Zoek.exe v5.0.0.0 Updated 24-08-2014 Tool run by EdN Win 7 Pro on zo 24/08/2014 at 21:50:32,87. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\EdN Win 7 Pro\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24/08/2014 21:55:46 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\PROGRA~2\Soulseek deleted successfully C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\EdN Win 7 Pro\AppData\Roaming\ASP deleted successfully C:\Users\EdN Win 7 Pro\AppData\Roaming\rightbackup deleted successfully C:\Users\EdN Win 7 Pro\AppData\Roaming\Systweak deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3326347682-3084635299-3740591903-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3326347682-3084635299-3740591903-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3326347682-3084635299-3740591903-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AVG\AVG2014\avgfws.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe C:\Windows\system32\conhost.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskhost.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe C:\Windows\system32\conhost.exe C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Users\EdN Win 7 Pro\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skipuacexec.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found C:\Program Files\VirtualDJ deleted C:\WIMA8D1.tmp deleted C:\WIMA9CB.tmp deleted C:\PROGRA~2\AVG Security Toolbar deleted C:\PROGRA~2\AVG Secure Search deleted C:\Users\EdN Win 7 Pro\AppData\Local\AVG Secure Search deleted C:\Users\EdN Win 7 Pro\Searches deleted C:\Users\EdN Win 7 Pro\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\Windows\tasks\SpyHunter4.job" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCall.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla17.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla19.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla20.dll" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseData.ini" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\AVG Secure Search\TBAPI.dll" deleted "C:\Program Files\AVG Secure Search\vprot.exe" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Common.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll" deleted "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20140824_144001.log" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted "C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP" deleted "C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP" deleted "C:\Program Files\Enigma Software Group" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\AVG Secure Search" not deleted "C:\Program Files\Common Files\AVG Secure Search" deleted "C:\Program Files\Enigma Software Group\SpyHunter" deleted "C:\Program Files\Enigma Software Group\SpyHunter\Log" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 2815 MB CPU Info: Intel(R) Pentium(R) D CPU 3.00GHz CPU Speed: 3112,0 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | XL3220T-0 (NVIDIA High Definiti | Display Adapters: NVIDIA GeForce 210 | NVIDIA GeForce 210 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; FUJITSU XL3220T | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC CD / DVD Drives: 2x (G: | H: | ) G: SONY DVD RW DW-Q31A | H: SONY DVD-ROM DDU1615 Ports: COM3 | COM1 | COM2 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 64,9GB | D: 116,4GB | E: 45,0GB | F: 6,6GB | K: 931,5GB Hard Disks - Free: C: 35,2GB | D: 70,5GB | E: 33,6GB | F: 2,0GB | K: 492,7GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 10/07/05 | IntelR - 42302e31 Time Zone: Romance (standaardtijd) Motherboard *: MICRO-STAR INTERNATIONAL CO., LTD MS-7204 Country: Belgium Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG Internet Security 2014 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2014 disabled (Outdated) Firewall: AVG Internet Security 2014 disabled Internet Explorer Version: 10.0.9200.17054 Adobe Reader version: 11.0.07.79 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-08-13 10:00:31 DB296BC344A125AD56A390CEDD96300B 2207 ----a-w- C:\Windows\diagwrn.xml 2014-08-13 10:00:31 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagerr.xml ====== C:\Users\EDNWIN~1\AppData\Local\Temp ==== 2014-08-21 20:34:58 A2AB2217A3286F4A90E0403A1412D5DA 35595360 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\Temp\SkypeSetup.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-08-24 07:45:41 B8BF98AB4F9408C0C0AC5504E8BF4BBA 523776 ----a-w- C:\Windows\System32\vbscript.dll 2014-08-24 07:16:31 BE7707F5514A414DB7B2639A7A00A410 226816 ----a-w- C:\Windows\System32\iedkcs32.dll 2014-08-24 07:16:31 BDF3562108CF3EB71D50B3E47BB53717 39936 ----a-w- C:\Windows\System32\jsproxy.dll 2014-08-24 07:16:31 B02AF4F75B3280E10468A7E1698DDCD1 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2014-08-24 07:16:31 9679A6F7708D6C894B1817EFEB62351F 33280 ----a-w- C:\Windows\System32\iernonce.dll 2014-08-24 07:16:31 7DCF45A1FB0C2D5AC69289979CC15F2D 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-24 07:16:31 30D7BFA0009C4D2ACFFEEBB2F5663CAB 163840 ----a-w- C:\Windows\System32\msrating.dll 2014-08-24 07:16:31 2046CAAF97A0FB7D7F7A799A320C9266 1180672 ----a-w- C:\Windows\System32\urlmon.dll 2014-08-24 07:16:30 7672B85494FCB5349DC6CACA32E87F9C 2054656 ----a-w- C:\Windows\System32\iertutil.dll 2014-08-24 07:16:30 44EB410A565D7DD5910C2AC9D7AD6A58 80384 ----a-w- C:\Windows\System32\mshtmled.dll 2014-08-24 07:16:30 1DD42CA0D3338A1A97DFFBC2DA05333D 226816 ----a-w- C:\Windows\System32\dxtrans.dll 2014-08-24 07:16:29 5C37961676E91B41E42360CB355707FA 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2014-08-24 07:16:29 3DE90B458BC31E029A7009F51F4B0F6A 690688 ----a-w- C:\Windows\System32\jscript.dll 2014-08-24 07:16:28 F9A7AF5CEB19DC16C093D7D3C95997A8 1440768 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-08-24 07:16:27 7951C75E6B680204BD624A0C3CE2C573 1766400 ----a-w- C:\Windows\System32\wininet.dll 2014-08-24 07:16:27 6FE26E630593A71C2AF4F7222A6F7239 61440 ----a-w- C:\Windows\System32\iesetup.dll 2014-08-24 07:16:26 627F1557B5CD27D218B82C0648EA7384 391168 ----a-w- C:\Windows\System32\ieui.dll 2014-08-24 07:16:26 02389BD2FA7CBAB52BFB5BDA68782043 357888 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-08-24 07:16:23 DDB6F474132BDF69835C2EA520C27727 13757440 ----a-w- C:\Windows\System32\ieframe.dll 2014-08-24 07:16:20 791868870510413B81F7FFD62912B883 2861568 ----a-w- C:\Windows\System32\jscript9.dll 2014-08-24 07:16:20 59519C658518AA899B76AEEFA7719112 14371328 ----a-w- C:\Windows\System32\mshtml.dll 2014-08-24 07:16:19 3F3B62FF068ADF12BDB2D8301E18AF65 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-08-24 07:16:19 0424E6D3747B6269963D4671040663A2 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2014-08-23 11:39:48 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-23 11:39:48 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\System32\elshyph.dll 2014-08-23 11:39:46 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\System32\msls31.dll 2014-08-23 11:39:46 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe 2014-08-23 11:39:46 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\System32\inseng.dll 2014-08-23 11:39:46 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe 2014-08-23 11:39:45 D11BBBEF0FBFA0B4151A0B1C35F04349 137216 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-23 11:39:44 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\System32\imgutil.dll 2014-08-23 11:39:44 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\System32\IEAdvpack.dll 2014-08-23 11:39:44 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\System32\iepeers.dll 2014-08-23 11:39:44 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\System32\pngfilt.dll 2014-08-23 11:39:44 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\System32\occache.dll 2014-08-23 11:39:44 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-08-23 11:39:44 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe 2014-08-23 11:39:44 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-08-23 11:39:43 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\System32\mshtmler.dll 2014-08-23 11:39:43 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2014-08-23 11:39:43 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\System32\tdc.ocx 2014-08-23 11:39:42 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\System32\ieapfltr.dat 2014-08-23 11:39:42 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\System32\html.iec 2014-08-23 11:39:42 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\System32\ieapfltr.dll 2014-08-23 11:39:41 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\System32\url.dll 2014-08-23 11:39:41 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-08-23 11:39:41 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\System32\webcheck.dll 2014-08-23 11:39:41 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\System32\icardie.dll 2014-08-23 11:39:41 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\System32\ieuinit.inf 2014-08-23 11:39:40 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\System32\licmgr10.dll 2014-08-20 13:58:48 3DAED4F3F81328533925A89561479868 410448 ----a-w- C:\Windows\System32\FNTCACHE.DAT 2014-08-13 11:14:40 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-13 11:14:37 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-13 11:14:32 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-13 11:14:28 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2014-08-13 07:19:10 C9059EF0C94C55C0DA9CACEE160A5F66 654336 ----a-w- C:\Windows\System32\rpcrt4.dll 2014-08-13 07:19:08 5860EE5C807CB3866551B845123493C6 107520 ----a-w- C:\Windows\System32\cdd.dll 2014-08-13 07:19:04 D08819FEE0CDB8A8A58E2B34D05E7A11 2048 ----a-w- C:\Windows\System32\tzres.dll 2014-08-13 07:18:56 EB0AAAAC964609473049AF9A1AE26F42 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-08-13 07:18:56 8C192180F49B102626B6517E9B94645F 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-13 07:18:18 C212A43AA83A717AD38505F23ACDCB33 2363392 ----a-w- C:\Windows\System32\msi.dll 2014-08-13 07:18:17 CADC4CFE957C24984FFA718AB7E4EF3C 101824 ----a-w- C:\Windows\System32\consent.exe 2014-08-13 07:18:17 9DA1CCDBBF8136AC2383C2624CA8CD14 337408 ----a-w- C:\Windows\System32\msihnd.dll 2014-08-13 07:18:17 43CD23B65CBF04D6F8ACA984B0EF93FE 1805824 ----a-w- C:\Windows\System32\authui.dll 2014-08-13 07:18:09 D14DF403FF550F6B1F4702CD2F288ABD 412160 ----a-w- C:\Windows\System32\aepdu.dll 2014-08-13 07:18:07 C4675C2734716F56FCA370CF1183457F 302592 ----a-w- C:\Windows\System32\aeinv.dll 2014-08-13 07:18:06 386BF6FD9FC562B1A5558C49E1C3A6FB 12874240 ----a-w- C:\Windows\System32\shell32.dll 2014-08-13 07:18:03 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\Windows\System32\locale.nls 2014-08-13 07:18:01 F1886C30C3E4A7C5513525CBA665AA31 6144 ----a-w- C:\Windows\System32\KBDTAT.DLL 2014-08-13 07:18:01 EB3D06A9EDFDFD12228AD7A9F24D15D6 5632 ----a-w- C:\Windows\System32\KBDRU.DLL 2014-08-13 07:18:01 40FFC65117C4AC69D33DEC6D567392FD 6144 ----a-w- C:\Windows\System32\KBDYAK.DLL 2014-08-13 07:18:01 33DB506498E0419CD50B144DE7CCFC75 6144 ----a-w- C:\Windows\System32\KBDBASH.DLL 2014-08-13 07:18:01 1235259E135F87BF4AE5864A818E1513 6144 ----a-w- C:\Windows\System32\KBDRU1.DLL ====== C:\Windows\system32\drivers ===== 2014-08-13 07:19:08 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-13 07:19:08 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2014-07-29 19:38:01 1E3D32DDBE6BBDC0843432BAD599069F 10681176 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys ====== C:\Windows\Tasks ====== 2014-08-15 12:07:40 9C2D4625B3F4190A47B1B6FA086C7FE5 3094 ----a-w- C:\Windows\system32\Tasks\{6638C937-B896-4471-800D-23BC28868BB8} 2014-08-11 11:10:09 C4C7E4DD232BF8B90984D60F6E1E2991 3158 ----a-w- C:\Windows\system32\Tasks\{3A9A2E6B-0002-4E49-981C-69AF5C009C28} 