Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by rowen on wo 22-10-2014 at 11:45:42,90. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: \\VAIO\Users\Public\Documents\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-10-2014 11:50:40 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\McAfee deleted successfully C:\Program Files\trend micro deleted successfully C:\PROGRA~3\iolo deleted successfully C:\Users\rowen\AppData\Local\ms-drivers deleted successfully C:\Users\rowen\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-309808750-1984114988-2702305126-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted successfully HKEY_USERS\S-1-5-21-309808750-1984114988-2702305126-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted successfully HKEY_USERS\S-1-5-21-309808750-1984114988-2702305126-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_USERS\S-1-5-21-309808750-1984114988-2702305126-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Installed Programs ====================== ęTorrent Adobe Reader XI MUI Agatha Christie - Death on the Nile Aloha TriPeaks Apple Application Support Apple Mobile Device Support Apple Software Update Azteca Behind The Reflection 2: Witch's Revenge Bejeweled 3 Block The Ads Bonjour-afdrukservices Bonjour Broadcom 802.11 Network Adapter Broadcom Wireless Utility Build-a-lot: On Vacation Cheat Engine 6.4 Chuzzle Deluxe Cut the Rope CyberLink Power2Go 8 CyberLink PowerDVD Enchanted Cavern 2 ESDL Euro Truck Simulator 2 FATE FDUx86 Freeplane Google Chrome Google Update Helper Heroes of Hellas 3: Athens inSSIDer Office Intel AppUp(R) center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) PROSet/Wireless NFC Software Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Java 7 Update 13 Java 7 Update 13 (64-bit) Java Auto Updater Luxor HD Mahjongg Artifacts McAfee Parental Controls Memeo Instant Backup Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl Microsoft Silverlight Microsoft SkyDrive Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft XNA Framework Redistributable 4.0 My Kingdom for the Princess 3 Mystery of Mortlake Mansion Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Plants vs. Zombies - Game of the Year PlayMemories Home Polar Bowler Popcorn Time Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Remote Keyboard Restore Shared C Run-time for x64 Sony MSS SSLx64 SSLx86 Synaptics Pointing Device Driver Unity Web Player Update Installer for WildTangent Games App Vacation QuestT - Australia VAIO - Remote Keyboard VAIO - Xperia Link VAIO BIOS Data Transfer Utility VAIO Care VAIO Care Hardware Diagnostics Plugin VAIO Control Center VAIO CPU Fan Diagnostic VAIO Data Restore Tool VAIO Easy Connect VAIO Gesture Control VAIO Image Optimizer VAIO Improvement VAIO Media Server Settings VAIO Movie Creator VAIO Sample Music VAIO Transfer Support VAIO Update VCCx64 VCCx86 VHD Virtual Villagers 5 - New Believers VIx64 VIx86 VLC media player 2.1.3 VPMx64 VSSTx64 VSSTx86 VU5x64 VU5x86 VWSTx86 WIDCOMM Bluetooth Software WildTangent Games WinZip 18.5 XBMC XperiaLinkx86 Youda Jewel Shop ==== Running Processes ====================== C:\WINDOWS\TEMP\mrt62B1.tmp\stdrt.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\WINDOWS\SysWOW64\DllHost.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Care\VCService.exe \\VAIO\Users\Public\Documents\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Adobe Licensing Console deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A975D67A-E8E1-5BC5-9373-7530CA2A3587}] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A975D67A-E8E1-5BC5-9373-7530CA2A3587}] ==== Deleting Files \ Folders ====================== C:\ProgramData\RanDomPrice not found C:\ProgramData\BiTiSSavEr not found C:\Users\rowen\AppData\LocalLow\{6A8E65DE-0F01-B98F-34FE-2B3B1AB08DAE} deleted C:\Users\rowen\AppData\LocalLow\{8BD82E33-85F2-B924-CE2C-A8C872D031BA} deleted C:\Users\rowen\AppData\LocalLow\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted C:\Users\rowen\AppData\LocalLow\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71} deleted C:\Users\rowen\AppData\Local\Packages\windows_ie_ac_001\AC\{6A8E65DE-0F01-B98F-34FE-2B3B1AB08DAE} deleted C:\Users\rowen\AppData\Local\Packages\windows_ie_ac_001\AC\{8BD82E33-85F2-B924-CE2C-A8C872D031BA} deleted