Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Soaleban on zo 30-11-2014 at 16:58:55,10. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Soaleban\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30-11-2014 17:01:14 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\PROGRA~2\Canon IJ Network Tool deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully C:\Users\Soaleban\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-440283077-2103972966-1571400078-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{dcb19fe0-a847-4117-8542-caf5bf931a7a} deleted successfully HKEY_USERS\S-1-5-21-440283077-2103972966-1571400078-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{dcb19fe0-a847-4117-8542-caf5bf931a7a} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87d92fb0-ec3d-4e93-8de8-e99c9e60c9bb} deleted successfully HKEY_CLASSES_ROOT\CLSID\{87d92fb0-ec3d-4e93-8de8-e99c9e60c9bb} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87d92fb0-ec3d-4e93-8de8-e99c9e60c9bb} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{dcb19fe0-a847-4117-8542-caf5bf931a7a} deleted successfully HKEY_CLASSES_ROOT\CLSID\{dcb19fe0-a847-4117-8542-caf5bf931a7a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcb19fe0-a847-4117-8542-caf5bf931a7a} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 15 Plugin Akamai NetSession Interface AMD Catalyst Control Center AMD Catalyst Install Manager Apple Software Update BitTorrent BullGuard Internet Security Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 2 Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG3500 series MP Drivers Canon MG3500 series On-screen Manual Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver Updater Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) Counter-Strike: Global Offensive Evaluatieversie van Microsoft Office Professional Plus 2007 Gebruikersregistratie voor Canon MG3500 series Google Chrome Google Update Helper greatsaving Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 8 Update 25 Java Auto Updater League of Legends Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word Viewer 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Mozilla Firefox 30.0 (x86 en-US) Mozilla Maintenance Service NVIDIA PhysX Online Plug-in Optimizer Pro v3.2 Overwolf PAYDAY 2 Realtek Ethernet Controller Driver Reimage Repair Safari SaveItCoupons savinshop Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Self-service Plug-in SkypeT 6.22 Spotify Steam SumatraPDF System Requirements Lab for Intel Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL TeamSpeak 3 Client TeamViewer 9 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VLC media player 2.1.1 WinRAR 5.01 (32-bit) ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\Citrix\ICA Client\redirector.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Soaleban\AppData\Roaming\Spotify\spotify.exe C:\Users\Soaleban\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Soaleban\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Citrix\Receiver\Receiver.exe C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files\Steam\steam.exe C:\Program Files\Steam\bin\steamwebhelper.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Windows\system32\conime.exe C:\Program Files\Steam\bin\steamwebhelper.exe C:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe C:\Program Files\Steam\bin\steamwebhelper.exe C:\Program Files\Steam\GameOverlayUI.exe C:\Windows\system32\taskeng.exe C:\Users\Soaleban\Desktop\zoek.