Zoek.exe v5.0.0.0 Updated 30-09-2014 Tool run by Tim on Fri 10/03/2014 at 12:09:50.29. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Tim\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 10/3/2014 12:11:47 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Performance Optimizer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe F:\Games\APB Reloaded\Launcher\APBLauncher.exe ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "Wondershare Helper Compact.exe"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Common Files\Wondershare not found C:\ProgramData\Performance Optimizer not found C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\7qjwrpbi.default\extensions\jid1-4P0kohSJxU1qGg@jetpack deleted C:\ProgramData\ParetoLogic deleted C:\Program Files (x86)\ParetoLogic deleted C:\found.002 deleted C:\found.001 deleted C:\Users\Tim\AppData\Roaming\Wondershare deleted C:\Users\Tim\.android deleted C:\PROGRA~2\LiveSupport deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\Hotspot Shield deleted C:\found.000 deleted C:\found.003 deleted C:\Users\Tim\AppData\Roaming\Hotspot Shield deleted C:\PROGRA~3\exploit.exe.tmp deleted C:\PROGRA~3\Hotspot Shield deleted C:\PROGRA~3\Uniblue\DriverScanner deleted C:\PROGRA~3\Uniblue deleted C:\PROGRA~3\Package Cache deleted C:\Users\Tim\AppData\Local\Wondershare deleted C:\Users\Tim\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\Hotspot Shield deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Tim\Documents\Optimizer Pro deleted C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\7qjwrpbi.default\Invalidprefs.js deleted C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\7qjwrpbi.default\jetpack deleted C:\Users\Tim\AppData\Roaming\Downloader.exe deleted "C:\found.004" deleted ==== System Specs ====================== Windows: Windows Version 6.3 (Build 9600) Memory (RAM): 6136 MB CPU Info: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz CPU Speed: 2674.0 MHz Sound Card: Not detected Display Adapters: Microsoft Basic Display Driver Monitors: 1x; Screen Resolution: 1600 X 1200 - 32 bit Network: Network Present Network Adapters: Anchorfree HSS VPN Adapter #2 | Anchorfree HSS VPN Adapter | TAP-Windows Adapter V9 | Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2 | VirtualBox Host-Only Ethernet Adapter | VMware Virtual Ethernet Adapter for VMnet1 | VMware Virtual Ethernet Adapter for VMnet8 CD / DVD Drives: 2x (E: | J: | ) E: DTSOFT BDROM | J: TSSTcorpCDDVDW SH-S223Q Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 184.8GB | F: 1206.1GB Hard Disks - Free: C: 48.1GB | F: 1145.9GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/10/11 | 051011 - 20110510 Time Zone: Romance Standard Time Motherboard *: ASUSTeK Computer INC. P6X58D PREMIUM Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Internet Explorer Version: 11.0.9600.17278 Mozilla Firefox version: 30.0 (x86 nl) Opera Browser version: 24.0.1558.64 Sun Java version: 1.7.0_60 (32-bit) Sun Java version: 1.7.0_65 (64-bit) Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-17 14:32:12 ACDBE1ED38167C8B01B8F63161BB2CEA 2374784 ----a-w- C:\Windows\explorer.exe ====== C:\Users\Tim\AppData\Local\Temp ==== 2014-10-01 14:15:04 D761F3AA64064A706A521BA14D0F8741 11824128 ----a-w- C:\Users\Tim\AppData\Local\Temp\DARKCOMET.EXE 2014-09-27 16:19:40 C7AACCA90AE8BE9D383C1644074C36DF 1768156 ---ha-w- C:\Users\Tim\AppData\Local\Temp\TMP.RAR307009\Register.exe 2014-09-27 10:54:37 FC298ABC9A1376D9AC292F78C5AACA25 32912 ----a-w- C:\Users\Tim\AppData\Local\Temp\notepad .exe 2014-09-27 10:46:30 2A7CF13ACB76BD371FC77250462DEB7D 61440 ----a-w- C:\Users\Tim\AppData\Local\Temp\Windows.exe 2014-09-27 10:30:35 FC298ABC9A1376D9AC292F78C5AACA25 32912 ----a-w- C:\Users\Tim\AppData\Local\Temp\Windows .exe 2014-09-27 07:54:20 DF21207322BB1E8511A824107E852E16 742934 ----a-w- C:\Users\Tim\AppData\Local\Temp\temp.exe 2014-09-25 16:50:28 9D10F99A6712E28F8ACD5641E3A7EA6B 149352 ----a-r- C:\Users\Tim\AppData\Local\Temp\ose00000.exe 2014-09-20 11:29:46 13804F8DC4E72BA103D5E34DE895C9DB 12288 ----a-w- C:\Users\Tim\AppData\Local\Temp\upnp.