C:\Users\rowen\AppData\Local\Packages\windows_ie_ac_001\AC\{A975D67A-E8E1-5BC5-9373-7530CA2A3587} deleted C:\Users\rowen\AppData\Local\Packages\windows_ie_ac_001\AC\{D27B88DD-CF95-F58C-57ED-B70EDCFE8F71} deleted C:\PROGRA~3\f9100235c9905e6 deleted C:\PROGRA~2\cosstminn deleted C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted C:\PROGRA~2\COMMON~1\Config deleted C:\awh3641.tmp deleted C:\awh3C52.tmp deleted C:\awh4C1A.tmp deleted C:\awh587C.tmp deleted C:\awh5A0F.tmp deleted C:\awh6238.tmp deleted C:\awh7AEE.tmp deleted C:\awh8DEA.tmp deleted C:\awhB5BB.tmp deleted C:\awhBBE5.tmp deleted C:\awhCD64.tmp deleted C:\PROGRA~3\eBay deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\WINDOWS\Syswow64\hfnapi.dll deleted C:\Users\rowen\Desktop\Continue installation - MediaPlayer.lnk deleted "C:\WINDOWS\Syswow64\lnsecsl.exe" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3973 MB CPU Info: Intel(R) Pentium(R) CPU 987 @ 1.50GHz CPU Speed: 1497,1 MHz Sound Card: Speaker/HP (Realtek High Defini | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | BCM43142 Wireless Network Adapter | Realtek PCIe GBE Family-controller CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8C2 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 437,7GB Hard Disks - Free: C: 383,7GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | Sony - 20131118 Time Zone: West-Europa (standaardtijd) Motherboard *: Sony Corporation VAIO Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 36.0.1985.125 Internet Explorer Version: 11.0.9600.17351 Google Chrome version: 36.0.1985.125 Adobe Reader version: 11.0.0.379 Sun Java version: 1.7.0_13 (32-bit) Sun Java version: 1.7.0_13 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\rowen\AppData\Local\Temp ==== 2014-10-21 22:30:07 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\libiconv2.dll 2014-10-21 22:30:07 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\libintl3.dll 2014-10-21 22:30:07 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\pcre3.dll 2014-10-21 22:30:07 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\regex2.dll 2014-10-21 22:30:06 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-10-19 20:58:16 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\rowen\AppData\Local\Temp\sqlite3.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-10-22 10:03:00 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\WINDOWS\SysWOW64\apply.bat 2014-10-22 10:03:00 23B7816D3DB142E19BD4FD4C71EF0071 1648 ----a-w- C:\WINDOWS\SysWOW64\apply.reg 2014-10-21 22:00:26 E3AB3E4D47D996001B6E6F61EC4B486C 454 ----a-w- C:\WINDOWS\SysWOW64\key.dat 2014-10-20 13:01:11 68058D91D76350473E8961D60530D663 105440 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-20 13:01:11 4B90A440C945F78BDDC23495BEA8AD87 706016 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-10-15 11:39:40 10F428429F7FF957B226E068A08B158A 3117568 ----a-w- C:\WINDOWS\SysWOW64\msi.dll 2014-10-15 11:39:39 C49344C2F399A22704C682C5E18B8DF2 2321920 ----a-w- C:\WINDOWS\SysWOW64\authui.dll 2014-10-15 11:39:25 CDB3123A2ABB34B830224B986568F4D4 626688 ----a-w- C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-10-15 10:50:20 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2014-10-15 10:50:06 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2014-10-15 10:50:04 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2014-10-15 10:50:03 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2014-10-15 10:50:02 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2014-10-15 10:50:01 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2014-10-15 10:50:00 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2014-10-15 10:50:00 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-10-15 10:49:59 980D01CB48811552E09D9CFF397886C9 315904 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-10-15 10:49:57 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-10-15 10:49:57 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2014-10-15 10:49:57 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2014-10-15 10:49:56 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-10-15 10:49:56 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2014-10-15 10:48:40 09ABB665890DDCB614974AE563F0D877 672256 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2014-10-15 10:48:39 FBC21212942F17DBA0A66C93ADC23F59 