Zoek.exe v5.0.0.0 Updated 05-July-2014 Tool run by V. Bakker on vr 11-07-2014 at 21:07:33,02. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\V. Bakker\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-07-11-190620.log 26961 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1113489120-731346767-463177033-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1113489120-731346767-463177033-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CB6AB573-5458-4A3C-8D1A-74A2FF7727A3} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\Razer\Razer Game Booster\main.exe C:\Program Files (x86)\Mumble\mumble.exe C:\Program Files (x86)\Mumble\mumble-g15-helper.exe C:\Program Files (x86)\Razer\Razer Game Booster\ProcessCapturer.exe C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\V. Bakker\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\V50AE~1.BAK\AppData\Roaming\Mozilla\Firefox\Profiles\jpprlz8q.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_11-07-2014_2115_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Conduit deleted C:\Users\V. Bakker\AppData\Roaming\Babylon deleted C:\PROGRA~3\IBUpdaterService deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\WinterSoft deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\V. Bakker\Searches deleted C:\Users\V. Bakker\Downloads\SoftonicDownloader_voor_pc-wizard (1).exe deleted C:\Users\V. Bakker\Downloads\SoftonicDownloader_voor_pc-wizard.exe deleted C:\Users\V. Bakker\AppData\LocalLow\PriceGong deleted C:\Users\V. Bakker\AppData\LocalLow\Conduit deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\SysWow64\searchplugins deleted C:\WINDOWS\SysWow64\Extensions deleted "C:\Windows\Installer\5981563.msi" deleted "C:\Windows\Installer\7bb90fbe.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 4038 MB CPU Info: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz CPU Speed: 3296,2 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce GT 640 | NVIDIA GeForce GT 640 | NVIDIA GeForce GT 640 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family-controller CD / DVD Drives: 1x (G: | ) G: TSSTcorpCDDVDW SH-216BB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 869,4GB | D: 60,0GB Hard Disks - Free: C: 372,4GB | D: 45,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 11112011 Time Zone: West-Europa (standaardtijd) Motherboard *: mp MS-7797 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Firewall: McAfee Firewall disabled Internet Explorer Version: 11.0.9600.17107 Mozilla Firefox version: 30.0 (x86 nl) Google Chrome version: 35.0.1916.153 Sun Java version: 1.7.0_45 (32-bit) Sun Java version: 1.7.0_25 (64-bit) Flash Player version: 14.0.0.125 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\V50AE~1.BAK\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== ====== C:\WINDOWS\Tasks ====== 2014-07-09 09:35:59 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\Safer-Networking ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-07-09 11:45:45 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-07-04 18:56:50 -------- d-----w- C:\PROGRA~2\World of Warcraft Beta2 2014-07-01 09:59:01 -------- d-----w- C:\PROGRA~2\Heroes of the Storm 2014-06-27 10:42:35 -------- d-----w- C:\PROGRA~2\World of Warcraft Beta ======= C: ===== ====== C:\Users\V. Bakker\AppData\Roaming ====== 2014-06-20 17:26:22 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google 2014-06-18 19:56:09 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft ====== C:\Users\V. Bakker ====== 2014-07-09 11:45:03 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\V50AE~1.BAK\Downloads\RSITx64.exe 2014-07-09 11:45:03 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\V. Bakker\Downloads\RSITx64.exe 2014-07-09 09:46:50 74E76B168526DCA8C99EB6E9FBB5986E 1463328 ----a-w- C:\Users\V50AE~1.BAK\Downloads\SystemCheck_enGB(4).exe 2014-07-09 09:46:50 74E76B168526DCA8C99EB6E9FBB5986E 1463328 ----a-w- C:\Users\V. Bakker\Downloads\SystemCheck_enGB(4).exe 2014-07-07 22:13:14 -------- d-----w- C:\ProgramData\BitRaider 2014-07-04 18:59:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta 2014-07-01 10:16:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm ====== C: exe-files == 2014-07-11 18:42:24 AB2C9706D56BD5A27C709BCF944882A2 389640 ----a-w- C:\Users\V. Bakker\AppData\Local\NVIDIA\NvBackend\Packages\00005d05\updatus.18684592_RUNASUSER.exe 2014-07-11 18:42:17 320AD4A0C4D70D72457BB06ECA504FB1 3722312 ----a-w- C:\Users\V. Bakker\AppData\Local\NVIDIA\NvBackend\Packages\00005cf0\DAO.18679456.exe 2014-07-10 15:03:04 4DA2B3FEDE7C8844AC2A9F055B5EF19F 387552 ----a-w- C:\Users\V. Bakker\AppData\Local\NVIDIA\NvBackend\Packages\00005ced\updatus.18679380_RUNASUSER.exe 2014-07-09 23:04:41 B3F5836DDD18A9665C188F1C63BF4B35 9786416 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.4826\Battle.net.exe 2014-07-09 23:04:25 07BBF4E0CA676302766A606D3DE08BB9 9246256 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe 2014-07-09 15:01:19 EBB61C3AED3AE403BA3F0D748101F464 311264 ----a-w- C:\Users\V. Bakker\AppData\Local\NVIDIA\NvBackend\Packages\00005cd7\drsupdate.18673252_RUNASUSER.exe 2014-07-09 11:45:47 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\V. Bakker.exe 2014-07-09 11:45:03 