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-01 16:28:53 11996C1FD2D437347654E660DE9144A7 609240 ----a-w- C:\Windows\SysWOW64\nvStreaming.exe 2014-10-01 16:26:05 F51B727AFF404ED8D730DFA069D88D7B 18722600 ----a-w- C:\Windows\SysWOW64\shell32.dll 2014-10-01 16:26:04 7BEE9E040222E7033A820780E1A61204 5777408 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-10-01 16:26:03 074BF061D97E49AAF04F2FAF46409A14 5902848 ----a-w- C:\Windows\SysWOW64\Windows.UI.Search.dll 2014-10-01 16:26:02 A4E624F7658D08C1717542FA10E0A973 1467384 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2014-10-01 16:26:01 021825EF003AA09835ECCA2CCF973BB8 626688 ----a-w- C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-01 16:26:00 76831C139BD9E227712B283A6A5ABBA8 840192 ----a-w- C:\Windows\SysWOW64\SearchFolder.dll 2014-10-01 16:26:00 24B30DB8D1F8CF0F8C1AAAE319BC508E 838144 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2014-10-01 16:25:59 DBA00F3FC75495058A25B24906C24599 1205976 ----a-w- C:\Windows\SysWOW64\propsys.dll 2014-10-01 16:25:59 BFC6F7889A9CFF451A418862444B9F63 321024 ----a-w- C:\Windows\SysWOW64\Wldap32.dll 2014-10-01 16:25:58 E86549FED3008360730A6B722079D537 756224 ----a-w- C:\Windows\SysWOW64\WSShared.dll 2014-10-01 16:25:57 DA65F1320538BC417B8FAE0BCAC330A0 265216 ----a-w- C:\Windows\SysWOW64\SkyDriveShell.dll 2014-10-01 16:25:52 CB90D56DB19B8213CF5F7CB789C1C778 3117568 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-10-01 16:25:51 C49344C2F399A22704C682C5E18B8DF2 2321920 ----a-w- C:\Windows\SysWOW64\authui.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-01 16:26:09 34A16F6F9546595952C65003D9A4B474 21195616 ----a-w- C:\Windows\Sysnative\shell32.dll 2014-10-01 16:26:05 1676B06421492B439A9E60C55692A921 8757760 ----a-w- C:\Windows\Sysnative\Windows.UI.Search.dll 2014-10-01 16:26:04 8A522BBE4E06586C57E5D9DC50FB88B0 6649344 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-10-01 16:26:03 57CA779C19C2F224BE0C5EFC40F54B60 4758528 ----a-w- C:\Windows\Sysnative\SyncEngine.dll 2014-10-01 16:26:02 5053FE9043FB84D71B04EFC7D5DA13CF 1710184 ----a-w- C:\Windows\Sysnative\ntdll.dll 2014-10-01 16:26:02 3B048C495ED3ADB6D8CA00769EC542B3 921600 ----a-w- C:\Windows\Sysnative\MrmCoreR.dll 2014-10-01 16:26:02 37C1CBCB3F420C754E86E3EC313D436D 1112512 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2014-10-01 16:26:02 2ECA23663D13100032E09062C743C70D 1507648 ----a-w- C:\Windows\Sysnative\propsys.dll 2014-10-01 16:26:01 10CE7F7704E293F6CC6E0AF51DBFD95A 1106432 ----a-w- C:\Windows\Sysnative\SearchFolder.dll 2014-10-01 16:26:00 ACFEE9487693C2BD573DFCA71D98E17C 914432 ----a-w- C:\Windows\Sysnative\iphlpsvc.dll 2014-10-01 16:26:00 ABB028BAB78E7B4AFE374F8246F6CCB6 359424 ----a-w- C:\Windows\Sysnative\Wldap32.dll 2014-10-01 16:25:59 FD4EA8E9232ADD51DC31C295DDEF2768 287744 ----a-w- C:\Windows\Sysnative\SystemEventsBrokerServer.dll 2014-10-01 16:25:58 F58FBEA392B663B936E62939A877CA80 1120768 ----a-w- C:\Windows\Sysnative\SkyDrive.exe 2014-10-01 16:25:58 E325BCD68EC0CF2E2EDD0AB7CC17C698 267776 ----a-w- C:\Windows\Sysnative\bisrv.dll 2014-10-01 16:25:58 66CBCDDEF429E5BA83C3288EEB0771A6 717824 ----a-w- C:\Windows\Sysnative\SkyDriveTelemetry.dll 2014-10-01 16:25:58 30293301B14D0D11D086B09831F5FE0D 920064 ----a-w- C:\Windows\Sysnative\WSShared.dll 2014-10-01 16:25:57 B6F423906D3E10BE38C16726C0905033 388729 