31232 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2014-10-15 10:48:39 C2F6C71F5316DA478632B3B463B06E6D 80896 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2014-10-15 10:48:39 B6D3D955FBB174081CDFB977B726D069 123904 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2014-10-15 10:47:09 CE9FDB173E3FDA974B9CC2596558EA47 68608 ----a-w- C:\WINDOWS\SysWOW64\packager.dll 2014-10-15 10:46:39 5D2C15BDAD48646C8CBC83903252D87C 514048 ----a-w- C:\WINDOWS\SysWOW64\rastls.dll 2014-10-15 10:46:29 F51B727AFF404ED8D730DFA069D88D7B 18722600 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2014-10-15 10:46:27 074BF061D97E49AAF04F2FAF46409A14 5902848 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-10-15 10:46:26 7BEE9E040222E7033A820780E1A61204 5777408 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll 2014-10-15 10:46:22 A4E624F7658D08C1717542FA10E0A973 1467384 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2014-10-15 10:46:20 E86549FED3008360730A6B722079D537 756224 ----a-w- C:\WINDOWS\SysWOW64\WSShared.dll 2014-10-15 10:46:20 76831C139BD9E227712B283A6A5ABBA8 840192 ----a-w- C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-10-15 10:46:18 24B30DB8D1F8CF0F8C1AAAE319BC508E 838144 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll 2014-10-15 10:46:16 DBA00F3FC75495058A25B24906C24599 1205976 ----a-w- C:\WINDOWS\SysWOW64\propsys.dll 2014-10-15 10:46:16 BFC6F7889A9CFF451A418862444B9F63 321024 ----a-w- C:\WINDOWS\SysWOW64\Wldap32.dll 2014-10-15 10:46:13 DA65F1320538BC417B8FAE0BCAC330A0 265216 ----a-w- C:\WINDOWS\SysWOW64\SkyDriveShell.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2014-10-15 11:39:40 4C3A631A721A49324715717535633002 2779648 ----a-w- C:\WINDOWS\Sysnative\msi.dll 2014-10-15 11:39:39 A00B916CD6A67984257DC53052350219 2646016 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2014-10-15 11:39:38 7667B9D81EA8FD6540E6CF72F92161A6 109568 ----a-w- C:\WINDOWS\Sysnative\appinfo.dll 2014-10-15 11:39:25 34B5290B8770A2FC578E3FEAD3FD7462 921600 ----a-w- C:\WINDOWS\Sysnative\MrmCoreR.dll 2014-10-15 11:39:23 8CBF1E2761816CFD9D32F8B32531D0FB 118272 ----a-w- C:\WINDOWS\Sysnative\winbici.dll 2014-10-15 11:39:06 6F338144D6C1115C9901024F5CFFDC87 275968 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll 2014-10-15 11:39:06 668D58194CF9C9550C5433B5C210E996 678400 ----a-w- C:\WINDOWS\Sysnative\aepdu.dll 2014-10-15 11:39:05 D46FD43F65070EAA744F2AEC0B7F2405 527360 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll 2014-10-15 10:50:43 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2014-10-15 10:50:21 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2014-10-15 10:50:10 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2014-10-15 10:50:08 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2014-10-15 10:50:03 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2014-10-15 10:50:03 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2014-10-15 10:50:02 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2014-10-15 10:50:01 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2014-10-15 10:50:00 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2014-10-15 10:49:59 2A1C9DB3F9C09795D77E9F24C30BE423 363008 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2014-10-15 10:49:59 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2014-10-15 10:49:58 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\WINDOWS\Sysnative\MshtmlDac.dll 2014-10-15 10:49:57 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\WINDOWS\Sysnative\jscript9diag.dll 2014-10-15 10:49:57 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2014-10-15 10:49:57 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2014-10-15 10:49:56 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2014-10-15 10:49:56 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2014-10-15 10:48:41 9FDD8CD31F3FBA88F050318F32D640E2 3448320 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2014-10-15 10:48:40 EEC80B8BF5B050D04DDCD88D03C9A771 59904 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2014-10-15 10:48:40 6D3FB811007A5330C6D85E182BCDFC85 839680 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2014-10-15 10:48:40 5E89EC6165E545B77122227E1DFFA23A 54752 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2014-10-15 10:48:40 23C814333BDA6B07248E6E865D91B728 