2014-08-11 10:02:01 A4256EEDBDD434A09ABAF496A3A3F0DD 3294 ----a-w- C:\Windows\system32\Tasks\{E139E8DB-54ED-42A0-8909-F6E0C18283DC} 2014-08-01 08:56:08 A051FE179B73EAAA034E5D21C7C4B216 2860 ----a-w- C:\Windows\system32\Tasks\Driver Booster SkipUAC (EdN Win 7 Pro) 2014-08-01 08:56:07 DEA974209D4DAFA93B796B0BC71C04E1 3220 ----a-w- C:\Windows\system32\Tasks\Driver Booster Scan 2014-08-01 08:56:07 52DBE07F08625F53F763595EC34ABD0B 3164 ----a-w- C:\Windows\system32\Tasks\Driver Booster Update ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-24 12:05:30 -------- d-----w- C:\Program Files\trend micro 2014-08-21 20:36:22 -------- d-----w- C:\Program Files\Common Files\Skype 2014-08-15 11:48:49 -------- d-----w- C:\Program Files\Winamp Detect 2014-08-15 11:23:54 -------- d-----w- C:\Program Files\Winamp PRO 5.666 Build 3516 FULL + Serials [ThumperDC] 2014-08-11 11:50:13 -------- d-----w- C:\Program Files\SHOUTcast 2014-08-10 10:05:51 -------- d-----w- C:\Program Files\Winamp 2014-08-08 09:09:25 -------- d-----w- C:\Program Files\DIFX 2014-08-08 09:08:27 -------- d-----w- C:\Program Files\BeID Minidriver 2014-08-08 09:08:26 -------- d-----w- C:\Program Files\Belgium Identity Card 2014-08-07 11:06:36 -------- d-----w- C:\Program Files\SoulseekNS 2014-08-04 21:26:32 -------- d-----w- C:\Program Files\Enigma Software Group 2014-08-04 21:25:39 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard ======= C: ===== 2014-08-19 12:24:45 C21BD93CEA099F0A715E958F6A60B2C8 324 ----a-r- C:\My Documents.lnk 2014-08-07 19:22:25 D07138915E1B489BA08D2DBDFF441A60 285747 ----a-w- C:\shldr 2014-08-07 19:22:25 025926B83A938B5215F3C1DCC882F21C 8192 ----a-w- C:\shldr.mbr ====== C:\Users\EdN Win 7 Pro\AppData\Roaming ====== 2014-08-21 06:11:02 7928CBEF78BD4ED6781FB3D504EAE151 110048 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-20 14:25:21 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Local\Adobe 2014-08-15 11:48:49 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Applicatie Detect 2014-08-15 11:48:29 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Winamp 2014-08-11 12:22:29 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SHOUTcast DNAS 2014-08-07 11:06:36 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS 2014-08-04 22:47:57 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-08-04 11:39:40 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Local\12671 2014-08-02 10:11:47 -------- d-----w- C:\Users\EdN Win 7 Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ ====== C:\Users\EdN Win 7 Pro ====== 2014-08-24 12:03:15 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\EdN Win 7 Pro\Downloads\RSIT.exe 2014-08-15 11:48:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-08-12 10:19:08 DD5928A15903860E17B67B23472C81BB 4995354 ----a-w- C:\Users\EdN Win 7 Pro\Downloads\ShoutCastGui_setup32.exe 2014-08-11 09:50:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOUTcast DNAS 2014-08-08 09:09:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID 2014-08-07 11:06:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soulseek NS 2014-08-01 08:56:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster ====== C: exe-files == 2014-08-24 12:05:30 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\EdN Win 7 Pro.exe 2014-08-24 12:03:15 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\EdN Win 7 Pro\Downloads\RSIT.exe 2014-08-24 07:16:31 7DCF45A1FB0C2D5AC69289979CC15F2D 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-08-24 07:16:28 ADC1F0471483B9FFC40D61251DD4EAF4 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-08-24 07:16:27 D50CB4EBA5FC732AB919AFC1F61F889B 770704 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-08-24 07:16:19 3F3B62FF068ADF12BDB2D8301E18AF65 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2014-08-23 11:39:48 4417377CEDABD9BD161FA7EDEDA175D4 745472 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-08-23 11:39:46 