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\SvcHost.exe -k BullGuard_Main C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\SvcHost.exe -k BullGuard_Backup C:\Windows\System32\SvcHost.exe -k BullGuard C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\SvcHost.exe -k BullGuard_Cache ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ReimageRealTimeProtector deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Soaleban\AppData\Roaming\Mozilla\Firefox\Profiles\61i8ksur.default user.js not found ---- Lines extensions.VXys07cATL98j2Qp removed from prefs.js ---- user_pref("extensions.VXys07cATL98j2Qp.epoch", "1416576857"); user_pref("extensions.VXys07cATL98j2Qp.url", "http://superiend.org/sync2/?q=hfZ9ofq7CGhEAen0rihTB6lKDzt4ok4rtNtVh7n0rjnFrja4rjnFrTn7tMFHhd9FqdwFrjUFrT ---- FireFox user.js and prefs.js backups ---- prefs_30-11-2014_1715_.backup ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rak47ibr.default prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87d92fb0-ec3d-4e93-8de8-e99c9e60c9bb}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcb19fe0-a847-4117-8542-caf5bf931a7a}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\greatsaving deleted C:\ProgramData\savinshop deleted C:\ProgramData\Reimage Protector deleted C:\Program Files\Reimage deleted C:\Program Files\Optimizer Pro deleted C:\Users\Soaleban\AppData\Roaming\OpenCandy deleted C:\ProgramData\ChampionDeals deleted C:\PROGRA~2\3f6acb64d33c9a26 deleted C:\awh1BAA.tmp deleted C:\awh2654.tmp deleted C:\awh27DA.tmp deleted C:\awh384E.tmp deleted C:\awh41D0.tmp deleted C:\awh671B.tmp deleted C:\awh67F7.tmp deleted C:\awh696C.tmp deleted C:\awh7129.tmp deleted C:\awh73B8.tmp deleted C:\awh78B8.tmp deleted C:\awh8268.tmp deleted C:\awh8AFF.tmp deleted C:\awh8D12.tmp deleted C:\awh92DC.tmp deleted C:\awhB26.tmp deleted C:\awhB846.tmp deleted C:\awhC5FC.tmp deleted C:\awhE08E.tmp deleted C:\awhF823.tmp deleted C:\awhF9D8.tmp deleted C:\user.js deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Soaleban\AppData\Roaming\appdataFr2.bin deleted C:\PROGRA~2\APN deleted C:\PROGRA~2\SaveItCoupons deleted C:\PROGRA~2\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair deleted C:\rei deleted C:\Users\Soaleban\Downloads\ReimageRepair.exe deleted C:\Windows\Reimage.ini deleted C:\Windows\system32\tasks\ReimageUpdater deleted C:\Windows\system32\Tasks\Reimage Reminder deleted C:\END deleted C:\Users\Soaleban\AppData\Roaming\Mozilla\Firefox\Profiles\61i8ksur.default\extensions\staged deleted C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\rak47ibr.default\extensions\staged deleted C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk deleted C:\Users\Soaleban\Desktop\Optimizer Pro.lnk deleted C:\Users\Soaleban\AppData\Roaming\Mozilla\Firefox\Profiles\61i8ksur.default\extensions\b@24o.com deleted "C:\Windows\Installer\147bda.msi" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 3521 MB CPU Info: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz CPU Speed: 3094,0 MHz Sound Card: Luidsprekers (Turtle Beach PX11 | 1 - Digital Display Audio (AMD | Display Adapters: AMD Radeon R7 200 Series | AMD Radeon R7 200 Series | AMD Radeon R7 200 Series | AMD Radeon R7 200 Series | AMD Radeon R7 200 Series | AMD Radeon R7 200 Series | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW SH-S223C Ports: COM1 LPT1 Mouse: 7 Button Wheel Mouse Present Hard Disks: C: 931,5GB Hard Disks - Free: C: 672,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/08/14 | ALASKA - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. B85M-E Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: BullGuard Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: BullGuard Antispyware disabled (Outdated) Firewall: BullGuard Firewall disabled Default Browser: Google Chrome 38.0.2125.111 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 30.0 (x86 en-US) Google Chrome version: 38.0.2125.111 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 15.0.0.239 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Soaleban\AppData\Local\Temp ==== ====== Java Cache ===== 2014-11-20 13:32:57 7BD727C006133C96C0DC0B2EBB30C8BE 81 ----a-w- C:\Users\Soaleban\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\4074b9d6-e7c493efb2b319a517a0d7b46b16f9b894500ad51574e22e8ec4618b639dd0e1-6.0.lap 2014-11-20 13:33:07 6921D493774FF639E4FC3933FF7175BD 1479355 ----a-w- C:\Users\Soaleban\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\62eca32e-204852a8 2014-11-20 13:36:31 6921D493774FF639E4FC3933FF7175BD 1479355 ----a-w- C:\Users\Soaleban\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\330918f0-5cb0c1d9 2014-11-20 13:36:32 0318D3F32678A83FD3BB8F6E2DB7FDF0 67861 ----a-w- C:\Users\Soaleban\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57726079-10f00ef8 ====== C:\Windows\system32 ===== 2014-11-30 14:57:20 0AEA140CF9ECABD73E94CD87F323D70A 512 ----a-w- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2014-11-25 10:15:30 68CB35E8208D9E37691DED5D73417F0F 7218 ----a-w- C:\Windows\System32\ScanResults.xml 2014-11-25 10:13:38 406E76BE63C65E0BF4B263156320254E 464 ----a-w- C:\Windows\System32\ScannerSettings 2014-11-19 20:47:00 1DE1C07B256961012DCE0674EA488DE7 499200 ----a-w- C:\Windows\System32\kerberos.dll ====== C:\Windows\system32\drivers ===== 2014-11-06 20:52:07 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2014-10-31 17:57:40 F2AEE22231046CAD8D2F94D2C0F9BEFB 343456 ----a-w- C:\Windows\System32\drivers\Trufos.sys ====== C:\Windows\Tasks ====== 2014-11-04 19:41:02 FFFDCC0819D1784331C905CC0528620C 1048 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 19:41:02 0168C2B220CC9B87DDE68533FEFFA3CE 4044 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2014-11-04 19:41:01 FB613E35EABE47B19E04AB6D1BD4923B 1044 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 19:41:01 11271F8FE733A15B5D10C3EF4A5CCFFA 3792 ----a-w- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2014-10-31 21:20:24 7227EA7CC551431E0DC754BE6773738F 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-31 21:20:24 3FAFA4587E6F915DF24D59607710AF1D 3792 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-30 15:09:57 -------- d-----w- C:\Program Files\NVIDIA Corporation 2014-11-25 18:39:29 -------- d-----w- C:\Program Files\trend micro 2014-11-24 15:50:28 -------- d-----w- C:\Program Files\Common Files\Citrix 2014-11-24 15:36:13 -------- d-----w- C:\Program Files\Citrix 2014-11-17 15:31:51 -------- d-----w- C:\Program Files\Steam 2014-11-17 15:28:17 -------- d-----w- C:\Program Files\Microsoft Works 2014-11-17 15:27:51 -------- d-----w- C:\Program Files\Microsoft Visual Studio 2014-11-17 15:27:50 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-11-17 15:24:29 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2014-11-13 18:20:12 -------- d-----w- C:\Program Files\Common Files\Skype 2014-11-13 18:20:09 -------- d-----r- C:\Program Files\Skype 2014-11-09 17:30:08 -------- d-----w- C:\Program Files\Microsoft Office 2014-11-09 17:28:38 -------- d-----w- C:\Program Files\MSECache 2014-11-09 13:33:44 -------- d--h--w- C:\Program Files\CanonBJ 2014-11-09 13:30:31 -------- d-----w- C:\Program Files\Canon ======= C: ===== ====== C:\Users\Soaleban\AppData\Roaming ====== 2014-11-30 15:12:32 -------- d-----w- C:\Users\Soaleban\AppData\Local\PAYDAY 2 2014-11-25 17:49:49 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\vlc 2014-11-24 15:37:20 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\ICAClient 2014-11-24 15:36:14 -------- d-----w- C:\Users\Soaleban\AppData\Local\Citrix 2014-11-23 11:55:03 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\java 2014-11-23 11:54:51 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\.minecraft 2014-11-20 13:32:52 -------- d-----w- C:\Users\Soaleban\AppData\Locallow\Sun 2014-11-18 14:31:31 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2014-11-18 14:30:50 -------- d-----w- C:\Users\Soaleban\AppData\Local\Popcorn Time 2014-11-18 14:27:18 -------- d-----w- C:\Users\Soaleban\AppData\Local\app 2014-11-17 15:23:39 -------- d-----w- C:\Users\Soaleban\AppData\Local\Microsoft Help 2014-11-13 18:20:26 -------- d-----w- C:\Users\Soaleban\AppData\Local\Skype 2014-11-13 18:20:22 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Skype 2014-11-09 17:18:46 2432221B628BD70BBE9B4E865CC09208 4608 ----a-w- C:\Users\Soaleban\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-09 14:11:41 -------- d-----w- C:\Users\Soaleban\AppData\Local\Akamai 2014-11-09 14:01:24 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Canon 2014-11-09 13:53:45 -------- d-----w- C:\Users\Soaleban\AppData\Locallow\Canon Easy-WebPrint EX2 2014-11-09 13:53:45 -------- d-----w- C:\Users\Soaleban\AppData\Locallow\Canon Easy-WebPrint EX 2014-11-09 13:35:03 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\RHEng 2014-11-09 13:34:01 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\BitTorrent 2014-11-04 19:40:34 -------- d-----w- C:\Users\Soaleban\AppData\Local\Deployment 2014-11-04 19:40:34 -------- d-----w- C:\Users\Soaleban\AppData\Local\Apps 2014-11-04 14:28:32 -------- d-----w- C:\Users\Soaleban\AppData\Local\Apple 2014-11-03 15:02:03 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\LolClient 2014-11-02 14:22:03 -------- d-----w- C:\Users\Soaleban\AppData\Local\Popcorn-Time 2014-11-02 14:15:07 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-02 11:56:52 1B6D60BC6E5621B4D643313DAD230968 712772 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WPFFontCache_v0400-S-1-5-21-440283077-2103972966-1571400078-1002-8192.dat 2014-11-02 10:26:18 -------- d-----w- C:\Users\Soaleban\AppData\Local\Spotify 2014-11-02 10:26:00 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Spotify 2014-11-02 10:22:37 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\TS3Client 2014-11-02 10:17:48 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Riot Games 2014-11-02 10:16:52 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Adobe 2014-11-02 10:15:58 -------- d-----w- C:\Users\Soaleban\AppData\Local\Mozilla 2014-11-02 09:51:28 -------- d-s---w- C:\Users\Soaleban\AppData\Locallow\Microsoft 2014-11-02 09:50:02 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\ATI 2014-11-02 09:50:00 -------- d-----w- C:\Users\Soaleban\AppData\Local\ATI 2014-11-02 09:49:13 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Mozilla 2014-11-02 09:49:07 2345A241B59CD4D5C02169B6E6313A60 100432 ----a-w- C:\Users\Soaleban\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-02 09:48:55 BEA07E6D2B8DCE396FE21BAA61B34956 6 --sha-w- C:\Users\Soaleban\AppData\Locallow\desktop.ini 2014-11-02 09:48:55 -------- d-----w- C:\Users\Soaleban\AppData\Local\Google 2014-11-02 09:48:55 -------- d-----r- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-11-02 09:48:55 -------- d-----r- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-11-02 09:48:51 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Identities 2014-11-02 09:48:45 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\BullGuard 2014-11-02 09:48:37 -------- d-s---w- C:\Users\Soaleban\AppData\Roaming\Microsoft 2014-11-02 09:48:37 -------- d-----w- C:\Users\Soaleban\AppData\Roaming\Media Center Programs 2014-11-02 09:48:37 -------- d-----w- C:\Users\Soaleban\AppData\Local\Temp 2014-11-02 09:48:37 -------- d-----w- C:\Users\Soaleban\AppData\Local\Microsoft 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-02 09:27:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Overwolf 2014-11-02 09:18:46 -------- d-s---w- C:\Users\Gast\AppData\Locallow\Microsoft 2014-11-02 09:18:33 -------- d-----w- C:\Users\Gast\AppData\Roaming\ATI 2014-11-02 09:18:33 -------- d-----w- C:\Users\Gast\AppData\Local\ATI 2014-11-02 09:17:46 -------- d-----w- C:\Users\Gast\AppData\Roaming\Mozilla 2014-11-02 09:17:25 382A9F9A0C991C7EFC449D309C34EA83 49168 ----a-w- C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-02 09:17:21 BEA07E6D2B8DCE396FE21BAA61B34956 6 --sha-w- C:\Users\Gast\AppData\Locallow\desktop.ini 2014-11-02 09:17:21 