Zoek.exe v5.0.0.0 Updated 02-April-2015 Tool run by Tiemen on vr 03/04/2015 at 10:54:59.67. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Tiemen\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3/04/2015 10:57:44 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71d27d26-08b8-4c6a-b566-0c30a5bcbe9a} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71d27d26-08b8-4c6a-b566-0c30a5bcbe9a} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ASUS Video Magic 10 æTorrent 7-Zip 9.20 7-Zip 9.20 (x64 edition) Adobe Flash Player 16 NPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager ASUS Instant Key ASUS Live Update ASUS Power4Gear Hybrid ASUS Screen Saver ASUS Smart Gesture ASUS Splendid Video Enhancement Technology ASUS USB Charger Plus ASUS Video Magic ASUSDVD AsusVibe2.0 ATK Package AutoCAD Civil 3D 2013 - English AutoCAD Civil 3D 2013 AutoCAD Civil 3D 2013 Language Pack - English Autodesk Content Service Autodesk Content Service Language Pack Autodesk Material Library 2013 Autodesk Material Library Base Resolution Image Library 2013 Autodesk Sync AVG 2015 AVG Web TuneUp Belarc Advisor 8.4 CCleaner CDBurnerXP Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver Updater Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) CyberLink LabelPrint 2.5 CyberLink MediaEspresso 6.5 CyberLink Power2Go DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition Dropbox FARO LS 1.1.406.58 Free YouTube Download version 3.2.53.128 Google Update Helper GrindEQ LaTeX-to-Word (remove only) GrindEQ Math Utilities (remove only) GrindEQ MathType-to-Equation (remove only) GrindEQ Word-to-LaTeX (remove only) Intel Collaborative Processor Performance Control Intel(R) Management Engine Components Intel(R) PRO/Wireless Driver Intel(R) Processor Graphics Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) Intel© PROSet/Wireless Software Intel© PROSet/Wireless WiFi Software Intel© Trusted Connect Service Client League of Legends Malwarebytes Anti-Malware versie 2.1.4.1018 Maple 18 MATLAB R2013b Mendeley Desktop 1.12.2 Microsoft Office Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Language Pack 2010 - Dutch/Nederlands Microsoft Office O MUI (Dutch) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office X MUI (Dutch) 2010 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Visual Basic PowerPacks 10.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD MiKTeX 2.9 Mozilla Firefox 36.0.4 (x86 nl) Mozilla Maintenance Service NVIDIA Control Panel 332.35 NVIDIA Graphics Driver 332.35 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0927 Online Plug-in Python 3.4 PythonToolkit-14.04.04 Python 3.4.1 Realtek Card Reader Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Self-service Plug-in Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition SketchUp 2015 Skype Click to Call SkypeT 6.18 Sublime Text 2.0.2 Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeXstudio 2.8.2 Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update Installer for WildTangent Games App Vic-2D Vic-3D 2009 Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player WebStorage Windows Driver Package - ASUS (ATP) Mouse (11/20/2013 1.0.0.194) WinFlash wsW2LTX ==== Running Processes ====================== C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ASUS\P4G\InsOnSrv.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\system32\hasplms.exe C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files\ASUS\P4G\InsOnWMI.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe C:\Users\Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\Citrix\Receiver\Receiver.exe C:\Program Files (x86)\AVG Web TuneUp\vprot.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\24Seven savings\24seven_savings_notification_service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Users\Tiemen\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default user.js not found ---- Lines avg@toolbar removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-profile\":{\"avg@toolbar\":{\"d\":\"C:\\\\Users\\\\Tiemen\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Prof ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "14684d803d4180b29edc80b20ad01b31"); ---- FireFox user.js and prefs.js backups ---- prefs_20150304_1110_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\Program Files (x86)\globalUpdate\Update not found "C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job" not found "C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job" not found "C:\Users\Tiemen\AppData\Roaming\MVETIHcwEjIFAivGNCd20.exe" not found C:\Users\Tiemen\AppData\Roaming\Sublime Text 2 deleted C:\Program Files\AVG Web TuneUp deleted C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\extensions\avg@toolbar deleted C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\extensions\cddJDCJ@gmail.com deleted C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\extensions\jid1-u9RbFp9JcoEGGw@jetpack deleted C:\windows\SysNative\Tasks\0215tbUpdateInfo deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\globalUpdate deleted C:\Users\Tiemen\AppData\Roaming\RHEng deleted C:\Users\Tiemen\AppData\Roaming\ARCompanion.log deleted C:\PROGRA~3\SetStretch.VBS deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0215tb deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\Package Cache deleted C:\Users\Tiemen\AppData\Local\globalUpdate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Tiemen\Downloads\FreeYouTubeToMP3Converter.exe deleted C:\Users\Tiemen\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default\searchplugins\avg-secure-search.xml deleted C:\Users\Tiemen\PythonToolkit-14.04.04.win32.exe deleted C:\Users\Tiemen\Sublime Text 2.0.2 x64 Setup.exe deleted "C:\Windows\tasks\MVETIHcwEjIFAivGNCd20.job" deleted "C:\Windows\Installer\395e6.msi" deleted "C:\Users\Tiemen\AppData\Roaming\MVETIHcwEjIFAivGNCd20" deleted "C:\Windows\tasks\MVETIHcwEjIFAivGNCd20.job" deleted "C:\Windows\SysNative\tasks\MVETIHcwEjIFAivGNCd20" deleted "C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe" deleted "C:\Program Files (x86)\AVG Web TuneUp\icudt.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp\libcef.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\24Seven savings\24seven_savings_notification_service.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted "C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\PROGRA~2\24Seven savings\24seven_savings_notification_service.exe" deleted "C:\Program Files (x86)\AVG Web TuneUp\locales\en-US.pak" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.4.0\avgdttbx.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll" deleted "C:\Users\Tiemen\AppData\Local\AVG Web TuneUp\IE\cef_cache\Cookies" deleted "C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll" deleted "C:\Program Files (x86)\AVG Web TuneUp" not deleted "C:\Program Files (x86)\Common Files\AVG Secure Search" deleted "C:\Users\Tiemen\AppData\Local\AVG Web TuneUp" deleted "C:\PROGRA~2\24Seven savings" not deleted "C:\PROGRA~2\AVG Web TuneUp" not deleted "C:\PROGRA~2\24Seven savings" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Program Files (x86)\AVG Web TuneUp\locales" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.4.0" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0" deleted "C:\Users\Tiemen\AppData\Local\AVG Web TuneUp\IE" deleted "C:\Users\Tiemen\AppData\Local\AVG Web TuneUp\IE\cef_cache" deleted "C:\PROGRA~2\AVG Web TuneUp\locales" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8076 MB CPU Info: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz CPU Speed: 2438.2 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1536 X 864 - 32 bit Network: Network Present Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Intel(R) Dual Band Wireless-N 7260 CD / DVD Drives: 2x (E: | F: | ) E: MATSHITADVD-RAM UJ8E1 | F: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 372.6GB | D: 537.8GB Hard Disks - Free: C: 5.1GB | D: 474.7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | _ASUS_ - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK COMPUTER INC. N56JN Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Default Browser: Firefox 36.0.4 Internet Explorer Version: 11.0.9600.17631 Mozilla Firefox version: 36.0.4 (x86 nl) Adobe Reader version: 11.0.10.32 Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Tiemen\AppData\Local\Temp ==== 2015-04-01 12:57:47 12C0789B30AD2425D9F5B63FFFAAEEA6 43008 ----a-w- C:\Users\Tiemen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi2vrj8.dll 2015-03-24 16:50:29 50754352847B5E71E11ABF4D30407148 441220 ------w- C:\Users\Tiemen\AppData\Local\Temp\jna\jna1275237632048797327.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-04-02 15:00:03 BF685939F824BC76214E259EF6F370D7 4 ----a-w- C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-04-02 17:30:58 60F5579B6B33F509C52200207F79B795 79064 ----a-w- C:\Windows\Sysnative\drivers\wriny.sys 2015-03-25 09:21:34 079F75EE36CD275620298DA7D7636006 281056 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2015-03-19 14:05:44 2329F4A717F6BDD27EF484AD22AE5A88 289248 ----a-w- C:\Windows\Sysnative\drivers\avgwfpa.sys ====== C:\Windows\Tasks ====== 2015-04-02 14:00:15 DCFB8BF98E54A974D58F6F77407D1103 736 ----a-w- C:\Windows\Tasks\24seven_savings_updating_service.job 2015-04-02 14:00:15 4BE44CB93B9E59033D0BD8BF86232ACC 3746 ----a-w- C:\Windows\Sysnative\Tasks\24seven_savings_updating_service 2015-04-02 14:00:14 ADE274168AB15D9BC442C231B7511825 4384 ----a-w- C:\Windows\Sysnative\Tasks\24seven_savings_notification_service 2015-04-02 14:00:14 1E84D73E59D3433614C5688C987C2C42 1374 ----a-w- C:\Windows\Tasks\24seven_savings_notification_service.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-02 14:54:02 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-04-02 14:00:13 -------- d-----w- C:\PROGRA~2\24Seven savings 2015-03-07 07:50:54 -------- d-----w- C:\PROGRA~2\COMMON~1\SafeNet Sentinel 2015-03-07 07:50:52 -------- d-----w- C:\PROGRA~2\COMMON~1\Aladdin Shared 2015-03-04 12:55:13 -------- d-----w- C:\PROGRA~2\Correlated Solutions ======= C: ===== ====== C:\Users\Tiemen\AppData\Roaming ====== ====== C:\Users\Tiemen ====== 2015-03-04 12:55:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Correlated Solutions ====== C: exe-files == === C: other files == 2015-04-02 17:30:58 60F5579B6B33F509C52200207F79B795 79064 ----a-w- C:\Windows\System32\drivers\wriny.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-3155478013-3749194283-1948835671-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "WebStorage"="C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe" "ASUS InstantKey"="C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "Cisco AnyConnect Secure Mobility Agent for Windows"="C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" ==== Startup Folders ====================== 2015-03-14 09:51:34 1197 ----a-w- C:\Users\Tiemen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\24seven_savings_updating_service.job --a-------- C:\Program Files (x86)\24Seven savings\24seven_savings_updating_service.exe [] C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/02/2015 15:07] C:\Windows\tasks\MATLAB R2013b Startup Accelerator.job --a-------- C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [05/08/2013 17:44] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\24seven_savings_notification_service" [C:\Program Files (x86)\24Seven savings\24seven_savings_notification_service.exe] "C:\Windows\SysNative\tasks\24seven_savings_updating_service" [C:\Program Files (x86)\24Seven savings\24seven_savings_updating_service.exe] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files\ASUS\P4G\InsOnCfg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update1" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS Live Update2" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS Smart Gesture Launcher" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\ASUS Splendid ColorU" [C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe] "C:\Windows\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"] "C:\Windows\SysNative\tasks\AsusVibeSchedule" ["C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\MATLAB R2013b Startup Accelerator" [C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe] "C:\Windows\SysNative\tasks\P4GIntlCtrl" [C:\Program Files\ASUS\P4G\IntlDPST.exe] "C:\Windows\SysNative\tasks\RtHDVBg" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\Windows\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D54AA5CA-D53E-46B8-8FE6-CCA28E303237}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default user_pref("browser.startup.homepage", "www.google.be"); user_pref("browser.newtab.url", "www.google.be"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Tiemen\AppData\Roaming\Mozilla\Firefox\Profiles\xtean1cl.default C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com?cid={245EC870-CCDB-4B15-B336-B68F56B99E68}&mid=19ea7ffd791947d2a1d57d32e7407661-44d2b87b6ceeb78305fc5f144f21245eeb866e14&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-16 10:26:07&v=4.1.0.411&pid=wtu&sg=&sap=hp" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F2A59040DDDE014A962AFE22EBFF006 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4095A2F4-DDD0-410E-9A26-FA2EE2FB0F60} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F2A59040DDDE014A962AFE22EBFF006 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -update plugin O4 - Startup: Dropbox.lnk = Tiemen\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\36POHENE will be deleted at reboot C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\MDR1PR9F will be deleted at reboot C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\TNKG16H0 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Tiemen\AppData\Local\Mozilla\Firefox\Profiles\xtean1cl.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2521 folders=264 787025620 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Tiemen\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Tiemen\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\AVG Web TuneUp" not found "C:\PROGRA~2\24Seven savings" not found "C:\PROGRA~2\AVG Web TuneUp" not found "C:\PROGRA~2\24Seven savings" not found "C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\36POHENE" not found "C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\MDR1PR9F" not found "C:\Users\Tiemen\AppData\Local\Microsoft\Windows\INetCache\IE\TNKG16H0" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on vr 03/04/2015 at 11:23:20.66 ======================