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2014-10-01 16:25:57 73F269436228D5625E83A1EAF3549F58 118272 ----a-w- C:\Windows\Sysnative\httpprxm.dll 2014-10-01 16:25:57 5D4A403DAE434FBA11779496EAFBDDE8 75776 ----a-w- C:\Windows\Sysnative\adhsvc.dll 2014-10-01 16:25:57 36F977EDAE6CEE96CE6409B2B16765B4 290816 ----a-w- C:\Windows\Sysnative\ProximityService.dll 2014-10-01 16:25:57 3014CE5846A486C624E3E2CEB8C3290C 286208 ----a-w- C:\Windows\Sysnative\SkyDriveShell.dll 2014-10-01 16:25:57 0DD29E5328436D51517316CD6D3BACCA 286208 ----a-w- C:\Windows\Sysnative\pcsvDevice.dll 2014-10-01 16:25:52 A1864B6F524DAFAB750C613467E43515 4148736 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-10-01 16:25:52 5DAA60A74D178525DC6ACF53ABE343D6 2779136 ----a-w- C:\Windows\Sysnative\msi.dll 2014-10-01 16:25:51 A00B916CD6A67984257DC53052350219 2646016 ----a-w- C:\Windows\Sysnative\authui.dll 2014-10-01 16:25:51 7667B9D81EA8FD6540E6CF72F92161A6 109568 ----a-w- C:\Windows\Sysnative\appinfo.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-01 16:26:03 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-10-01 16:25:58 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-09-17 14:41:05 6416E79A58A8FCC33A447A4DDDD3BF04 412160 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2014-09-17 14:41:03 038C77D577900EE39410662478BB0D50 2009920 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2014-09-17 14:41:02 5BED3AB69797C8786EF70AEA8C33748B 674816 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2014-09-17 14:41:01 77E1D08EF3BFB923F2EDC3FC8089E08E 475968 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2014-09-17 14:40:58 240C5C3793206725AA05665851E8C214 412992 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys 2014-09-17 14:40:56 FF78D053A05E5A394F4E3C1816CC65A8 143680 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2014-09-17 14:40:56 64CA2B4A49A8EAF495E435623ECCE7DB 310080 ----a-w- C:\Windows\Sysnative\drivers\volsnap.sys 2014-09-17 14:40:52 65392F3F3F65E4C6CC82A0F4F8A0B051 468288 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS 2014-09-17 14:40:49 D047CD668E6277FD80F0C613946F034C 246272 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2014-09-17 14:40:48 26ACA481FAFEC59FE311D719E3027BBA 446976 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys 2014-09-17 14:40:47 FEF0BC107812B36849741C3211BA6B60 419648 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2014-09-17 14:40:43 9C096BF5E10CA8BFA56F32522A89FAF1 79872 ----a-w- C:\Windows\Sysnative\drivers\IPMIDrv.sys 2014-09-17 14:40:42 E4B4BE2D7750849C07589DA0B0AABA01 1118040 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys 2014-09-17 14:40:42 C910E5D18958914A66F0E45689D0B40A 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2014-09-17 14:40:42 B1AA3B19A2E596A59224F893E01A5A75 126464 ----a-w- C:\Windows\Sysnative\drivers\NdisImPlatform.sys 2014-09-17 14:40:41 D4B7ED39C7900384D9E5C1283F1E7926 76800 ----a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys 2014-09-17 14:40:40 E0927EFA25D473367C3341B9F5969779 115712 ----a-w- C:\Windows\Sysnative\drivers\bridge.sys 2014-09-17 14:40:36 91ED124E261EA8FAA1C0FFDF2A71B0C4 280384 ----a-w- C:\Windows\Sysnative\drivers\pci.sys 2014-09-17 14:40:36 1DD05F4857C2188744B9E864658949DD 295424 ----a-w- C:\Windows\Sysnative\drivers\ks.sys 2014-09-17 14:32:15 8DF1254093B5C354CE725EB6B9B0DE19 146752 ----a-w- C:\Windows\Sysnative\drivers\msgpioclx.sys 2014-09-06 19:09:04 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2014-09-06 19:09:04 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys 2014-09-06 18:47:27 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01007.Wdf 2014-09-06 18:40:39 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ====== C:\Windows\Tasks ====== 2014-09-25 16:51:03 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-02 16:31:09 -------- d-----w- C:\Program Files\trend micro 2014-09-25 16:50:45 -------- d-----w- C:\Program Files\Microsoft Office 2014-09-07 11:17:03 -------- d-----w- C:\Program Files\WinHTTrack ======= C:\PROGRA~2 ===== 2014-09-27 15:45:37 -------- d-----w- C:\PROGRA~2\Resource Hacker 2014-09-27 15:39:56 -------- d-----w- C:\PROGRA~2\IconChanger 2014-09-27 10:26:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2014-09-27 10:26:47 -------- d-----r- C:\PROGRA~2\Skype 2014-09-25 16:51:32 -------- d-----w- C:\PROGRA~2\Microsoft Synchronization Services 2014-09-25 16:51:31 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2014-09-25 16:51:20 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server Compact Edition 2014-09-25 16:50:42 -------- d-----w- C:\PROGRA~2\Microsoft Office 2014-09-06 19:03:14 -------- d-----w- C:\PROGRA~2\Samsung 2014-09-04 14:16:03 -------- d-----w- C:\PROGRA~2\Razer ======= C: ===== 2014-10-03 09:46:34 313622550D927A527A809EC58E61838C 6688 ------w- C:\bootsqm.dat 2014-10-02 03:44:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Recovery.txt ====== C:\Users\Tim\AppData\Roaming ====== 2014-09-28 11:15:00 37288C8DB3DFFEF9585F8F5187859C44 179591 ----a-w- C:\Users\Tim\AppData\Roaming\image jpg.jpg 2014-09-28 11:15:00 -------- d-----w- C:\Users\Tim\AppData\Roaming\system 2014-09-27 15:55:31 -------- d-----w- C:\Users\Tim\AppData\Roaming\IconChanger 2014-09-27 11:59:30 B35565BE0653617592B0E5CE56D67D0F 8690 ----a-w- C:\Users\Tim\AppData\Roaming\58229958 2014-09-25 16:50:43 -------- d-----w- C:\Users\Tim\AppData\Local\Microsoft Help 2014-09-25 16:44:38 -------- d-----w- C:\Users\Tim\AppData\Locallow\Temp 2014-09-20 13:58:25 -------- d-----w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC 2014-09-06 19:06:35 -------- d-----w- C:\Users\Tim\AppData\Local\Samsung 2014-09-06 19:06:34 -------- d-----w- C:\Users\Tim\AppData\Roaming\Samsung 2014-09-06 19:00:39 -------- d-----w- C:\Users\Tim\AppData\Local\Downloaded Installations 2014-09-04 14:26:16 -------- d-----w- C:\Users\Tim\AppData\Local\Razer 2014-09-04 14:20:06 -------- d-----w- C:\Users\Tim\AppData\Local\Razer_Inc 2014-09-04 14:16:55 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Razer ====== C:\Users\Tim ====== 2014-10-02 16:30:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Tim\Desktop\RSITx64.exe 2014-10-01 16:37:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-10-01 15:17:26 9DFB22712C5F731FE53EC473C03380F4 6808688 ----a-w- C:\Users\Tim\Downloads\RegCureProSetup.exe 2014-10-01 14:42:16 9AE4C48DB6D9EB7D060C71AB1AABF5F0 4965896 ----a-w- C:\Users\Tim\Downloads\ccsetup418.exe 2014-09-27 16:19:49 D41D8CD98F00B204E9800998ECF8427E 0 --sha-w- C:\Users\Tim\AfHdEpLj.txt 2014-09-27 16:19:47 -------- d-sh--w- C:\Users\Tim\Registered Taskbar 2014-09-27 15:45:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2014-09-27 15:40:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger 2014-09-27 10:26:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-25 16:51:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-09-25 16:50:41 -------- d-----w- C:\ProgramData\Microsoft Help 2014-09-07 11:17:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2014-09-06 19:05:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-09-06 19:03:14 -------- d-----w- C:\ProgramData\Samsung 2014-09-04 14:18:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2014-09-04 14:16:25 -------- d-----w- C:\ProgramData\Razer ====== C: exe-files == 2014-10-02 16:31:09 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Tim.exe 2014-10-01 16:29:42 EBB484326C4B934CE97BFA3F047175EF 412504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{CEE08B84-F57C-407F-807E-49993086A1C5}\setup.exe 2014-10-01 16:29:19 EBB484326C4B934CE97BFA3F047175EF 412504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9F223916-5658-4852-AA82-48DFACE59564}\setup.exe 2014-10-01 16:28:54 76992822377CD0DC5A69FC369C01D6B2 1900888 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 2014-10-01 16:28:54 5A24C202959C2DD97E77A4636455738F 8351520 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NVStWiz.exe 2014-10-01 16:28:53 D2230317777033CD0456990BFC4994E5 411936 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2014-10-01 16:28:53 C8269C7833D0ABA2AE2B36F9207D84A0 826712 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe 2014-10-01 16:28:53 707702343B93391C062A38C4A2CBBEEB 438744 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe 2014-10-01 16:28:53 64EB581A5C3A9283AF627C3E6CBCF433 896344 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStereoUtilityOGL.exe 2014-10-01 16:28:53 343B4C1204C4E408E9DF81966D218B98 2604544 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvsttest.exe 2014-10-01 16:28:53 0E0218E558F87B4326EA3500BC704F54 1101088 ----a-w- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe 2014-10-01 16:28:23 A9004AE582ED6FD7A7CED3B21479B564 3424728 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\NvGpuUtilization.exe 2014-10-01 16:28:16 FF1D400BC82C8DBB7C51556B3F979A04 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{8536F03E-28E8-473F-90C7-EAFDA54776A3}\setup.exe 2014-10-01 16:27:43 FB0AB686FE8958620E892CBFA7893B8C 83141328 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BFA8D811-6491-4D81-810A-DC1110D12FDF}\NvCplSetupInt.exe 2014-10-01 16:27:43 B12A490B9F29FC2A8DFAD0103B8B9448 76096 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BFA8D811-6491-4D81-810A-DC1110D12FDF}\nvsetup.exe 2014-10-01 16:27:43 7980739C2109119050292A3A04294105 18747472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.3DVision.{9E2CDA50-F761-44EE-BE95-1C0F92CAE154}\3DVision.exe 2014-10-01 16:27:43 583D93BDCCAB390ED24EC2684B806CE7 441120 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BFA8D811-6491-4D81-810A-DC1110D12FDF}\dbInstaller.exe 2014-10-01 16:27:43 1A9FEFF94E823C9993D173AAF86A2120 33568328 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BFA8D811-6491-4D81-810A-DC1110D12FDF}\NvCplSetupEng.exe 2014-10-01 16:27:39 EBB484326C4B934CE97BFA3F047175EF 412504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9B08B0DE-D4C8-40FB-9D56-8FD8CC0B7C8A}\setup.exe 2014-10-01 14:15:04 D761F3AA64064A706A521BA14D0F8741 11824128 ----a-w- C:\Users\Tim\AppData\Local\Temp\DARKCOMET.EXE 2014-09-28 08:44:19 BB7A504D247649CB8369BD5460984F2E 1206888 ----a-w- C:\Program Files\CyberGhost 5\unins000.exe 2014-09-27 16:19:40 C7AACCA90AE8BE9D383C1644074C36DF 1768156 ---ha-w- C:\Users\Tim\AppData\Local\Temp\TMP.RAR307009\Register.exe 2014-09-27 15:45:37 2F92EED4E2061AF0961F379E9DED70D6 1021440 ----a-w- C:\Program Files (x86)\Resource Hacker\ResHacker.exe 2014-09-27 15:45:37 2B83A3E9C6C725ECADD50A19E2CEF5CB 721694 ----a-w- C:\Program Files (x86)\Resource Hacker\unins000.exe 2014-09-27 15:40:00 C2A51C40BA01E063C47E38653F987558 40960 ----a-w- C:\Program Files (x86)\IconChanger\Admin_IconChanger.exe 2014-09-27 15:39:58 B2DBE169AFE0E6060A4B85A9813A6F23 147456 ----a-w- C:\Program Files (x86)\IconChanger\Install.exe 2014-09-27 15:39:57 5CC6646D965DD24198052F5030FE187E 937984 ----a-w- C:\Program Files (x86)\IconChanger\IconChng.exe 2014-09-27 10:54:37 FC298ABC9A1376D9AC292F78C5AACA25 32912 ----a-w- C:\Users\Tim\AppData\Local\Temp\notepad .exe 2014-09-27 10:46:30 2A7CF13ACB76BD371FC77250462DEB7D 61440 ----a-w- C:\Users\Tim\AppData\Local\Temp\Windows.exe 2014-09-27 10:30:35 FC298ABC9A1376D9AC292F78C5AACA25 