1702400 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2014-10-15 10:48:40 1D66D0788D7A398B4BF9030C45B5F71C 50688 ----a-w- C:\WINDOWS\Sysnative\wups2.dll 2014-10-15 10:48:39 65297383420B2C09A7D2838C76106CEE 93696 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2014-10-15 10:48:39 35D45C2646794C66EAAD8FE11944A714 35328 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2014-10-15 10:48:39 1A941A83126E35782401E43C84FC90C7 388608 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2014-10-15 10:48:39 094D5D55C02FA2547A0B46A0ABC629D5 137728 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2014-10-15 10:47:10 F782575495709CD79F1A15EFD11D51E3 76288 ----a-w- C:\WINDOWS\Sysnative\packager.dll 2014-10-15 10:46:39 25EE65F2FA154EDED0E87354311FB1E2 590336 ----a-w- C:\WINDOWS\Sysnative\rastls.dll 2014-10-15 10:46:32 34A16F6F9546595952C65003D9A4B474 21195616 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2014-10-15 10:46:30 1676B06421492B439A9E60C55692A921 8757760 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Search.dll 2014-10-15 10:46:27 8A522BBE4E06586C57E5D9DC50FB88B0 6649344 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll 2014-10-15 10:46:26 57CA779C19C2F224BE0C5EFC40F54B60 4758528 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2014-10-15 10:46:23 5053FE9043FB84D71B04EFC7D5DA13CF 1710184 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2014-10-15 10:46:23 10CE7F7704E293F6CC6E0AF51DBFD95A 1106432 ----a-w- C:\WINDOWS\Sysnative\SearchFolder.dll 2014-10-15 10:46:22 37C1CBCB3F420C754E86E3EC313D436D 1112512 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll 2014-10-15 10:46:21 30293301B14D0D11D086B09831F5FE0D 920064 ----a-w- C:\WINDOWS\Sysnative\WSShared.dll 2014-10-15 10:46:21 2ECA23663D13100032E09062C743C70D 1507648 ----a-w- C:\WINDOWS\Sysnative\propsys.dll 2014-10-15 10:46:20 ACFEE9487693C2BD573DFCA71D98E17C 914432 ----a-w- C:\WINDOWS\Sysnative\iphlpsvc.dll 2014-10-15 10:46:20 ABB028BAB78E7B4AFE374F8246F6CCB6 359424 ----a-w- C:\WINDOWS\Sysnative\Wldap32.dll 2014-10-15 10:46:16 FD4EA8E9232ADD51DC31C295DDEF2768 287744 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll 2014-10-15 10:46:15 66CBCDDEF429E5BA83C3288EEB0771A6 717824 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll 2014-10-15 10:46:14 F58FBEA392B663B936E62939A877CA80 1120768 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe 2014-10-15 10:46:14 E325BCD68EC0CF2E2EDD0AB7CC17C698 267776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll 2014-10-15 10:46:14 73F269436228D5625E83A1EAF3549F58 118272 ----a-w- C:\WINDOWS\Sysnative\httpprxm.dll 2014-10-15 10:46:14 5D4A403DAE434FBA11779496EAFBDDE8 75776 ----a-w- C:\WINDOWS\Sysnative\adhsvc.dll 2014-10-15 10:46:14 3014CE5846A486C624E3E2CEB8C3290C 286208 ----a-w- C:\WINDOWS\Sysnative\SkyDriveShell.dll 2014-10-15 10:46:14 0DD29E5328436D51517316CD6D3BACCA 286208 ----a-w- C:\WINDOWS\Sysnative\pcsvDevice.dll 2014-10-15 10:46:13 36F977EDAE6CEE96CE6409B2B16765B4 290816 ----a-w- C:\WINDOWS\Sysnative\ProximityService.dll 2014-10-15 10:46:12 B6F423906D3E10BE38C16726C0905033 388729 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml ====== C:\WINDOWS\Sysnative\drivers ===== 2014-10-15 10:46:25 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-10-15 10:46:14 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\rowen\AppData\Roaming ====== 2014-10-20 13:04:12 -------- d-----w- C:\Users\rowen\AppData\Local\29295 ====== C:\Users\rowen ====== 2014-10-22 09:48:10 B0EFB6CB3E3FD6857A2FD20C23433583 906 ----a-w- C:\Users\Public\hoi.txt 2014-10-22 08:43:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Public\Documents\RSITx64.exe ====== C: exe-files == 2014-10-22 08:43:58 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Public\Documents\RSITx64.exe 2014-10-20 13:04:12 0C24213ECE64C7F3C093AFDCCA59D7CE 614912 ----a-w- C:\Users\rowen\AppData\Local\29295\Updater.exe 2014-10-15 10:50:00 0B219DF6F397F076BC4DF0249156D010 812688 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-10-15 10:49:59 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-10-15 10:49:59 8A120D686685E02B5D8760C723E890B4 810640 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-15 10:49:59 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe === C: other files == 2014-10-21 22:30:03 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\prelim.bat 2014-10-21 22:30:03 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\TDL4.bat 2014-10-21 22:30:03 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\medfos.bat 2014-10-21 22:30:03 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\surfvox.bat 2014-10-21 22:30:03 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\searchlnk.bat 2014-10-21 22:30:03 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\firefox.bat 2014-10-21 22:30:03 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\ev_clear.bat 2014-10-21 22:30:03 7F7A362CC9FBF3AD1D1E7C37DD825C0F 14957 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\get.bat 2014-10-21 22:30:03 730313487A4CF7DCAA4039643F72A1BE 184027 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\misc.bat 2014-10-21 22:30:03 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\mws.bat 2014-10-21 22:30:03 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\ask.bat 2014-10-21 22:30:03 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\iexplore.bat 2014-10-21 22:30:03 323C58D6693BEC9A6A37566F37D81B22 9469 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\runvalues.bat 2014-10-21 22:30:03 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\delfolders.bat 2014-10-21 22:30:03 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\rowen\AppData\Local\Temp\jrt\chrome.bat 2014-10-21 22:22:23 F26DFC5E2823742386D81B59E236800B 5034558 ----a-w- C:\Users\rowen\AppData\Local\Microsoft\Windows\INetCache\IE\ZKTXA47A\WzProdAdv[1].zip 2014-10-15 10:50:43 C2BBFC3872442092AD2260F564AB9AD9 4183040 ----a-w- C:\Windows\System32\win32k.sys 2014-10-15 10:46:25 87F3713E620F62D243A82B3CB66CBDDE 2498880 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-10-15 10:46:14 329FEB41BBE82FBBD9BD69547BA1CB82 428864 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-309808750-1984114988-2702305126-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app --load-component-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\man --flag-switches-begin --flag-switches-end --restore-last-session http://istart.webssearches.com/?type=sc&ts=1405681124&from=amt&uid=HGSTXHTS545050A7E380_130621TM8513493MWW5LX" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" "Adobe ARM"="c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Intel AppUp(R) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4" "Memeo Instant Backup"="C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui" "mcpltui_exe"="C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe /platui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #0"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\app --load-component-extension=c:\Program Files\Google\Chrome\Application\Extensions\chrome\man --flag-switches-begin --flag-switches-end --restore-last-session http://istart.webssearches.com/?type=sc&ts=1405681124&from=amt&uid=HGSTXHTS545050A7E380_130621TM8513493MWW5LX" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO" "Broadcom Wireless Manager UI"="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" "Bluetooth"="C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2013-07-30 18:59:43 1887 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Parental Controls.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-05-2014 11:35] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-05-2014 11:35] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [12-07-2013 10:08] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\WINDOWS\SysNative\tasks\USER_ESRV_SVC" ["C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{FFFD49F6-2DCF-4D21-B6B8-3C28439C9102}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\CheckSystemInfo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\DeployCRMflag" ["%ProgramFiles%\Sony\VAIO Care\DeployCRMflag.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\GetPOTInfo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\UpdateContacts" ["%ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\UpdateSolution" ["%ProgramFiles%\Sony\VAIO Care\Solution.Updater.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\UploadPOT" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VAIO Care" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCCheckIolo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCMetrics" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCOneClick" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCRLog" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Care\VCSelfHeal" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\Level4Daily" [C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\Level4Month" [C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem" [C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser" [C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start" [C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask" [C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck" ["%ProgramFiles(x86)%\Sony\VAIO Recovery\plugins\InformationCheck.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader" [C:\Program Files\Sony\VAIO Improvement\viuploader.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update" ["C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe"] "C:\WINDOWS\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair" [C:\Program Files\Sony\VAIO Update\VUSR.exe] "C:\WINDOWS\SysNative\tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start" [C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe] ==== Chromium Look ====================== Google Drive - rowen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - rowen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - rowen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - rowen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - rowen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\rowen\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPEE1196E0-93A0-4E23-BAB0-BB5C4EB46865&SSPV=", "startup_urls": [ "http://www.google.nl/", "http://istart.webssearches.com/?type=hp&ts=1405681124&from=amt&uid=HGSTXHTS545050A7E380_130621TM8513493MWW5LX", "http://search.gboxapp.com/" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {879F8B1E-F5B7-4843-94B2-B2042775C866} eBay Url="http://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=http://shop.ebay.co.uk/?oemInLn=ieSrch-&_nkw={searchTerms}" {8B0C00A1-C8BF-44EF-ACEF-4E9404C9ACA1} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:63337;https=127.0.0.1:63337" "ProxyOverride"="<-loopback>" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [Adobe ARM] "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe" /platui O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --extensions-on-chrome-urls --test-type --load-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\app" --load-component-extension="c:\Program Files\Google\Chrome\Application\Extensions\chrome\man" --flag-switches-begin --flag-switches-end --restore-last-session http://istart.webssearches.com/?type=sc&ts=1405681124&from=amt&uid=HGSTXHTS545050A7E380_130621TM8513493MWW5LX O4 - Global Startup: McAfee Parental Controls.lnk = C:\Program Files\McAfeeEx\MOCP\core\OcpTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.samsungsetup.com O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O23 - Service: Adobe Licensing Console - - C:\WINDOWS\SysWOW64\lnsecsl.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @oem33.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Energy Server Service (ESRV_SVC) - Intel Corporation - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Security Scan Component Host Service for Sony (McComponentHostServiceSony) - McAfee, Inc. - C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee PC Task Scheduler Service (McSchedulerSvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Content Filter (mfeicfcoreocp) - McAfee, Inc. - C:\Program Files\McAfeeEx\MOCP\core\mfeicfcore.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NetworkSupport - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: User Energy Server Service (USER_ESRV_SVC) - Intel Corporation - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\vuagent.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\rowen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\rowen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\rowen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=59 folders=22 10912333 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\rowen\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\rowen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\Syswow64\lnsecsl.exe" not found ==== EOF on wo 22-10-2014 at 12:12:47,97 ======================