Zoek.exe v5.0.0.0 Updated 28-March-2015 Tool run by lumon on za 28/03/2015 at 18:17:04,09. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\lumon\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 28/03/2015 18:19:54 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\mbot_be_79 deleted successfully C:\Program Files\Omron Healthcare deleted successfully C:\Program Files\Opera deleted successfully C:\Program Files\VDJ6 deleted successfully C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\lumon\AppData\Roaming\QuickScan deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{188605AA-6C87-417A-B18E-BF43DE57EC} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2420F752-B971-4640-A8E0-BE33427BB163} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E811D85-1954-4EA5-B217-ED72177B771} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4015DDC6-1733-4360-819B-5CBBD7C35B1} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58C7F1D6-ECE9-4B05-8B41-EDD0B0D95AD5} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59BF27DB-872B-4E5F-BB12-6E6E1CDFCFA6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64A6C42B-E257-400A-809F-A8DBF2A9A2A6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6728B790-7222-450E-8A6A-CAACE30284C} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B186400-2C82-4D8C-B95E-FD99D299DCF} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ECF94DB-2190-4270-AAE7-42D8C423E10} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70BAC434-64EB-4F0F-80F4-1B8EE267AA24} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7e8b9605-0386-4d5b-973f-06444721f450} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{821DEBA9-77B3-44A7-8C26-7B429BB38A} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8657972-7639-4378-9614-59D4D66980B5} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A34D19-8904-4A89-B79E-7A76E061FA3} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B6E4663-92CE-4AAC-BE75-951250574A98} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{978739FE-26AD-49CB-9752-BF02C2E5577} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A2D2EFC-732D-4E5D-B883-FE6CC3BB84E9} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C58DF7F-F987-4464-BDEB-E0E6BEAB9FDF} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A876A0CB-6AAC-42D4-B7AA-76F4A4DF1DA6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B08D2FE4-1744-4123-BD78-3E5EBFAD38} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2301A66-5C9B-40CC-B062-953FDEE1F6A3} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BDF11-9080-4809-B0D7-5BBBB9DB03B} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B384C92B-321B-4506-8F66-818D63EBA26D} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B414C54E-2D9E-4969-991-9EC7D69F6292} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7BECBA2-C492-4D6B-BBF5-4C91DFD0CAD4} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA93CB7F-2D59-4762-B41-28B3416499D1} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ccffe97f-6737-43a1-a9f9-4a0c78082e0b} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFCDB1A9-9D42-4355-908C-54CA283BF3B6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFCEBA66-1B1E-43E0-B4F9-635C48D47042} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE0D9F8C-DACE-4F21-BA5C-D977B5C1A240} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFED290D-CABE-48FD-B6E3-2D137FBA39AC} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2EBDE1C-F04F-4579-9736-1BC92637EE44} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EBA1395B-60A8-4163-87C0-AA825FC4667E} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F025D8B1-6402-4284-B84D-9452F5331E4} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1A83253-9476-4DC7-8AD1-6ACF9AF51C6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F291D9F9-2E1F-4B8B-8458-7550DCB32FAC} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4B6727D-DF0-4B06-BA34-FA60E0368EBD} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f585a701-a226-4877-9017-837f3e37a228} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa83ca79-53ef-4d9d-b3a0-8724dc94fbae} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7e8b9605-0386-4d5b-973f-06444721f450} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ccffe97f-6737-43a1-a9f9-4a0c78082e0b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f585a701-a226-4877-9017-837f3e37a228} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa83ca79-53ef-4d9d-b3a0-8724dc94fbae} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\964244be deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\964244be deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\lumon\AppData\Roaming\Mozilla\Firefox\Profiles\aiaksldp.default user.js not found ---- Lines Air Globe removed from prefs.js ---- user_pref("extensions.Air Globe.asul", "1427217508822"); user_pref("extensions.Air Globe.aul", "1427217482387"); user_pref("extensions.Air Globe.irl", true); ---- Lines extensions.hSJDjClPX1zS32xG removed from prefs.js ---- user_pref("extensions.hSJDjClPX1zS32xG.epoch", "1427605994"); user_pref("extensions.hSJDjClPX1zS32xG.url", "http://progamessafecard.in/sync2/?q=hfZ9oemMC7n5hShEAen0rTs5pdUMg708BNmGWj8cmihGheDUojw8rdrGqdw8qjg9qShI ---- Lines extensions.lrhSolRiPbGd9sgy removed from prefs.js ---- user_pref("extensions.lrhSolRiPbGd9sgy.epoch", "1427606173"); user_pref("extensions.lrhSolRiPbGd9sgy.url", "http://veterances.net/sync2/?q=hfZ9ofV9CShEAen0rTs5pdUMg708BNmGWj8cmihGheDUojw8rdrGqdw8qjC9rihIC7n0rjkEr ---- FireFox user.js and prefs.js backups ---- prefs_20152803_2017_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\mbot_be_79 not found C:\Program Files\Omron Healthcare not found C:\Program Files\Opera not found C:\Program Files\VDJ6 not found C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\Program Files\Hide Facebook Suggested Posts deleted C:\PROGRA~2\{929a2927-56c9-a956-929a-a292756ca49d} deleted C:\PROGRA~2\11222512972471414913 deleted C:\Users\lumon\AppData\Roaming\ProductData deleted C:\PROGRA~2\ProductData deleted C:\PROGRA~2\Package Cache deleted C:\Users\lumon\AppData\LocalLow\ADSRemoval deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted "C:\Users\lumon\AppData\Local\{47531641-CE6F-4D5D-8895-CECB75897325}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\lumon\AppData\Local\Temp ==== 2015-03-27 05:37:18 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1863.exe 2015-03-27 05:36:00 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1608.exe 2015-03-27 05:35:34 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1523.exe 2015-03-27 05:35:19 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1474.exe 2015-03-27 05:34:32 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1321.exe 2015-03-27 05:34:01 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1216.exe 2015-03-24 16:39:37 23A824C4C26D7B449B59EDA48C943743 14986240 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera Installer\opera_installer_20150324173935.exe 2015-03-24 16:35:51 B271D947D0A16036199451A2DF1ACF7D 321732 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\1AB87RN200.exe 2015-03-24 16:35:39 C09B9641D75824F1BC5B66A58FBA92D7 691544 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\1AB87RN2.exe 2015-03-24 16:25:26 10FFABC748D68C40B68F883058C9B932 50225 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\GI87X10700.exe 2015-03-24 16:25:18 1370880272E6977E5BB6F68F111CFD03 848464 ----a-w- C:\Users\lumon\AppData\Local\Temp\dcecabfcdea.exe 2015-03-24 16:25:10 7EB74ED1FB83A2EBE378D8A067E9D8C1 610840 ----a-w- C:\Users\lumon\AppData\Local\Temp\setup.exe 2015-03-24 16:22:25 FEFEF2F226FD6BE184BC4A3378B02AAF 155648 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\psmachine.dll 2015-03-24 16:22:25 8D90BB3A36521B50D0E512A781E36871 155648 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\psuser.dll 2015-03-24 16:22:25 5960E5DEAB14363F71E389BF2FCB9FBC 220672 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\npGoogleUpdate4.dll 2015-03-24 16:22:25 2A0049961A76AB15B435DBD081ED0E2C 761856 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\goopdate.dll 2015-03-24 16:22:24 FC7A2F466F7A0F3E873077505719C1A1 143360 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdateHelper.msi 2015-03-24 16:22:24 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdateBroker.exe 2015-03-24 16:22:24 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdate.exe 2015-03-24 16:22:24 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdateOnDemand.exe 2015-03-24 16:22:24 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleCrashHandler.exe 2015-03-24 16:16:34 311596854F6F165445EDB94CA235091D 26206208 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera Installer\opera_installer_20150324171633.exe 2015-03-24 16:10:59 7B9E81CB909B9923B64630D0F981F42E 691528 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera_NI_stable.exe 2015-03-24 16:10:58 5C60CC7848399F4BC6579D5DDF6D1C25 381119 ----a-w- C:\Users\lumon\AppData\Local\Temp\setup_mbot_be.exe 2015-03-24 16:10:39 82B01B7F265259C69B9D56EB9ADE44BB 517648 ----a-w- C:\Users\lumon\AppData\Local\Temp\lochmaster 4.0 demo crack__10924_i1485348676_il412748.exe 2015-03-24 15:58:11 C4DD0E309BC46C78366DF59E76B6725D 913920 ----a-w- C:\Users\lumon\AppData\Local\Temp\msupdate71\dwm.exe 2015-03-24 15:58:11 67EDC5F6B09705DBB8AFCBEC4D52A96A 519680 ----a-w- C:\Users\lumon\AppData\Local\Temp\msupdate71\msvcrt.dll 2015-03-24 15:58:11 3AFEB8E9AF02A33FF71BF2F6751CAE3A 1433600 ----a-w- C:\Users\lumon\AppData\Local\Temp\msupdate71\indexer.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-03-25 04:20:02 C1247DC978F3070E506EAB7DFC86C8EC 623616 ----a-w- C:\Windows\System32\invagent.dll 2015-03-25 04:20:02 9E99777BF725DEF76B4A7CEFBA47F279 327168 ----a-w- C:\Windows\System32\devinv.dll 2015-03-25 04:20:02 7155E3E4F2DB86D81C27E06FDFB81CA0 26112 ----a-w- C:\Windows\System32\acmigration.dll 2015-03-25 04:20:02 3A0A9D23102D8E0F226EE0779EFF8E5D 818176 ----a-w- C:\Windows\System32\appraiser.dll 2015-03-25 04:20:02 2853C84E4584F8F7AE54C0903E594FD2 534528 ----a-w- C:\Windows\System32\generaltel.dll 2015-03-25 04:20:02 21C99D32B889CC3FC4C1C147E4AFA732 892928 ----a-w- C:\Windows\System32\aeinv.dll 2015-03-25 04:20:01 373D75CA475CFD554D60665F3FB4DD8F 159744 ----a-w- C:\Windows\System32\aepic.dll 2015-03-25 04:20:01 2661E206AFAA9A24EFDFE8DA2E9963D0 202752 ----a-w- C:\Windows\System32\aepdu.dll 2015-03-24 16:46:54 00941D7BB4F34C0CB6B07AD43D985BAA 4 ----a-w- C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7 2015-03-15 09:04:09 7B557F6D21767AE83D712BFB735CF69C 75264 ----a-w- C:\Windows\System32\nmwcdcls.dll ====== C:\Windows\system32\drivers ===== 2015-03-28 13:17:14 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-03-28 13:16:44 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-03-28 13:16:44 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-03-28 13:16:44 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-03-15 09:46:33 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf 2015-03-15 09:05:05 F451DCACBAA67F3307305EBD4A39EA07 19072 ----a-w- C:\Windows\System32\drivers\pccsmcfd.sys 2015-03-13 06:35:17 B29B6E4992DB5536463536C288A1F835 3343832 ----a-w- C:\Windows\System32\drivers\RTKVHDA.sys 2015-03-13 06:34:14 814231B961760C39A5807A43D8ED71E1 1443340 ----a-w- C:\Windows\System32\drivers\RTAIODAT.DAT 2015-03-13 06:27:10 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\System32\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-03-13 06:22:43 BBA67B0A921B40EDF16FD3762DD6318C 27888 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys 2015-03-13 06:16:04 07A93A46C8F7FFD25637BFAACD1B6410 110280 ----a-w- C:\Windows\System32\drivers\L1C62x86.sys 2015-03-13 06:15:09 94982476285D53DB110C81277FCFEB84 169472 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys 2015-03-13 06:13:56 50857B0A18106AF2C85A1E15D06F0ADD 1118312 ----a-w- C:\Windows\System32\drivers\rtl8192se.sys 2015-03-13 06:12:52 C4FA261B9B5C9822D26020949605AC43 270336 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys 2015-03-13 06:09:31 E3C36AC5AE87EC970AE8EA2A93D59AE1 132480 ----a-w- C:\Windows\System32\drivers\Impcd.sys 2015-03-11 16:48:14 9EED5E0B7BF784C491C2289A09920BDA 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-03-11 16:48:13 4DAC97CF81FAE4B2988AEF0DF40D04AE 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-03-11 16:44:27 AEBC369F7DC72AB3F5B9BDF34FA0D43F 593920 ----a-w- C:\Windows\System32\drivers\PEAuth.sys 2015-03-11 16:44:25 3051724F223EA48968B19567DE2A81F4 370488 ----a-w- C:\Windows\System32\drivers\cng.sys 2015-03-11 16:44:24 644905A19D0F37F2233DFCE53BC4BC19 78784 ----a-w- C:\Windows\System32\drivers\mountmgr.sys 2015-03-11 16:44:21 81F97D8F8B3FB94A451CC6F7CF8B2965 50176 ----a-w- C:\Windows\System32\drivers\appid.sys 2015-03-05 17:58:39 7A5FB3E4E0D77740D56E516EE6B2DC2B 89856 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2015-03-05 17:58:39 5EE6503C932CB79B493E4B4D8E23D219 184192 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys ====== C:\Windows\Tasks ====== 2015-03-27 05:34:22 92012E291BF99DD32D116E23F9DD5200 2892 ----a-w- C:\Windows\system32\Tasks\Uninstaller_SkipUac_lumon ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-24 15:53:56 -------- d-----w- C:\Program Files\LochMaster40 (Demo) 2015-03-23 18:17:38 -------- d-----w- C:\Program Files\ProfiLab-Expert40 (Demo) 2015-03-15 09:05:32 -------- d-----w- C:\Program Files\Common Files\PCSuite 2015-03-15 09:05:25 -------- d-----w- C:\Program Files\Common Files\Nokia 2015-03-15 09:04:42 -------- d-----w- C:\Program Files\PC Connectivity Solution 2015-03-15 09:04:08 -------- d-----w- C:\Program Files\Nokia 2015-03-13 06:37:08 -------- d-----w- C:\Program Files\Realtek 2015-03-13 06:27:07 -------- d-----w- C:\Program Files\Synaptics ======= C: ===== ====== C:\Users\lumon\AppData\Roaming ====== 2015-03-24 16:32:11 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\QuickScan 2015-03-15 09:06:14 -------- d-----w- C:\Users\lumon\AppData\Roaming\PC Suite 2015-03-15 09:06:14 -------- d-----w- C:\Users\lumon\AppData\Roaming\Nokia ====== C:\Users\lumon ====== 2015-03-28 16:35:08 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(3).exe 2015-03-28 13:07:01 3C7707013DEEA5ED7F68A29A007A7D57 321848 ----a-w- C:\Users\lumon\Downloads\mbam-clean-2.1.1.1001.exe 2015-03-28 12:37:40 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\lumon\Downloads\mbam-setup-2.0.0.1000(1).exe 2015-03-28 10:17:05 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\lumon\Downloads\adwcleaner_4.113.exe 2015-03-28 09:23:15 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(2).exe 2015-03-28 09:20:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(1).exe 2015-03-27 06:15:22 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT.exe 2015-03-27 06:02:36 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\lumon\Downloads\mbam-setup-2.0.0.1000.exe 2015-03-24 18:24:46 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2015-03-24 16:10:01 94E5D52691569CBB345F6BAC1AFF2B55 1523728 ----a-w- C:\Users\lumon\Downloads\lochmaster 4.0 demo crack_10924_i46624300_il345.exe 2015-03-24 15:54:01 -------- d-----w- C:\Users\Public\Documents\LochMaster40(Demo) 2015-03-24 15:54:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LochMaster 4.0 (Demo) 2015-03-24 15:53:56 -------- d-----w- C:\ProgramData\LochMaster40(Demo) 2015-03-24 15:50:06 503ACD21925FF12757DFCD9208C5DB4D 7200578 ----a-w- C:\Users\lumon\Downloads\lochmaster40(demo).exe 2015-03-23 18:17:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProfiLab-Expert 4.0 (Demo) 2015-03-23 18:17:42 -------- d-----w- C:\ProgramData\ABACOM 2015-03-23 18:15:24 6EF92B3F9FEE636DE695FDED7BED9A65 8796293 ----a-w- C:\Users\lumon\Downloads\profilab-expert40(demo).exe 2015-03-15 09:06:13 -------- d-----w- C:\ProgramData\PC Suite 2015-03-15 09:05:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite 2015-03-15 09:02:51 -------- d-----w- C:\ProgramData\Installations 2015-03-15 08:50:32 F7AD51251232E04B2D7DB5D43C8EB437 67963216 ----a-w- C:\Users\lumon\Downloads\Nokia_PC_Suite_ALL.exe ====== C: exe-files == 2015-03-28 16:35:08 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(3).exe 2015-03-28 13:07:01 3C7707013DEEA5ED7F68A29A007A7D57 321848 ----a-w- C:\Users\lumon\Downloads\mbam-clean-2.1.1.1001.exe 2015-03-28 12:37:40 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\lumon\Downloads\mbam-setup-2.0.0.1000(1).exe 2015-03-28 10:17:05 E55CCE4E4A0153A3122E76A3DA23B288 2168320 ----a-w- C:\Users\lumon\Downloads\adwcleaner_4.113.exe 2015-03-28 09:23:15 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(2).exe 2015-03-28 09:20:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT(1).exe 2015-03-27 17:59:39 BCB7868153F63BD77B6259FD431304BB 441912 ----a-w- C:\Users\lumon\AppData\Local\NVIDIA\NvBackend\Packages\000072b7\CoProc update.19440473.exe 2015-03-27 17:59:39 4F5BC61C80E4E20256560BA5EE765565 5313384 ----a-w- C:\Users\lumon\AppData\Local\NVIDIA\NvBackend\Packages\000072b4\DAO.19440440.exe 2015-03-27 09:33:30 8C03BA5D8F98718AEE24FF8E4B87A03E 675256 ----a-w- C:\Users\lumon\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-03-27 09:33:26 2F95ED03E911F42DBF72B121270FC85B 172984 ----a-w- C:\Users\lumon\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-03-27 06:15:22 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\lumon\Downloads\RSIT.exe 2015-03-27 06:11:20 7EE99D7A8904530DAD170EB07704770B 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2468661837-1990217823-1405067445-1000\$I1PQRBF.exe 2015-03-27 06:02:36 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\lumon\Downloads\mbam-setup-2.0.0.1000.exe 2015-03-27 05:37:23 A072ECF0A890210093DFED388B41118A 177152 ----a-w- C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9V6GREXB\Doctor_pc[1].exe 2015-03-27 05:37:18 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1863.exe 2015-03-27 05:36:05 3870D2E56C76A0872037B9DE9C731D4A 589560 ----a-w- C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CQC1FEC\Doctor_pc[3].exe 2015-03-27 05:36:00 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1608.exe 2015-03-27 05:35:39 D8632DAFAEFEAB19D5F22CE864E02E3D 527360 ----a-w- C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CQC1FEC\Doctor_pc[2].exe 2015-03-27 05:35:34 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1523.exe 2015-03-27 05:35:24 93815B1FE0F452A89B5540FF0DF95F97 589560 ----a-w- C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CQC1FEC\Doctor_pc[1].exe 2015-03-27 05:35:19 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1474.exe 2015-03-27 05:34:32 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1321.exe 2015-03-27 05:34:01 F8C3B8761686BCBC80ACDB6A5317702B 1480192 ----a-w- C:\Users\lumon\AppData\Local\Temp\1216.exe 2015-03-25 04:20:01 9A818FCF96B51C8D9172926967999277 67760 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-03-24 16:39:37 23A824C4C26D7B449B59EDA48C943743 14986240 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera Installer\opera_installer_20150324173935.exe 2015-03-24 16:35:51 B271D947D0A16036199451A2DF1ACF7D 321732 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\1AB87RN200.exe 2015-03-24 16:35:39 C09B9641D75824F1BC5B66A58FBA92D7 691544 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\1AB87RN2.exe 2015-03-24 16:25:26 10FFABC748D68C40B68F883058C9B932 50225 ----a-w- C:\Users\lumon\AppData\Local\Temp\81427214318\GI87X10700.exe 2015-03-24 16:25:18 1370880272E6977E5BB6F68F111CFD03 848464 ----a-w- C:\Users\lumon\AppData\Local\Temp\dcecabfcdea.exe 2015-03-24 16:25:10 7EB74ED1FB83A2EBE378D8A067E9D8C1 610840 ----a-w- C:\Users\lumon\AppData\Local\Temp\setup.exe 2015-03-24 16:22:24 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdateBroker.exe 2015-03-24 16:22:24 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdate.exe 2015-03-24 16:22:24 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleUpdateOnDemand.exe 2015-03-24 16:22:24 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\lumon\AppData\Local\Temp\comh.379576\GoogleCrashHandler.exe 2015-03-24 16:16:34 311596854F6F165445EDB94CA235091D 26206208 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera Installer\opera_installer_20150324171633.exe 2015-03-24 16:10:59 7B9E81CB909B9923B64630D0F981F42E 691528 ----a-w- C:\Users\lumon\AppData\Local\Temp\Opera_NI_stable.exe 2015-03-24 16:10:58 5C60CC7848399F4BC6579D5DDF6D1C25 381119 ----a-w- C:\Users\lumon\AppData\Local\Temp\setup_mbot_be.exe 2015-03-24 16:10:39 82B01B7F265259C69B9D56EB9ADE44BB 517648 ----a-w- C:\Users\lumon\AppData\Local\Temp\lochmaster 4.0 demo crack__10924_i1485348676_il412748.exe 2015-03-24 16:10:01 94E5D52691569CBB345F6BAC1AFF2B55 1523728 ----a-w- C:\Users\lumon\Downloads\lochmaster 4.0 demo crack_10924_i46624300_il345.exe 2015-03-24 15:58:11 C4DD0E309BC46C78366DF59E76B6725D 913920 ----a-w- C:\Users\lumon\AppData\Local\Temp\msupdate71\dwm.exe 2015-03-24 15:58:11 3AFEB8E9AF02A33FF71BF2F6751CAE3A 1433600 ----a-w- C:\Users\lumon\AppData\Local\Temp\msupdate71\indexer.exe 2015-03-24 15:53:56 F23A149419AE04FAFD27A477D05E60BD 2442240 ----a-w- C:\Program Files\LochMaster40 (Demo)\LochMaster40.exe 2015-03-24 15:53:56 657302FA00C0AD8404BFEB39E0423816 685338 ----a-w- C:\Program Files\LochMaster40 (Demo)\unins000.exe 2015-03-24 15:50:06 503ACD21925FF12757DFCD9208C5DB4D 7200578 ----a-w- C:\Users\lumon\Downloads\lochmaster40(demo).exe 2015-03-23 18:17:39 D906CAAB5EB3E7029339ADF5B4F69EC3 5064704 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\PLWebServer\WebClockDemo\compilation_webclock\webclock.EXE 2015-03-23 18:17:39 AEBB9CC0827D5A9EECEB5DA8AE0F79A6 922624 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\DMM_Easy.exe 2015-03-23 18:17:39 3C75BF0CCE7B9D2DFC47FBA53388B039 1090048 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\PLWebServer\PLWebServer10.exe 2015-03-23 18:17:39 2D5BECA86665D403CAF9B10BAB31F786 227840 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\K8E.exe 2015-03-23 18:17:39 03026526C4FEF19EA5851AB3F3F72859 6002688 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\ProfiLab40.exe 2015-03-23 18:17:38 11A6C5E5559E639EDF462E1891344EC6 685338 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\unins000.exe 2015-03-23 18:15:24 6EF92B3F9FEE636DE695FDED7BED9A65 8796293 ----a-w- C:\Users\lumon\Downloads\profilab-expert40(demo).exe === C: other files == 2015-03-28 13:17:14 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-03-28 13:16:44 A3F4391DFDF2F9E9FE4EAD193265A5AD 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-03-28 13:16:44 9BD41E40039098BF5F8FE878A9A6989E 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-03-28 13:16:44 312CD3307F600E7CD340B79B3DCB3A01 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-03-25 04:20:01 242B118BDC00DFB670A8FC242952E4D9 20104 ----a-w- C:\Windows\System32\appraiser\nxquery.sys 2015-03-24 16:25:18 2BCD6E4CAE8BBDB040526BE1F733DA31 463778 ----a-w- C:\Users\lumon\AppData\Local\Temp\dcecabfcdea.zip 2015-03-24 15:53:02 3C7B2F496BA2A886C711F327B1D67734 3129161 ----a-w- C:\Users\lumon\Downloads\Lochmaster.4.0.keygen.by.DBC.zip 2015-03-23 18:17:55 EE271C6C56955C42297CD4D524E6FDA5 3904 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\PLWebServer\WebClockDemo\compilation_webclock\gwiopm.sys 2015-03-23 18:17:43 EE271C6C56955C42297CD4D524E6FDA5 3904 ----a-w- C:\Program Files\ProfiLab-Expert40 (Demo)\GWIOPM.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "Advanced SystemCare 8"="C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2468661837-1990217823-1405067445-1000\Software\Microsoft\Windows\CurrentVersion\Run] @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "Advanced SystemCare 8"="C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart" "NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "WebStorage"="C:\Program Files\ASUS\WebStorage\2.2.0.496\AsusWSPanel.exe /S" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "IObit Malware Fighter"="C:\Program Files\IObit\IObit Malware Fighter\IMF.exe /autostart" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] @="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "KiesPDLR.exe"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\system32\\nvinit.dll" ==== Startup Folders ====================== 2015-01-24 06:46:32 2663 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bi-LINK Gateway.lnk 2014-04-25 08:16:06 1924 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 19:12] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf90eb7a5e305f.