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-11-02 09:17:21 -------- d-----r- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-11-02 09:17:21 -------- d-----r- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-11-02 09:17:11 -------- d-----w- C:\Users\Gast\AppData\Roaming\Identities 2014-11-02 09:17:05 -------- d-----w- C:\Users\Gast\AppData\Roaming\BullGuard 2014-11-02 09:17:02 -------- d-s---w- C:\Users\Gast\AppData\Roaming\Microsoft 2014-11-02 09:17:02 -------- d-----w- C:\Users\Gast\AppData\Roaming\Media Center Programs 2014-11-02 09:17:02 -------- d-----w- C:\Users\Gast\AppData\Local\Temp 2014-11-02 09:17:02 -------- d-----w- C:\Users\Gast\AppData\Local\Microsoft 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-01 22:14:22 5E19EFD61BD6C093B2FE5F07A0999DFB 127160 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-11-01 22:14:03 F1F5B242C74F405521B2D105142A2FBF 215428 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\WPFFontCache_v0400-S-1-5-21-440283077-2103972966-1571400078-1001-8192.dat ====== C:\Users\Soaleban ====== 2014-11-29 11:12:32 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Soaleban\Desktop\RSIT (1).exe 2014-11-28 10:47:20 3A40A48E2DAFF564C13D8804F9DB1522 31744 ----a-w- C:\Users\Soaleban\Downloads\Windows6.0-KB940520-x86-NLD (1).exe 2014-11-25 18:38:42 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Soaleban\Downloads\RSIT.exe 2014-11-24 15:51:04 -------- d-----w- C:\ProgramData\Citrix 2014-11-24 15:49:00 57BF6B404E9BC781AE7B51D7FCF94122 53664128 ----a-w- C:\Users\Soaleban\Downloads\CitrixReceiverWeb41.exe 2014-11-24 15:35:37 BDB5B9CA6C22A11AB1CCBA4279390A9A 53860688 ----a-w- C:\Users\Soaleban\Downloads\CitrixReceiver.exe 2014-11-23 11:55:51 3C166BAE84553D4CB27AF8ABDC61712D 675988 ----a-w- C:\Users\Soaleban\Downloads\Minecraft (1).exe 2014-11-23 11:55:13 2DCA47D54B0A0C59038232E06DCE5535 10769744 ----a-w- C:\Users\Soaleban\Downloads\minecraft_server.1.8.exe 2014-11-23 11:54:46 3C166BAE84553D4CB27AF8ABDC61712D 675988 ----a-w- C:\Users\Soaleban\Downloads\Minecraft.exe 2014-11-23 11:50:22 9624BFB102B4B1514B5F96915D8FDC2D 36864 ----a-w- C:\Users\Soaleban\Downloads\Windows6.0-KB940520-x64-NLD.exe 2014-11-23 11:49:25 3A40A48E2DAFF564C13D8804F9DB1522 31744 ----a-w- C:\Users\Soaleban\Downloads\Windows6.0-KB940520-x86-NLD.exe 2014-11-22 11:38:17 D5AFB3268EDA4EEB33890E65EC6F15AA 891224 ----a-w- C:\Users\Soaleban\Downloads\amddriverdownloader (1).exe 2014-11-22 11:37:16 D5AFB3268EDA4EEB33890E65EC6F15AA 891224 ----a-w- C:\Users\Soaleban\Downloads\amddriverdownloader.exe 2014-11-20 13:45:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-11-20 13:43:01 36673E2B7C5C77F7B71CBC21A0DD9C5A 30668968 ----a-w- C:\Users\Soaleban\Downloads\LeagueofLegends_EUW_Installer_9_15_2014 (1).exe 2014-11-20 13:33:13 51DC6A2054F79D95559E24E532C60A1C 47 ----a-w- C:\Users\Soaleban\jagex_cl_oldschool_LIVE.dat 2014-11-20 13:33:13 00594FD4F42BA43FC1CA0427A0576295 1 ----a-w- C:\Users\Soaleban\random.dat 2014-11-20 13:33:13 -------- d-----w- C:\Users\Soaleban\jagexcache 2014-11-18 14:30:17 3F93DD6BCBDAE7A2850164B1B80C77B5 24517123 ----a-w- C:\Users\Soaleban\Downloads\Popcorn-Time-0.3.5.2-Setup (1).exe 2014-11-18 14:29:11 3F93DD6BCBDAE7A2850164B1B80C77B5 24517123 ----a-w- C:\Users\Soaleban\Downloads\Popcorn-Time-0.3.5.2-Setup.exe 2014-11-17 15:32:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-11-17 15:31:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-17 15:29:53 6844B18EACA3D6F90A2A0C6772CF6A99 1142392 ----a-w- C:\Users\Soaleban\Downloads\SteamSetup (1).exe 2014-11-17 15:23:34 -------- d-----w- C:\ProgramData\Microsoft Help 2014-11-13 18:20:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-13 18:19:51 -------- d-----w- C:\ProgramData\Skype 2014-11-09 14:24:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG3500 series 2014-11-09 14:11:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series