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\V. Bakker\Downloads\RSITx64.exe 2014-07-09 09:46:50 74E76B168526DCA8C99EB6E9FBB5986E 1463328 ----a-w- C:\Users\V. Bakker\Downloads\SystemCheck_enGB(4).exe 2014-07-09 09:05:10 192AAFE8C2A9D542E159DDAEBB826D41 44290608 ----a-w- C:\Program Files (x86)\Heroes of the Storm\Versions\Base31090\HeroesOfTheStorm.exe 2014-07-08 20:12:22 CC126713FC13559F98FD61F89DB131C8 679688 ----a-w- C:\ProgramData\BitRaider\BRUI.exe 2014-07-08 14:59:52 328EE2476383F5C98CAC720C98ED6F79 3722216 ----a-w- C:\Users\V. Bakker\AppData\Local\NVIDIA\NvBackend\Packages\00005cc5\DAO.18671673.exe 2014-07-07 22:13:15 78561B78811A147B99CB47EBBD2D2847 477960 ----a-w- C:\ProgramData\BitRaider\BRSptSvc.exe 2014-07-07 22:13:15 3B84508670D73437857A526745081206 186880 ----a-w- C:\ProgramData\BitRaider\BRException.exe 2014-07-07 22:13:14 9D947011DED8593AAF79EFCB9960CCF1 6531392 ----a-w- C:\ProgramData\BitRaider\brwc.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1113489120-731346767-463177033-1001\Software\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Battle.net"="C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe --autostarted" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "RazerGameBooster"="C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Battle.net"="C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe --autostarted" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\NVIDIA~1\\3DVISI~1\\NVSTIN~1.DLL " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ArcService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BRSptSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CyberLink PowerDVD 10 MS Monitor Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CyberLink PowerDVD 10 MS Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service Interface] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RzKLService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03-07-2014 12:40] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-06-2013 13:35] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-06-2013 13:35] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\{4958BDB6-D321-4B92-BBDD-2F91EA67ECF4}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [04-07-2014 14:12] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\V50AE~1.BAK\AppData\Roaming\Mozilla\Firefox\Profiles\jpprlz8q.default - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Media Hint - %ProfilePath%\extensions\mediahint@jetpack.xpi - Undetermined - %ProfilePath%\extensions\savedpasswordeditor@daniel.dawson.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Always on Top - %ProfilePath%\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\V. Bakker\AppData\Roaming\Mozilla\Firefox\Profiles\jpprlz8q.default 738C29EAC995029E13333034C1402F56 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash C899B98999270821EDFFA56044DE2377 - C:\Users\V. Bakker\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Docs - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Better Pop Up Blocker - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic Gmail - V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf SiteAdvisor - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho Google Wallet - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Better Pop Up Blocker - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic Gmail - V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {F02C4177-427F-4F00-B624-80F8442C9133} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8503B3C0BD1F15E41851DA6028E51E5C deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E0125035-1AEC-ADF3-9C84-4C77D6A9D502} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C3B3058-F1DB-4E51-8115-AD06825EE1C5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8503B3C0BD1F15E41851DA6028E51E5C deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== HijackThis Entries ====================== C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RazerGameBooster] C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Application Statistics Service (MfeASUM) - McAfee, Inc. - C:\Program Files\McAfee\AppStats\MfeASUM.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\V. Bakker\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\V. Bakker\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\V50AE~1.BAK\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\V50AE~1.BAK\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\V. Bakker\AppData\Local\Mozilla\Firefox\Profiles\jpprlz8q.default\Cache emptied successfully C:\Users\V50AE~1.BAK\AppData\Local\Mozilla\Firefox\Profiles\jpprlz8q.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\V. Bakker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\V50AE~1.BAK\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=222 folders=43 22450046 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hedev\AppData\Local\Temp emptied successfully C:\Users\V. Bakker\AppData\Local\Temp will be emptied at reboot C:\Users\V50AE~1~BAK\AppData\Local\Temp emptied successfully C:\Users\V50AE~1.BAK\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\V50AE~1.BAK\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 11-07-2014 at 21:21:50,51 ======================