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/04/2014 06:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf90eb7b756cd9.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/04/2014 06:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA1d041d2dbf37926.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [25/04/2014 06:22] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\ASC8_SkipUac_lumon" ["C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\Driver Booster Scan" [C:\Program Files\IObit\Driver Booster\Scheduler.exe] "C:\Windows\system32\tasks\Driver Booster SkipUAC (lumon)" [C:\Program Files\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\system32\tasks\Driver Booster Update" [C:\Program Files\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cf90eb7a5e305f" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA1cf90eb7b756cd9" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA1d041d2dbf37926" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\KMS Activation for Office" [C:\Windows\KMSAct.exe] "C:\Windows\system32\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\system32\tasks\Uninstaller_SkipUac_lumon" [C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{CEA412A1-3413-4A3D-901A-8BE7F5C121B3}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\lumon\AppData\Roaming\Mozilla\Firefox\Profiles\aiaksldp.default - externaliperikmorlin - %ProfilePath%\extensions\externalip@erik.morlin - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@firefox.mozilla.org.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\lumon\AppData\Roaming\Mozilla\Firefox\Profiles\aiaksldp.default 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update 26DF0B58FCB6C7DE6DEF4A6053778120 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION AA94DCD79DDE6E6AEBE285CE6A2D85EE - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In D7492728A4C06EC99B10F8219B1F31F5 - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U40 F47B4F0D0DF0C28759B60CF0B0090A11 - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.400.25 BE40D3882DCDC3E4BD8B284B8D5F4FDB - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\lumon\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\lumon\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101) Air Globe - lumon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbhnbnnhefgfdhpoeaboodhcbdnknbn Hide Facebook Suggested Posts - lumon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk ==== Chromium Fix ====================== C:\Users\lumon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk deleted successfully C:\Users\lumon\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbhnbnnhefgfdhpoeaboodhcbdnknbn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {EDC2B152-D5D4-4FF6-89A8-E049D53BF4AF} Google Url="http://www.google.com/search?q={searchTerms}" {EDC2B152-D5D4-4FF6-89A8-E049D53BF4AF} Google Url="http://www.google.com/search?q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Math Problem Solver deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CQC1FEC will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\lumon\AppData\Local\Mozilla\Firefox\Profiles\aiaksldp.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\lumon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=40 folders=26 46213428 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\lumon\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\lumon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\lumon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CQC1FEC" not found ==== EOF on za 28/03/2015 at 23:28:17,12 ======================