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\System32\wextract.exe 2014-08-23 11:39:46 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\System32\iexpress.exe 2014-08-23 11:39:45 D11BBBEF0FBFA0B4151A0B1C35F04349 137216 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-08-23 11:39:44 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-08-23 11:39:44 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\System32\mshta.exe 2014-08-23 11:39:44 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe 2014-08-23 11:39:43 F627F4D4223F3F7D104294575E9E6F9D 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2014-08-23 11:39:43 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe 2014-08-23 11:39:42 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-08-23 09:46:34 BFDAD68DA64C42F44CF885F8EC0EB127 415160 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\NVIDIA\NvBackend\Packages\0000608d\CoProc update.18808273.exe 2014-08-23 09:46:23 6353DBB174DC0988C23F80D5AD503464 3894872 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\NVIDIA\NvBackend\Packages\00006085\DAO.18807565.exe 2014-08-21 20:34:58 A2AB2217A3286F4A90E0403A1412D5DA 35595360 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\Temp\SkypeSetup.exe 2014-08-20 09:43:15 8B49F0FFFE77BB5262F16CA976BE8976 3938680 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\NVIDIA\NvBackend\Packages\00006060\DAO.18796622.exe 2014-08-19 09:42:19 F76BAE7608DDFAA231582ACE2BC2C77A 414688 ----a-w- C:\Users\EdN Win 7 Pro\AppData\Local\NVIDIA\NvBackend\Packages\00006057\updatus.18793555_RUNASUSER.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "WinampAgent"="C:\Program Files\Winamp\winampa.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "OfficeSyncProcess"="\"C:\\Program Files\\Microsoft Office\\Office14\\MSOSYNC.EXE\"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "NvBackend"="\"C:\\Program Files\\NVIDIA Corporation\\Update Core\\NvBackend.exe\"" "vProt"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\"" "ShadowPlay"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap.dll,ShadowPlayOnSystemStart" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/08/2014 09:38] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe online update program" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\Driver Booster Scan" [C:\Program Files\IObit\Driver Booster\Scheduler.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (EdN Win 7 Pro)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\Driver Booster Update" [C:\Program Files\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files\TuneUp Utilities 2014\OneClick.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [08/08/2014 11:08] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{9B6A0C5B-78F3-D1B4-7AC9-D3A996FD690F}"="C:\Program Files\ver2Re-markit\176.xpi" [] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{8EA7CC11-EA23-439D-B79A-AFBD3664828C}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {8EA7CC11-EA23-439D-B79A-AFBD3664828C} Google Url="http://www.google.com/search?q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3326347682-3084635299-3740591903-1001\Software\Mozilla\Firefox\Extensions\{9B6A0C5B-78F3-D1B4-7AC9-D3A996FD690F} deleted successfully ==== HijackThis Entries ====================== O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (file missing) O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe ==== Empty IE Cache ====================== C:\Users\EdN Win 7 Pro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\EdN Win 7 Pro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=272 folders=72 116609359 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\EdN Win 7 Pro\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\EDNWIN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Enigma Software Group" not found "C:\Program Files\AVG Secure Search" not found "C:\Program Files\AVG Secure Search" not found ==== EOF on zo 24/08/2014 at 22:20:41,32 ======================