Manual 2014-11-09 14:00:49 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu 2014-11-09 13:55:26 -------- d-----w- C:\ProgramData\CanonIJPLM 2014-11-09 13:54:53 -------- d--h--w- C:\ProgramData\CanonBJ 2014-11-09 13:52:57 -------- d-----w- C:\ProgramData\CanonIJWSpt 2014-11-09 13:48:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2014-11-09 13:35:54 -------- d-----w- C:\Users\Soaleban\{e5dd9da4-ac63-461c-8a0f-5648ebadbad6} 2014-11-04 19:41:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-03 12:51:21 -------- d-----w- C:\ProgramData\Riot Games 2014-11-02 09:48:55 -------- d-----r- C:\Users\Soaleban\Searches 2014-11-02 09:48:48 -------- d-----r- C:\Users\Soaleban\Contacts 2014-11-02 09:48:38 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Soaleban\ntuser.ini 2014-11-02 09:48:37 -------- d--h--w- C:\Users\Soaleban\AppData 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Videos 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Saved Games 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Pictures 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Music 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Links 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Favorites 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Downloads 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Documents 2014-11-02 09:48:37 -------- d-----r- C:\Users\Soaleban\Desktop 2014-11-02 09:17:21 -------- d-----r- C:\Users\Gast\Searches 2014-11-02 09:17:09 -------- d-----r- C:\Users\Gast\Contacts 2014-11-02 09:17:03 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Gast\ntuser.ini 2014-11-02 09:17:02 -------- d--h--w- C:\Users\Gast\AppData 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Videos 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Saved Games 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Pictures 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Music 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Links 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Favorites 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Downloads 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Documents 2014-11-02 09:17:02 -------- d-----r- C:\Users\Gast\Desktop ====== C: exe-files == 2014-11-29 11:12:32 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Soaleban\Desktop\RSIT (1).exe 2014-11-29 10:26:04 DFC79D6229884B8B3262B6EBD460FA76 7144448 ----a-w- C:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe 2014-11-29 10:25:22 E2ADA570911EDAAAE7D1B3C979345FCE 5207896 ----a-w- C:\Program Files\Steam\steamapps\common\PAYDAY 2\_CommonRedist\vcredist\2008\vcredist_x64.exe 2014-11-29 10:25:22 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files\Steam\steamapps\common\PAYDAY 2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe 2014-11-29 10:25:22 35DA2BF2BEFD998980A495B6F4F55E60 4479832 ----a-w- C:\Program Files\Steam\steamapps\common\PAYDAY 2\_CommonRedist\vcredist\2008\vcredist_x86.exe 2014-11-28 10:47:20 3A40A48E2DAFF564C13D8804F9DB1522 31744 ----a-w- C:\Users\Soaleban\Downloads\Windows6.0-KB940520-x86-NLD (1).exe 2014-11-26 14:13:26 02C0323CBF33ABFCF5101F9E73A9B02A 103424 ----a-w- C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe 2014-11-26 14:13:20 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\dxsetup.exe 2014-11-26 14:13:20 7C1FC2021CF57FED3C25C9B03CD0C31A 100271992 ----a-w- C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\directx_jun2010_redist.exe 2014-11-25 18:39:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Soaleban.exe 2014-11-25 18:38:42 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Soaleban\Downloads\RSIT.exe 2014-11-25 16:51:09 68B8513D3591E9509FE15F4A0CAF9E4B 4247544 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.13\deploy\LoLPatcher.exe 2014-11-25 16:51:09 642FF2C35ADB57870A6EB86DA6C21CCB 1704440 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.13\deploy\rPipe.exe 2014-11-24 15:52:32 ACAFB4C0554C1FB36268F519A2049BD6 1448328 ----a-w- C:\ProgramData\Citrix\Citrix Receiver\TrolleyExpress.exe 2014-11-24 15:49:00 57BF6B404E9BC781AE7B51D7FCF94122 53664128 ----a-w- C:\Users\Soaleban\Downloads\CitrixReceiverWeb41.exe 2014-11-24 15:35:37 BDB5B9CA6C22A11AB1CCBA4279390A9A 53860688 ----a-w- C:\Users\Soaleban\Downloads\CitrixReceiver.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-440283077-2103972966-1571400078-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Spotify Web Helper"="C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Soaleban\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Akamai NetSession Interface"="C:\Users\Soaleban\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe -boot" "BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe MSRun" "CanonQuickMenu"="C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "ConnectionCenter"="C:\Program Files\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files\Citrix\ICA Client\redirector.exe /startup" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Spotify Web Helper"="C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Soaleban\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Akamai NetSession Interface"="C:\Users\Soaleban\AppData\Local\Akamai\netsession_win.exe" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-11-2014 20:19] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-11-2014 20:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04-11-2014 20:40] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\anyNamefortask" [nod\nod.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Overwolf Updater Task" [C:\Program Files\Overwolf\OverwolfUpdater.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "antiphishing@bullguard"="C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard" [30-10-2014 14:51] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Soaleban\AppData\Roaming\Mozilla\Firefox\Profiles\61i8ksur.default 40AAE0A1A4F664828DF5A95875AEA1C8 - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll - Google Update E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25 238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18 EC4656A202D861D3637DC1EE6A6D6794 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== websaver - Soaleban\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncbpmmnajenjiicjhfcjkfijcgmegbb ==== Chromium Startpages ====================== C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://search.conduit.com/?ctid=CT2849859&SearchSource=48&CUI=UN11994459353106432&UM=1", "startup_urls": [ "http://search.conduit.com/?ctid=CT2849859&SearchSource=48&CUI=UN11994459353106432&UM=1" ], ==== Chromium Fix ====================== C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncbpmmnajenjiicjhfcjkfijcgmegbb deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{439763FF-59EC-FF1D-B0B5-CB9E213A7A5C} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot O4 - HKLM\..\Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Soaleban\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Soaleban\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Soaleban\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files\Overwolf\OverwolfUpdater.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Soaleban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Soaleban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Soaleban\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=259 folders=70 1111473278 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\Soaleban\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Soaleban\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Soaleban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 30-11-2014 at 17:36:00,44 ======================