Zoek.exe v5.0.0.0 Updated 24-11-2014 Tool run by Sabine on ma 24-11-2014 at 19:50:44,40. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sabine\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 24-11-2014 19:53:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\FirstRowSportApp.com deleted successfully C:\PROGRA~2\iMesh Applications deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\Users\Sabine\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Sabine\AppData\Roaming\Systweak deleted successfully C:\Users\Sabine\AppData\Local\Conduit deleted successfully C:\Users\Sabine\AppData\Local\DataSafeOnline deleted successfully C:\Users\Sabine\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3283321390-2933349690-2578986002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully HKEY_USERS\S-1-5-21-3283321390-2933349690-2578986002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3283321390-2933349690-2578986002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully HKEY_CLASSES_ROOT\CLSID\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc88b768-bd06-4382-b56e-5e88aeb0b939} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3283321390-2933349690-2578986002-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully ==== Running Processes ====================== C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Sabine\AppData\Roaming\Spotify\spotify.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Sabine\Downloads\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fa6789c5 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fa6789c5 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_24-11-2014_2008_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc88b768-bd06-4382-b56e-5e88aeb0b939}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc88b768-bd06-4382-b56e-5e88aeb0b939}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #3"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== "C:\windows\Installer\58ae4.msi" not found C:\ProgramData\quickpick deleted C:\Program Files (x86)\2YourFace deleted C:\PROGRA~3\4d09ce8d5400296d deleted C:\PROGRA~3\Premium deleted C:\PROGRA~3\WoW Worldwide Software LTD deleted C:\Users\Sabine\AppData\LocalLow\Conduit deleted C:\Users\Sabine\.android deleted C:\PROGRA~2\VideoCnv deleted C:\PROGRA~2\SweetIM deleted C:\PROGRA~2\Conduit deleted C:\PROGRA~3\freedeal deleted C:\PROGRA~3\SweetIM deleted C:\PROGRA~3\wxDownload deleted C:\PROGRA~3\InstallMate deleted C:\Users\Sabine\AppData\Local\CRE deleted C:\Users\Sabine\AppData\Local\iMesh deleted C:\Users\Sabine\AppData\Local\SwvUpdater deleted C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com deleted C:\windows\SysNative\roboot64.exe deleted C:\Users\Sabine\Downloads\avg_free_stb_all_2013_2899_cnet.exe deleted C:\Users\Sabine\Downloads\SoftonicDownloader_for_file-repair.exe deleted C:\Users\Sabine\Downloads\SoftonicDownloader_voor_ares-music.exe deleted C:\Users\Sabine\Downloads\SoftonicDownloader_voor_utorrent (1).exe deleted C:\Users\Sabine\Downloads\SoftonicDownloader_voor_utorrent.exe deleted C:\Users\Sabine\AppData\LocalLow\imeshbandmltbpi deleted C:\Users\Sabine\AppData\LocalLow\BabylonToolbar deleted C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted C:\components deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysWow64\searchplugins deleted C:\windows\SysWow64\Extensions deleted C:\Users\Sabine\Desktop\Sabine\AppData\LocalLow\PHPNukeDU\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted "C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi" deleted "C:\PROGRA~3\Package Cache" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3895 MB CPU Info: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz CPU Speed: 1864,3 MHz Sound Card: Luidsprekers / Koptelefoon (IDT | Onafhankelijk (R.T.C.) koptelef | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) | Broadcom Virtual Wireless Adapter | DW1501 draadloze N WLAN Half Mini-kaart CD / DVD Drives: 1x (D: | ) D: PLDS DVD+-RW DS-8A5SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 451,0GB Hard Disks - Free: C: 337,1GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 01/09/10 | DELL - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 0XRYW2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 38.0.2125.111 Internet Explorer Version: 11.0.9600.17420 Google Chrome version: 38.0.2125.111 Adobe Reader version: 9.1.0.2009022700 Sun Java version: 1.7.0_67 (32-bit) Sun Java version: 1.7.0_40 (64-bit) Shockwave Player version: 12.0.4r144 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\Sabine\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2014-11-22 13:29:13 98B3C919C6B9C5F810FF2CAFA339822B 186880 ----a-w- C:\windows\SysWOW64\pku2u.dll 2014-11-22 13:29:02 ADFB31FA72AFE0298A60BF4AC1045A42 550912 ----a-w- C:\windows\SysWOW64\kerberos.dll 2014-11-14 22:17:18 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\windows\SysWOW64\adtschema.dll 2014-11-14 22:17:17 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\windows\SysWOW64\msaudite.dll 2014-11-14 22:17:17 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\windows\SysWOW64\secur32.dll 2014-11-14 22:17:17 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\windows\SysWOW64\sspicli.dll 2014-11-14 22:16:50 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\windows\SysWOW64\iernonce.dll 2014-11-14 22:16:50 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\windows\SysWOW64\mshtmled.dll 2014-11-14 22:16:50 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\windows\SysWOW64\ieetwproxystub.dll 2014-11-14 22:16:49 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\windows\SysWOW64\iedkcs32.dll 2014-11-14 22:16:49 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-14 22:16:49 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\windows\SysWOW64\urlmon.dll 2014-11-14 22:16:48 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\windows\SysWOW64\mshtml.dll 2014-11-14 22:16:48 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\windows\SysWOW64\dxtrans.dll 2014-11-14 22:16:48 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\windows\SysWOW64\msfeeds.dll 2014-11-14 22:16:47 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb 2014-11-14 22:16:46 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\windows\SysWOW64\iertutil.dll 2014-11-14 22:16:46 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\windows\SysWOW64\inetcpl.cpl 2014-11-14 22:16:46 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\windows\SysWOW64\ieapfltr.dll 2014-11-14 22:16:46 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\windows\SysWOW64\iesetup.dll 2014-11-14 22:16:45 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\windows\SysWOW64\jscript9diag.dll 2014-11-14 22:16:44 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\windows\SysWOW64\dxtmsft.dll 2014-11-14 22:16:44 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\windows\SysWOW64\jsproxy.dll 2014-11-14 22:16:44 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\windows\SysWOW64\ieUnatt.exe 2014-11-14 22:16:43 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\windows\SysWOW64\ieui.dll 2014-11-14 22:16:43 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\windows\SysWOW64\ieframe.dll 2014-11-14 22:16:40 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\windows\SysWOW64\jscript9.dll 2014-11-14 22:16:40 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\windows\SysWOW64\mshtmlmedia.dll 2014-11-14 22:16:39 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\windows\SysWOW64\vbscript.dll 2014-11-14 22:16:39 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\windows\SysWOW64\wininet.dll 2014-11-14 22:16:38 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll 2014-11-14 22:16:37 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\windows\SysWOW64\msrating.dll 2014-11-14 22:16:20 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\windows\SysWOW64\msxml3.dll 2014-11-14 22:16:20 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\windows\SysWOW64\msxml3r.dll 2014-11-14 22:16:18 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\windows\SysWOW64\IMJP10K.DLL 2014-11-14 22:16:16 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\windows\SysWOW64\AUDIOKSE.dll 2014-11-14 22:16:15 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\windows\SysWOW64\AudioEng.dll 2014-11-14 22:16:14 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\windows\SysWOW64\AudioSes.dll 2014-11-14 22:16:09 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\windows\SysWOW64\msv1_0.dll 2014-11-14 22:16:09 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\windows\SysWOW64\ncrypt.dll 2014-11-14 22:16:09 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\windows\SysWOW64\schannel.dll 2014-11-14 22:16:08 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\windows\SysWOW64\TSpkg.dll 2014-11-14 22:16:08 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\windows\SysWOW64\wdigest.dll 2014-11-14 22:16:07 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\windows\SysWOW64\credssp.dll 2014-11-14 22:15:44 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\windows\SysWOW64\packager.dll 2014-11-14 22:15:37 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\windows\SysWOW64\msi.dll 2014-11-14 22:15:04 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\windows\SysWOW64\oleaut32.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2014-11-22 13:29:13 8A8CB073A4B9F9D97CFA8CA9C1C851CE 728064 ----a-w- C:\windows\Sysnative\kerberos.dll 2014-11-22 13:29:13 1306E6A1BF4D506CD687DF9F947270F2 241152 ----a-w- C:\windows\Sysnative\pku2u.dll 2014-11-14 22:17:33 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\windows\Sysnative\generaltel.dll 2014-11-14 22:17:32 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\windows\Sysnative\aepdu.dll 2014-11-14 22:17:31 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\windows\Sysnative\aeinv.dll 2014-11-14 22:17:19 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\windows\Sysnative\termsrv.dll 2014-11-14 22:17:18 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\windows\Sysnative\lsasrv.dll 2014-11-14 22:17:18 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\windows\Sysnative\adtschema.dll 2014-11-14 22:17:17 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\windows\Sysnative\msaudite.dll 2014-11-14 22:16:50 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\windows\Sysnative\ieetwcollector.exe 2014-11-14 22:16:50 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\windows\Sysnative\ieetwproxystub.dll 2014-11-14 22:16:49 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb 2014-11-14 22:16:49 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\windows\Sysnative\ie4uinit.exe 2014-11-14 22:16:49 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\windows\Sysnative\iernonce.dll 2014-11-14 22:16:48 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll 2014-11-14 22:16:46 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\windows\Sysnative\urlmon.dll 2014-11-14 22:16:46 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\windows\Sysnative\iedkcs32.dll 2014-11-14 22:16:45 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\windows\Sysnative\ieetwcollectorres.dll 2014-11-14 22:16:44 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\windows\Sysnative\MsSpellCheckingFacility.exe 2014-11-14 22:16:43 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\windows\Sysnative\dxtrans.dll 2014-11-14 22:16:43 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\windows\Sysnative\msfeeds.dll 2014-11-14 22:16:42 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\windows\Sysnative\ieapfltr.dll 2014-11-14 22:16:42 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\windows\Sysnative\iesetup.dll 2014-11-14 22:16:41 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\windows\Sysnative\iertutil.dll 2014-11-14 22:16:41 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\windows\Sysnative\inetcpl.cpl 2014-11-14 22:16:39 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\windows\Sysnative\jsproxy.dll 2014-11-14 22:16:39 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\windows\Sysnative\ieUnatt.exe 2014-11-14 22:16:36 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\windows\Sysnative\ieui.dll 2014-11-14 22:16:36 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\windows\Sysnative\dxtmsft.dll 2014-11-14 22:16:35 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\windows\Sysnative\ieframe.dll 2014-11-14 22:16:34 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\windows\Sysnative\mshtmlmedia.dll 2014-11-14 22:16:34 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\windows\Sysnative\mshtmled.dll 2014-11-14 22:16:33 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\windows\Sysnative\jscript9.dll 2014-11-14 22:16:33 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\windows\Sysnative\jscript9diag.dll 2014-11-14 22:16:32 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\windows\Sysnative\vbscript.dll 2014-11-14 22:16:32 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\windows\Sysnative\wininet.dll 2014-11-14 22:16:31 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\windows\Sysnative\msrating.dll 2014-11-14 22:16:31 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\windows\Sysnative\MshtmlDac.dll 2014-11-14 22:16:29 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\windows\Sysnative\mshtml.dll 2014-11-14 22:16:21 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\windows\Sysnative\msxml3.dll 2014-11-14 22:16:20 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\windows\Sysnative\msxml3r.dll 2014-11-14 22:16:19 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\windows\Sysnative\IMJP10K.DLL 2014-11-14 22:16:16 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\windows\Sysnative\AudioSes.dll 2014-11-14 22:16:16 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\windows\Sysnative\audiosrv.dll 2014-11-14 22:16:16 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\windows\Sysnative\EncDump.dll 2014-11-14 22:16:16 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\windows\Sysnative\AudioEng.dll 2014-11-14 22:16:16 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\windows\Sysnative\AUDIOKSE.dll 2014-11-14 22:16:10 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\windows\Sysnative\schannel.dll 2014-11-14 22:16:09 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\windows\Sysnative\ncrypt.dll 2014-11-14 22:16:08 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\windows\Sysnative\TSpkg.dll 2014-11-14 22:16:08 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\windows\Sysnative\wdigest.dll 2014-11-14 22:16:08 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\windows\Sysnative\msv1_0.dll 2014-11-14 22:16:07 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\windows\Sysnative\credssp.dll 2014-11-14 22:15:44 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\windows\Sysnative\win32k.sys 2014-11-14 22:15:44 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\windows\Sysnative\packager.dll 2014-11-14 22:15:38 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\windows\Sysnative\msi.dll 2014-11-14 22:15:04 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\windows\Sysnative\oleaut32.dll ====== C:\windows\Sysnative\drivers ===== 2014-11-24 18:48:57 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-11-24 18:48:10 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys 2014-11-24 18:48:10 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys 2014-11-14 22:17:18 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\windows\Sysnative\drivers\ksecpkg.sys ====== C:\windows\Tasks ====== ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2014-11-24 17:02:07 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Sabine\AppData\Roaming ====== ====== C:\Users\Sabine ====== 2014-11-24 17:01:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sabine\Downloads\RSITx64.exe ====== C: exe-files == 2014-11-24 17:02:08 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Sabine.exe 2014-11-24 17:01:48 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sabine\Downloads\RSITx64.exe === C: other files == 2014-11-24 18:48:57 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-11-24 18:48:10 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-11-24 18:48:10 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3283321390-2933349690-2578986002-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Program Files (x86)\Ares\Ares.exe -h" "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Spotify"="C:\Users\Sabine\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m" "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2" "Desktop Disc Tool"="C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Program Files (x86)\Ares\Ares.exe -h" "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Spotify"="C:\Users\Sabine\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\browse~1\\261095~1.52\\{c16c1~1\\browse~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IgfxTray"="C:\windows\system32\igfxtray.exe" "HotKeysCmds"="C:\windows\system32\hkcmd.exe" "Persistence"="C:\windows\system32\igfxpers.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "msnmsgr"="~\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "DellSupportCenter"="\"C:\\Program Files (x86)\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter" ==== Startup Folders ====================== 2010-09-18 09:04:45 2000 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2010-09-18 09:04:45 2000 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2010-09-18 08:59:01 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-01-2013 21:14] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20-01-2013 21:14] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\AdobeAAMUpdater-1.0-Sabine-PC-Sabine" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\windows\SysNative\tasks\{00223399-F8DA-4DBE-9556-41FBADBC1313}" [C:\Program Files (x86)\Ares\Ares.exe] "C:\windows\SysNative\tasks\{6F70894D-9D61-474F-95FC-353F0EC2157D}" [C:\Program Files (x86)\Ares\Ares.exe] "C:\windows\SysNative\tasks\{B52A9B80-D3D2-4BC7-95F7-362BB057DD87}" [C:\Program Files (x86)\Ares\Ares.exe] "C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "shabtay@gmail.com"="C:\Program Files (x86)\2YourFace\2YourFace.xpi" [] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Sabine\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] lmblfngognklgemafekefcdjcnkdhmdm - C:\Program Files (x86)\2YourFace\2YourFace.crx[] ocoombckbcnabpaghmokhaapnbngahck - C:\Users\Sabine\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Sabine\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] ocoombckbcnabpaghmokhaapnbngahck - C:\Users\Sabine\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx[] Media Hint - Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb Media Hint - Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja Funmoods - Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif Google Wallet - Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.avg.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnewe1.ourtoolbar.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnewe1.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vakantiedeals.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_vakantiedeals.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ares-music.nl.softonic.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ares-music.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.nl.softonic.com_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage-journal deleted successfully C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihflimipbcaljfnojhhknppphnnciiif deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B0FD4B799947F554FAAB7FF0466D8DA6 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ocoombckbcnabpaghmokhaapnbngahck deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7D367FDF-8E9F-EE67-25C5-ECABBBAD5692} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97B4DF0B-7499-455F-AFBA-F70F64D6D86A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B0FD4B799947F554FAAB7FF0466D8DA6 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Spotify] "C:\Users\Sabine\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Sabine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Sabine\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sabine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sabine\Desktop\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Sabine\Desktop\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=532 folders=132 120158994 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Sabine\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Sabine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied