Zoek.exe v5.0.0.1 Updated 18-December-2015 Tool run by Rico on vr 18/12/2015 at 16:33:33,07. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rico\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/12/2015 16:35:09 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Users\Rico\AppData\Local\AWSToolkit deleted successfully C:\Users\Rico\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Rico\AppData\Local\EmieSiteList deleted successfully C:\Users\Rico\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73204B8A-87A8-49C8-A91A-FFCDE788A9ED} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903C3322-6CEF-4CA5-BD37-4F056155FC08} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 15.05 beta x64 Ask Mr. Robot Client Asmedia ASM106x SATA Host Controller Driver ASRock App Charger v1.0.5 Audacity 2.0.6 Avira Antivirus Avira Launcher Battle.net BitTorrent CCleaner Curse Client Diablo III Dropbox Dropbox Update Helper Google Chrome Google Update Helper Hearthstone HP Officejet 5740 series Basissoftware van het apparaat HP Officejet 5740 series Help HP Photo Creations HP Update HPDiagnosticAlert I.R.I.S. OCR Intel(R) Control Center Intel(R) Manageability Engine Firmware Recovery Agent Intel(R) Management Engine Components Intel(R) OpenCL CPU Runtime Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) Smart Connect Technology 2.0 x64 Intel(R) USB 3.0 eXtensible Host Controller Driver Intel© Trusted Connect Service Client McCabe-Thiele Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft ASP.NET MVC 4 Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Mozilla Firefox 40.0.3 (x86 nl) Mumble 1.2.8 NVIDIA-configuratiescherm 359.06 NVIDIA 3D Vision controllerstuurprogramma 352.65 NVIDIA 3D Vision stuurprogramma 359.06 NVIDIA GeForce Experience 2.7.4.10 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 359.06 NVIDIA HD Audio-stuurprogramma 1.3.34.4 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.7.4.10 NVIDIA Stereoscopic 3D Driver NVIDIA Update 2.7.4.10 NVIDIA Update Core NVIDIA Virtual Audio 1.2.31 Process Studio Leonardo Productverbeteringsonderzoek voor HP Officejet 5740 series RaidCall Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085616) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3114425) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114431) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114457) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3114422) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3114458) 32-Bit Edition SHIELD Streaming SHIELD Wireless Controller Driver Simulationcraft(x64) version 6.1.0.02 SkypeT 7.14 SkySaga Infinite Isles Spotify TeamSpeak 3 Client Tukui Client Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3114427) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Ventrilo Client for Windows x64 VIRTU MVP 2.1.227 VLC media player WildStar World of Warcraft ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files (x86)\Avira\Antivirus\sched.exe C:\Program Files (x86)\Avira\Antivirus\avguard.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Rico\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Avira\Antivirus\avgnt.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\ProgramData\Battle.net\Agent\Agent.4645\Agent.exe D:\Battle.net\Battle.net.6526\Battle.net.exe C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe C:\Users\Rico\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MBAMService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PrivoxyService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PrivoxyService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TSMApplication"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== c:\programdata\{4e0c0d80-fb84-adf1-4e0c-c0d80fb83603} not found C:\Users\Rico\AppData\Local\Temp\Temp1_TSMApplication (1).zip deleted C:\windows\SysNative\Tasks\BondedCommand deleted C:\Windows\tasks\BondedCommand.job deleted C:\PROGRA~2\Performance Service deleted C:\Users\Rico\AppData\Roaming\5A4A.tmp deleted C:\PROGRA~3\Package Cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\SETE26D.tmp deleted C:\Windows\Syswow64\SETE540.tmp deleted C:\Windows\SysWow64\AI_RecycleBin deleted "C:\ProgramData\193847656" deleted ==== Folders Found ====================== 2015-08-04 00:11:10 2015-11-29 13:10:09 -------- d-----w- C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartComp Safe Network ==== Files Found ====================== --- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Recent\SmartComp Safe Network.lnk --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 747 Created time: 2015-11-25 15:14:47 Modified time: 2015-11-30 15:36:40 MD5: 53D605E5DA554AB28F4238311A20CB62 SHA1: 55EF92F30DD58B137D2ABA38F4E74517205EEC7D ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8088 MB CPU Info: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz CPU Speed: 3192,4 MHz Sound Card: Luidsprekers (4- Z Cinéma) | 27EA63-4 (NVIDIA High Definitio | Display Adapters: NVIDIA GeForce GTX 660 Ti | NVIDIA GeForce GTX 660 Ti | NVIDIA GeForce GTX 660 Ti | NVIDIA GeForce GTX 660 Ti | Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7280S Ports: COM1 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 119,2GB | D: 931,4GB | F: 100,0MB Hard Disks - Free: C: 56,9GB | D: 828,4GB | F: 84,7MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 04/18/12 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASRock H77 Pro4/MVP Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Default Browser: Google Chrome 47.0.2526.106 Internet Explorer Version: 11.0.9600.18124 Google Chrome version: 47.0.2526.106 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Rico\AppData\Local\Temp ==== 2015-12-14 17:14:20 C05F8A852ED1320B3C9FA96EC1D5B536 2008064 ----a-w- C:\Users\Rico\AppData\Local\Temp\hp_u2_1309.exe 2015-12-13 21:44:29 ECA3AE15FC14FF9736F637143F4C5A96 71168 ----a-w- C:\Users\Rico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcatox1.dll 2015-12-08 14:16:12 892A0DF0217938205814327E1D6CA752 2014208 ----a-w- C:\Users\Rico\AppData\Local\Temp\hp_upd2_1285.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-12-09 13:25:35 B0AFC72F5BAE0C06DB30B409B9D05D8A 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2015-12-09 13:25:34 3553707B119AD5AAF1F31BFF5517A093 627712 ----a-w- C:\Windows\SysWOW64\usp10.dll 2015-12-09 13:25:33 C66D020B1C268FF9AB1672C99E76CA66 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 13:25:33 B1384CCEFB8F64EC85AECB70AFB91D8D 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-12-09 13:25:33 A0BF4CD0C8F805A816B67C004B12E24D 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-12-09 13:25:33 9AA46606BCC013F5FB7E5B70FAB1ABE0 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-12-09 13:25:33 58B9CFDD032CB92CEC0D3E8454E4C766 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-12-09 13:25:31 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\SysWOW64\locale.nls 2015-12-09 13:25:30 ACB16C9BE1A175A2E7BFF076DF99B3CF 69120 ----a-w- C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 13:25:30 8E9152F4779CCA402F235EB9AB823854 6656 ----a-w- C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 13:25:30 3A593B01E4F92F04211ECFB53816240C 6656 ----a-w- C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 13:25:30 35D490A393A0B231F237954E6E65B224 7168 ----a-w- C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 13:25:28 FDB73E2FFDEE1F28D1AF3B80E3F0FE99 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2015-12-09 13:25:28 0A78439765E31510D75C9E2284F3A722 833024 ----a-w- C:\Windows\SysWOW64\user32.dll 2015-12-09 13:25:27 EB11947B250AD259755939A2DE349FBB 14848 ----a-w- C:\Windows\SysWOW64\wshrm.dll 2015-12-09 13:25:26 F60154A0DD1DCCF2EE75BE45A676BA51 1242624 ----a-w- C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 13:25:26 169BDD4EF6E99E43720534E07798400C 487936 ----a-w- C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 13:25:24 8102E4A17D58BA6B18A31095C4418082 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-12-09 13:25:24 804FEA5A5A4B491B83AFF8EE7EFE887F 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 13:25:24 5F4DBBB0551DAE2A6EEC5EA915695250 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 13:25:24 081BE765C4025EC2AB8011A6BFE222B5 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 13:25:23 D1F6886A7E08134135E9C197FA387702 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 13:25:23 B206E8BD4938B6C6B1C84DD13C12C4DF 20366848 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-12-09 13:25:23 6ED639FAAE29626ED1A98139A3C9C289 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 13:25:23 67D44EDA849BA632EC4DCEF839950F56 341192 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 13:25:23 5FA89E1534B675CCA8CEE6B50D0B7B49 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-12-09 13:25:23 29DDD6FB1147192B13D2C3647F581219 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2015-12-09 13:25:23 219494B7F95F86071EC9D4FC0DC4962F 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-12-09 13:25:23 13DED010D9DFA204DB2C2F650B3901B8 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 13:25:23 0955BBBB50FCC3C2B2EB485FBBFBF4D3 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-12-09 13:25:22 DD99C9D2CA3F9B3D63B965B4EDDAE612 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 13:25:22 8BB61456A1EA19011E85C9340BC4157B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-12-09 13:25:22 713919E7E3BD6196D2498C2B8166AEAD 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-12-09 13:25:22 6A37F0BDA83C7755C71A2DE5BF00381B 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 13:25:22 3477EAB965E9DEDCD46F95C55F78489F 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 13:25:22 1256113318DD02C9C60FF0969025CA15 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 13:25:21 F1ED865CA8D6223739233576D7C76C1A 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-12-09 13:25:21 517847AC160C91F04951340F9A051084 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 13:25:21 284442A1BAFD17731398AD22AB6C9099 12856832 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-12-09 13:25:21 0A6D92C3BB313883F286C65820E2DD30 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 13:25:20 B60461B5CED2BFAE1A870C61C66966C4 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-12-09 13:25:20 AC62F3866FDA5BFC4966055B1316DE94 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 13:25:20 668D2CA489F605E4C7A743A62632C383 4514816 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-12-09 13:25:20 6082F9978A1456863397F99E5C8E7901 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 13:25:20 4ED815FE30E048A52A5FC420DD6E49D0 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2015-12-09 13:25:19 B832BA2AA73CC4FC58446F4237070D96 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-12-09 13:25:19 050F5A8F90CF18AA6F9FA75AF1851569 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-12-09 13:25:04 E7CA874DA58A607E11ACAB33718AE9FA 179712 ----a-w- C:\Windows\SysWOW64\els.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-12-09 13:25:35 6EDEA5EDF5AA979CB2A99617A8478AD3 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2015-12-09 13:25:34 077CC8BF1076D49E85687AACB30956A1 802304 ----a-w- C:\Windows\Sysnative\usp10.dll 2015-12-09 13:25:33 EB6D501FCFAFF726EA1B50B8276F5F34 709632 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-12-09 13:25:33 A6C4964F3C382592785EACFBA2DA8F6C 3170304 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-12-09 13:25:33 A1D9A6B41647E8F008A25DA7B80708CB 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-12-09 13:25:33 6BB823DF7F117BF4958303B443E8100D 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-12-09 13:25:33 6075791ED85E47A2A2916B1F34582944 2609152 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-12-09 13:25:33 59C2B329F87F46C384F3F139376CD315 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-12-09 13:25:33 4CD20F77149C689703A71561747E7B8D 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-12-09 13:25:33 2E53E71ED8277444E37BAA3932089C45 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-12-09 13:25:33 2B8660213ED7873FCF5C5540023C48F5 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-12-09 13:25:33 233AB915DBB476BFD7218DB553D91DCC 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-12-09 13:25:33 0CF6EFBC9BCC6EDE114F71BCAEE9CCF4 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-12-09 13:25:31 F1FCE953EF04251F17BE828185B9DFA0 419928 ----a-w- C:\Windows\Sysnative\locale.nls 2015-12-09 13:25:30 E78C5E7087763DD4F1C5DAD78D2BA141 7168 ----a-w- C:\Windows\Sysnative\KBDAZEL.DLL 2015-12-09 13:25:30 E3ECD802006128C036FAAD09B6F97F6E 7168 ----a-w- C:\Windows\Sysnative\kbdgeoqw.dll 2015-12-09 13:25:30 AE0F1E593C4AE0A1CE3868C2AA54D8E5 7168 ----a-w- C:\Windows\Sysnative\KBDAZE.DLL 2015-12-09 13:25:30 52B3CAAD627902B8D6E035A25DA4BD09 69120 ----a-w- C:\Windows\Sysnative\nlsbres.dll 2015-12-09 13:25:29 BCB16AE33AA58E0042F3EF34CFB6396A 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll 2015-12-09 13:25:29 4287A4345CFFDD4D7710B2FCFF6C21BC 3211264 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-12-09 13:25:29 1AE1D0D71C3C61A0ECA941140E1E2FF8 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll 2015-12-09 13:25:28 06BF84D26A05D400F6B3FB3D3DE0B03A 