32912 ----a-w- C:\Users\Tim\AppData\Local\Temp\Windows .exe 2014-09-27 07:54:20 DF21207322BB1E8511A824107E852E16 742934 ----a-w- C:\Users\Tim\AppData\Local\Temp\temp.exe 2014-09-26 14:24:38 DEC2A2F2CDA3AE91C73E0B4B4FEA0DC6 3180152 ----a-w- C:\Program Files (x86)\Opera\24.0.1558.64\opera_autoupdate.exe 2014-09-26 14:24:38 A48C4823DFF14C5CADBD9431B496F68B 3537016 ----a-w- C:\Program Files (x86)\Opera\24.0.1558.64\installer.exe 2014-09-26 14:24:38 A1A237B57E77E3271B3D0BD29D2798B1 1372280 ----a-w- C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe 2014-09-26 14:24:38 9F924CB7A38551A6A4F04509D4B1A402 48070776 ----a-w- C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe 2014-09-26 14:24:38 98D7E192D9839DACEED7E0F1CE2FBEBD 73336 ----a-w- C:\Program Files (x86)\Opera\24.0.1558.64\wow_helper.exe === C: other files == 2014-10-01 16:29:44 F4992A26D629288ADBBDC3A715629FA1 163104 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{6E05D72B-24C1-4A65-A62D-495930406482}\nvhda64.sys 2014-10-01 16:29:44 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{6E05D72B-24C1-4A65-A62D-495930406482}\nvhda64v.sys 2014-10-01 16:29:44 9F8EE4948B7ADD9D12F778F61A2758A4 162592 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{6E05D72B-24C1-4A65-A62D-495930406482}\nvhda32v.sys 2014-10-01 16:29:44 47FEB587AAE06F6717FCABF8BCF184FD 129312 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{6E05D72B-24C1-4A65-A62D-495930406482}\nvhda32.sys 2014-10-01 16:29:42 B9F2DA8B216033C8CC656FC3F4AFCFA3 14680 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{CEE08B84-F57C-407F-807E-49993086A1C5}\NVI2SystemService32.sys 2014-10-01 16:29:42 4BF5A062150E8C3A493F5251BD29C144 16672 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{CEE08B84-F57C-407F-807E-49993086A1C5}\NVI2SystemService64.sys 2014-10-01 16:29:21 C210DB4776C094D9A7A0EAAE8E45A5DE 452056 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{3887CDA2-EA06-44D3-948B-8DE1676AB0DA}\nvstusb64.sys 2014-10-01 16:29:21 71E400FE3AFBA04B82DFD7F732905DBD 435416 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{3887CDA2-EA06-44D3-948B-8DE1676AB0DA}\nvstusb32.sys 2014-10-01 16:29:19 B9F2DA8B216033C8CC656FC3F4AFCFA3 14680 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9F223916-5658-4852-AA82-48DFACE59564}\NVI2SystemService32.sys 2014-10-01 16:29:19 4BF5A062150E8C3A493F5251BD29C144 16672 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9F223916-5658-4852-AA82-48DFACE59564}\NVI2SystemService64.sys 2014-10-01 16:27:39 B9F2DA8B216033C8CC656FC3F4AFCFA3 14680 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9B08B0DE-D4C8-40FB-9D56-8FD8CC0B7C8A}\NVI2SystemService32.sys 2014-10-01 16:27:39 4BF5A062150E8C3A493F5251BD29C144 16672 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{9B08B0DE-D4C8-40FB-9D56-8FD8CC0B7C8A}\NVI2SystemService64.sys 2014-10-01 16:26:03 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-10-01 16:25:58 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-10-01 16:25:52 A1864B6F524DAFAB750C613467E43515 4148736 ----a-w- C:\Windows\System32\win32k.sys 2014-10-01 14:41:50 86AE13F5F7B56596101BA1EE2AB8963E 15634940 ----a-w- C:\Users\Tim\Downloads\DarkCometRAT531.zip 2014-09-27 16:19:40 E7E2974D58566D5DEB8E1B8E1EF91EA9 99 ---ha-w- C:\Users\Tim\AppData\Local\Temp\TMP.RAR307009\Registered.vbs 2014-09-27 16:19:40 E3326416C2AF4DB99952ED9077C64199 44 ---ha-w- C:\Users\Tim\AppData\Local\Temp\TMP.RAR307009\Registered.bat 2014-09-27 15:39:58 2E95639B460D6B2CC350AB339466C487 40960 ----a-w- C:\Program Files (x86)\IconChanger\IconChng.sys 2014-09-27 10:30:55 C8DAFBDC39715DA50B8FC59F2F6D633E 43 ----a-w- C:\Users\Tim\AppData\Local\Temp\Windows\melt.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2171773818-881262542-3018635925-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "PMG Start"="C:\ProgramData\PMG\PMG.exe" "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\winspeed\\winspeed.dll c:\\progra~3\\perfor~1\\perfor~1.dll" ==== Startup Folders ====================== 2014-07-29 18:48:19 1081 ----a-w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\update-S-1-5-21-2171773818-881262542-3018635925-1001.job --a-------- [Undetermined Task] C:\Windows\tasks\update-sys.job --a-------- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [03/25/2014 06:44 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1406124539" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Red Giant Link" ["C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe"] "C:\Windows\SysNative\tasks\update-sys" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E44DD4F5-9C86-40B9-B35C-449701C1697C}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [06/15/2014 02:41 PM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\7qjwrpbi.default - Best Proxy Switcher - %ProfilePath%\extensions\bestproxyswitcher@bestproxyswitcher.com.xpi - HMA IP Checker - %ProfilePath%\extensions\ipinfo@hidemyass.com.xpi - Enable Click to Play - %ProfilePath%\extensions\jid1-4Vy68XOTvAbEBQ@jetpack.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\7qjwrpbi.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash ==== Deleted Firefox Extensions ====================== C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] Grooveshark Downloader - Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp ==== Chromium Fix ====================== C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.babylon.com_0.localstorage deleted successfully C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.babylon.com_0.localstorage-journal deleted successfully C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M8A2BC923-4C9F-46C8-BA79-672ACA973F4C&SearchSource=55&CUI=&UM=5&UP=SPB9CCDA55-80DE-4B7D-837D-662AA5DDB986&SSPV=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {27280EEF-0631-4754-998C-72E4E1E2A10D} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2171773818-881262542-3018635925-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_USERS\S-1-5-21-2171773818-881262542-3018635925-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [PMG Start] C:\ProgramData\PMG\PMG.exe O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart O4 - Startup: Curse.lnk = Tim\AppData\Roaming\Curse Client\Bin\Curse.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.aeriagames.com O17 - HKLM\System\CCS\Services\Tcpip\..\{0207C40E-5902-4147-AC8A-A66661DFD66C}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0207C40E-5902-4147-AC8A-A66661DFD66C}: NameServer = 192.168.0.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\winspeed\winspeed.dll c:\progra~3\perfor~1\perfor~1.dll O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - F:\Games\HiPatchService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Local Synchronization Host (MainLSyncHost) - Unknown owner - c:\windows\syswow64\mpk\lsynchost.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (file missing) O23 - Service: MediaFire NTFS Monitor (MF NTFS Monitor) - Unknown owner - C:\Users\Tim\AppData\Local\MEDIAF~1\MFUSNM~1.EXE O23 - Service: mental ray Satellite for Autodesk 3ds Max 2015 64-bit (mi-raysat_3dsmax2015_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Tim\AppData\Local\Mozilla\Firefox\Profiles\7qjwrpbi.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Tim\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1130 folders=233 81498630 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Tim\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot