully C:\Users\nel\AppData\Local\Sony Corporation deleted successfully C:\Users\nel\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45564571-A21B-48ED-B584-69752EEE9C3D} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{45564571-A21B-48ED-B584-69752EEE9C3D} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{45564571-A21B-48ED-B584-69752EEE9C3D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45564571-A21B-48ED-B584-69752EEE9C3D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\nel\AppData\Roaming\Spotify\spotify.exe C:\Users\nel\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Users\nel\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.0.5 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45564571-A21B-48ED-B584-69752EEE9C3D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\SpeedAnalysis.com deleted C:\Program Files (x86)\StartNow Toolbar deleted C:\Program Files (x86)\IncrediMail_MediaBar_Nederlands_2 deleted C:\PROGRA~3\eSellerate deleted C:\PROGRA~2\Mysearchdial deleted C:\PROGRA~2\Maps4PC_0cEI deleted C:\PROGRA~2\Allin1Convert_8hEI deleted C:\PROGRA~2\Conduit deleted C:\Users\nel\AppData\Roaming\Uniblue deleted C:\Users\nel\AppData\Roaming\speedanalysis.ico deleted C:\Users\nel\AppData\Roaming\SpeedanAlysis deleted C:\Users\nel\AppData\Roaming\StartNow Toolbar deleted C:\Users\nel\AppData\Roaming\mysearchdial deleted C:\Users\nel\AppData\Roaming\Babylon deleted C:\Users\nel\AppData\Roaming\File Scout deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\IBUpdaterService deleted C:\PROGRA~3\AVG Secure Search deleted C:\Users\Gast\AppData\Local\AVG Secure Search deleted C:\Users\nel\AppData\Local\AVG Secure Search deleted C:\Users\nel\AppData\Local\Babylon deleted C:\Users\nel\AppData\Local\Conduit deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\MySearchDial deleted C:\Windows\Tasks\MySearchDial.job deleted C:\Users\Gast\AppData\LocalLow\AVG Secure Search deleted C:\Users\Gast\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2 deleted C:\Users\Gast\AppData\LocalLow\MySearchDial deleted C:\Users\Gast\AppData\LocalLow\PriceGong deleted C:\Users\Gast\AppData\LocalLow\Conduit deleted C:\Users\nel\AppData\LocalLow\AVG Secure Search deleted C:\Users\nel\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2 deleted C:\Users\nel\AppData\LocalLow\MySearchDial deleted C:\Users\nel\AppData\LocalLow\Allin1Convert_8hEI deleted C:\Users\nel\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\Users\nel\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com deleted "C:\Windows\tasks\RegistryBooster.job" deleted "C:\Users\nel\AppData\Roaming\FxDrCl\backup.bin" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.0.5\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll" deleted "C:\Users\nel\AppData\Roaming\FxDrCl" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.0.5" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.0.5" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600) Memory (RAM): 3951 MB CPU Info: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz CPU Speed: 1993,3 MHz Sound Card: luidspreker/Hoofdtelefoon (Real | Display Adapters: ATI Mobility Radeon HD 5470 | ATI Mobility Radeon HD 5470 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1360 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth-apparaat (Personal Area Network) | Intel(R) WiFi Link 1000 BGN | Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8A0AS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 284,6GB Hard Disks - Free: C: 230,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/23/09 | Sony - 20100817 Time Zone: West-Europa (standaardtijd) Motherboard *: Sony Corporation VAIO Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: AVG Anti-Virus Free Edition 2012 On-access scanning disabled (Outdated) Anti-Spyware: AVG Anti-Virus Free Edition 2012 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: AVG Internet Security 2012 disabled Default Browser: Google Chrome 34.0.1847.131 Internet Explorer version: 8.0.7600.16385 Google Chrome version: 34.0.1847.131 Adobe Reader version: 11.0.06.70 Sun Java version: 1.6.0_20 (32-bit) Sun Java version: 1.7.0_55 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\nel\AppData\Local\Temp ==== ====== Java Cache ===== 2014-04-28 12:59:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\nel\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-369d3681 ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-05-01 08:36:00 0DED6DD34EC2877C72CC32624060019F 313256 ----a-w- C:\Windows\Sysnative\javaws.exe 2014-05-01 08:35:54 176539F1D21C78D78D8C468413CFAF5A 108968 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll ====== C:\Windows\Sysnative\drivers ===== 2014-04-29 17:37:00 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-29 17:36:47 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-04-29 17:36:47 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-29 17:36:47 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-04-25 07:42:09 175A9ED9509C54544CF409E0308AEECF 61112 ----a-w- C:\Windows\Sysnative\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw64.sys ====== C:\Windows\Tasks ====== 2014-04-28 08:42:11 D748C5F2D5F257F0FCFE99569810F235 3090 ----a-w- C:\Windows\Sysnative\Tasks\Dr. CleanUp ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-30 19:26:44 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\nel\AppData\Roaming ====== 2014-04-24 20:13:53 -------- d-----w- C:\Users\Gast\AppData\Roaming\Adobe 2014-04-24 20:13:33 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-04-24 20:12:41 -------- d-----w- C:\Users\Gast\AppData\Roaming\AVG2012 ====== C:\Users\nel ====== 2014-05-01 08:35:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-01 08:34:28 FABE68449854D735914FF8693F1D5A79 30818216 ----a-w- C:\Users\nel\Downloads\jre-7u55-windows-x64.exe ====== C: exe-files == 2014-05-01 08:36:00 0DED6DD34EC2877C72CC32624060019F 313256 ----a-w- C:\Windows\System32\javaws.exe 2014-05-01 08:35:45 F8EBBD21A45D341D2AF07F2A59C825C5 67496 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-05-01 08:35:45 F078C7073A963D84FC319997D8386D6C 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-05-01 08:35:45 EB01E2AB90C1B8966ED27A6AD57D5BCA 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-05-01 08:35:45 E40BC8FA0DBFFD3EC30BEA8B749E76E9 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-05-01 08:35:45 D8FD9179D2D17E3C2A18EA5D7BBEBC3B 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-05-01 08:35:45 C5056FD65E6086D9BD58FDD3E274AB84 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-05-01 08:35:45 A6496B634E8FE818EC7DD7AA9874F4EA 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-05-01 08:35:45 A4E1EEBB47600B739B1D0607863518A0 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-05-01 08:35:45 A216FC449DC406900F8697B226BCFACF 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-05-01 08:35:45 9917CC2B86CA82075055613D5AE9B345 64424 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-05-01 08:35:45 783462534C278C9FA4694A17FDF7DBE0 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-05-01 08:35:45 43A6E47AD95C0D91CDB53BC9C630486C 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-05-01 08:35:45 3E5EA12528ADC5751DC3D5F1538DEE75 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-05-01 08:35:45 311E63E962260513F1AB94279FF95C01 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-05-01 08:35:45 1BE176196260BA1B9FCBCBC06EAE06B6 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-05-01 08:35:45 0DED6DD34EC2877C72CC32624060019F 313256 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-05-01 08:35:44 3B9695229F272A2757760AC38029F824 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-05-01 08:35:44 363FF136AC2C9A02E310E6A5E98ADFC0 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-05-01 08:35:44 09F986ECEB12E08B57F5F7020258A862 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-05-01 08:35:44 00819230898343926289F603CDB246F2 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-05-01 08:34:28 FABE68449854D735914FF8693F1D5A79 30818216 ----a-w- C:\Users\nel\Downloads\jre-7u55-windows-x64.exe 2014-05-01 08:34:19 FABE68449854D735914FF8693F1D5A79 30818216 ----a-w- C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PAB2X891\jre-7u55-windows-x64[1].exe 2014-04-30 19:26:45 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\nel.exe 2014-04-30 19:26:27 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROG9NP4R\RSITx64[1].exe 2014-04-30 19:26:15 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66I1FETZ\RSITx64[1].exe 2014-04-30 14:01:38 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe === C: other files == 2014-05-01 08:35:45 9B14F61F8FB51C2813B10538C7CF5692 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-04-29 17:37:00 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-29 17:36:47 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-29 17:36:47 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-29 17:36:47 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-25 07:42:09 175A9ED9509C54544CF409E0308AEECF 61112 ----a-w- C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\nel\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Spotify Web Helper"="C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\nel\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="%ProgramFiles%\Apoint\Apoint.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISBMgr.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISBMgr.exe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Sony\\ISB Utility\\ISBMgr.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes' Anti-Malware" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE3 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "item"="Bluetooth" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk" "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe" ==== Startup Folders ====================== 2012-05-25 19:39:10 1314 ----a-w- C:\Users\nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [29-04-2014 19:19] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3414809340-4225588486-415784224-1000Core.job --a------ C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe [19-04-2013 15:16] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3414809340-4225588486-415784224-1000UA.job --a------ C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe [19-04-2013 15:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-08-2010 15:26] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-08-2010 15:26] C:\Windows\tasks\HP Photo Creations Communicator.job --a------ :C:\ProgramData\HP Photo Creations\MessageCheck.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Dr. CleanUp" [C:\Program Files (x86)\DrCleanUp\drCleanup.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3414809340-4225588486-415784224-1000Core" [C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3414809340-4225588486-415784224-1000UA" [C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\MessageCheck.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3000 J310 series" ["C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B8642094-0768-473A-91B3-7C179D8A1E5E}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3" ["%ProgramFiles%\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe"] "C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Daily" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe] "C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Month" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\StartExecuteProxy" ["%programfiles%\Sony\VAIO Gate\ExecutionProxy.exe"] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\VAIO Gate" [C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Logon Start" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Session Change" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Unlock" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool" [C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VAIO Care" ["%ProgramFiles%\Sony\VAIO Care\VCsystray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCOneClick" ["%ProgramFiles%\Sony\VAIO Care\VCOneClick.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update" ["C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair" [C:\Program Files\Sony\VAIO Update\VUSR.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "speedanalysis@SpeedAnalysis.com"="C:\Users\nel\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "speedanalysis@SpeedAnalysis.com"="C:\Users\nel\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cfcbmgbfdbijmjgjihagbomfbjfjmgon - C:\Users\nel\AppData\Roaming\SpeedanAlysis\speedanalysis.crx[] jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[26-07-2012 03:23] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions incfcgceegpikennjoplhfghaaikdgei - C:\Users\nel\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx[] Docs - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AVG Security Toolbar - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Google Wallet - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo SpeedAnalysis.com - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon Google Search - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf StartNow - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei AVG Safe Search - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla AVG Secure Search - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Card number - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://start.mysearchdial.com/?f=1&a=aw0202ie&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0FtAtDyDyD0C0AtByDtCtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1867681948&ir=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://start.mysearchdial.com/?f=1&a=aw0202ie&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0FtAtDyDyD0C0AtByDtCtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1867681948&ir=" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://start.mysearchdial.com/?f=2&a=aw0202ie&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0FtAtDyDyD0C0AtByDtCtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1867681948&ir=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://start.mysearchdial.com/?f=2&a=aw0202ie&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0FtAtDyDyD0C0AtByDtCtN0D0Tzu0SyBzzyEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1867681948&ir=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {7A7013FE-F2AF-4D36-A1F2-A82DF0706D7F} eBay Url="http://rover.ebay.com/rover/1//4?satitle={searchTerms}" {8727F26F-7AF7-48EF-8CA6-1E7C48E7CA05} Zinio Url="http://services.zinio.com/search?s={searchTerms}&rf=sonyslices" {A1FC3E66-D630-414B-94D1-559D6A2F8339} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3414809340-4225588486-415784224-1000\Software\Mozilla\Firefox\Extensions\speedanalysis@SpeedAnalysis.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedanalysis@SpeedAnalysis.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\nel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\nel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\nel\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Facebook Messenger.lnk = nel\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nel\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP.nel-VAIO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\65OI8LFC will be deleted at reboot C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66I1FETZ will be deleted at reboot C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZR5CLGR will be deleted at reboot C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PAB2X891 will be deleted at reboot C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot C:\Users\nel\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\nel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1571 folders=585 244200149 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\nel\AppData\Local\Temp will be emptied at reboot C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\TEMP.nel-VAIO\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\nel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found "C:\Users\nel\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\65OI8LFC" not found "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66I1FETZ" not found "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IZR5CLGR" not found "C:\Users\nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PAB2X891" not found ==== EOF on do 01-05-2014 at 11:03:49,54 ======================