1008640 ----a-w- C:\Windows\Sysnative\user32.dll 2015-12-09 13:25:27 2DA9EB73046595D79ADE306BC22B02C4 17408 ----a-w- C:\Windows\Sysnative\wshrm.dll 2015-12-09 13:25:26 E385472FF300F2BFD323B667EBAE93C7 1735680 ----a-w- C:\Windows\Sysnative\comsvcs.dll 2015-12-09 13:25:26 75DFE3CE6A8BFC995CC1D615B74DF8B0 525312 ----a-w- C:\Windows\Sysnative\catsrvut.dll 2015-12-09 13:25:24 581486C09915529B172B844F620800EB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-12-09 13:25:24 5040CEF0DC919A81AF2C10CC67F3F36C 2887168 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-12-09 13:25:24 1E32A0EF31E39783589F3FF33C71EB26 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-12-09 13:25:23 ECF5CF7E1712A137FD95DCC89ECE2FE5 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-12-09 13:25:23 D63583C3645A5D29D643298273EC2125 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-12-09 13:25:23 33E703517D83F367B0B0B3EF2C807C77 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-12-09 13:25:22 DDA2687E5FC070E066623330BF5A9375 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2015-12-09 13:25:22 DA9927502C6CC6C6D4A5E57E00CAB796 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-12-09 13:25:22 D0EB186DFF60A296B144A0FC2490AC31 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-12-09 13:25:22 CFB4DC8B180EE1FA0F38ED98A82BFFDC 387792 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-12-09 13:25:22 8403AAA093BD7B790111326197D5C30B 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-12-09 13:25:21 FBBC836885522FD1E00A23DC65F78A28 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-12-09 13:25:21 64F4B886C95379DEA6EF3DDF3CE2D853 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-12-09 13:25:21 503155AF5513116632202504D71FA29D 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-12-09 13:25:21 23D900117F368A884C4C36A57E201F97 798208 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-12-09 13:25:21 1537D3FFDC70A1EF8792235A99DC4C4B 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-12-09 13:25:20 B49AF2AB8CDF52290A7529BE3D8B1429 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-12-09 13:25:20 6D86F7F6C9FE6059B610DB1D6EF77659 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-12-09 13:25:20 32C4438BACFF7AAC86AE54FAE74AA483 571392 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-12-09 13:25:19 A2F0AB5736B60AC22D63113489D37FF1 14456832 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-12-09 13:25:19 9D8862210504591545E33FE562BE7078 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-12-09 13:25:19 963F01E33EFADF54DDCCDDF31DFC2D37 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-12-09 13:25:19 2A0AB8E59C47DC589C2DF3CEB1AA22EF 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-12-09 13:25:18 FE196D24FDCE4402EB1762264FA3DE0B 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-12-09 13:25:18 E2C385B0D816AD37616BD4C4204D0633 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-12-09 13:25:18 D3CC1DBE8FE63F3A2FAD5658146DF39B 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-12-09 13:25:18 4264B4BD10C5A21CF4A15998CB71551F 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-12-09 13:25:18 3F0827114CE89176253684B588D4B02E 5923840 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-12-09 13:25:18 377C0436711DE3AFB9527FB88F831F44 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2015-12-09 13:25:18 02A92A8C880FDC242441FBE0620CF14B 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-12-09 13:25:17 B7F26EC33F55842C66A1C3FA34EB8D27 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-12-09 13:25:17 AF71D38B9F23907AB54BC8D9F573CEB3 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-12-09 13:25:17 A8B4563632BAF46BB005A0127727E82D 25837568 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-12-09 13:25:17 0A477F2CCC151E3AED4143B4FDDF74A5 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-12-09 13:25:04 218D2848CDDE80DD9AF72D5DD78F225C 241664 ----a-w- C:\Windows\Sysnative\els.dll 2015-12-07 13:48:55 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\Windows\Sysnative\WPRO_41_2001woem.tmp ====== C:\Windows\Sysnative\drivers ===== 2015-12-09 13:25:27 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys 2015-12-03 22:24:16 B2E1A2E7911DF19A2A41156F16982ECC 11131184 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2015-11-28 14:27:45 D812362E8AF615B521AD4DF19A93BD5A 205456 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys 2015-11-28 14:24:10 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys ====== C:\Windows\Tasks ====== 2015-11-25 14:57:11 8A427B8491E337A6BF923A511DCA11EF 3286 ----a-w- C:\Windows\Sysnative\Tasks\SmartComp Safe Network Schedualer ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-17 15:12:23 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Rico\AppData\Roaming ====== 2015-12-01 18:46:50 -------- d-----w- C:\Users\Rico\AppData\Roaming\Avira 2015-12-01 18:41:47 -------- d-----w- C:\Users\Rico\AppData\Roaming\Curse Advertising 2015-11-20 19:59:30 509A72021EC453D5D4898BDCEB4C0176 2695 ----a-w- C:\Users\Rico\AppData\Local\recently-used.xbel 2015-11-19 17:10:44 -------- d-----w- C:\Users\Rico\AppData\Local\gtk-2.0 2015-11-19 17:09:03 -------- d-----w- C:\Users\Rico\AppData\Local\fontconfig 2015-11-19 17:09:02 -------- d-----w- C:\Users\Rico\AppData\Local\gegl-0.2 ====== C:\Users\Rico ====== 2015-12-17 15:16:23 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rico\Desktop\RSITx64.exe 2015-12-17 15:12:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rico\Downloads\RSITx64.exe 2015-12-13 21:45:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox ====== C: exe-files == 2015-12-18 15:24:21 FA23FDB5E698703494B2660B9F4D9BD3 7076984 ----a-w- C:\Users\Rico\AppData\Local\NVIDIA\NvBackend\Packages\0000841c\DAO.20271937.exe 2015-12-18 09:36:12 C28B734422F7E8DA552A5E119FBF8F26 630200 ----a-w- C:\Users\Rico\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-12-18 09:36:10 53CE224989EE4D0B63E35177F21E1275 172984 ----a-w- C:\Users\Rico\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-12-17 15:16:23 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rico\Desktop\RSITx64.exe 2015-12-17 15:12:23 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Rico.exe 2015-12-17 15:12:01 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rico\Downloads\RSITx64.exe 2015-12-16 22:18:19 9A81ADFEA183CA54971D9EE568D4AE67 758864 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\47.0.2526.106\47.0.2526.106_47.0.2526.80_chrome_updater_3stage.exe 2015-12-16 21:46:25 6C6863B16E4D23411D93CC8174BFAC09 599680 ----a-w- C:\Users\Rico\AppData\Local\NVIDIA\NvBackend\Packages\000083fd\CoProc update.20264145.exe 2015-12-14 17:14:20 C05F8A852ED1320B3C9FA96EC1D5B536 2008064 ----a-w- C:\Users\Rico\AppData\Local\Temp\hp_u2_1309.exe 2015-12-13 21:44:51 1BEBC31761CB126357D3BA4FEEC054D6 52733696 ----a-w- C:\Program Files (x86)\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.12.5\DropboxClient_3.12.5.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2452976972-3726710777-2920159691-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Rico\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "CCleaner Monitoring"="D:\CCleaner\CCleaner64.exe /MONITOR" "HP Officejet 5740 series (NET)"="C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe -deviceID TH54U3Y1YM05ZF:NW -scfn HP Officejet 5740 series (NET) -AutoStart 1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "RzWizard"="C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe" "avgnt"="C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min" "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" "GrooveMonitor"="D:\Office12\GrooveMonitor.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Rico\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "CCleaner Monitoring"="D:\CCleaner\CCleaner64.exe /MONITOR" "HP Officejet 5740 series (NET)"="C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe -deviceID TH54U3Y1YM05ZF:NW -scfn HP Officejet 5740 series (NET) -AutoStart 1" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "VIRTU MVP"="C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "VIRTU_MVP_AUTORUN"="%ProgramFiles%\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide" ==== Startup Folders ====================== 2014-10-24 20:30:16 0 ----a-w- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [28/09/2015 17:25] C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [28/09/2015 17:25] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2015 19:03] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2015 19:03] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Admin Menager" [C:\Users\Rico\AppData\Roaming\Admin Menager\Admin Menager.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["D:\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCustPartic.exe_{55028537-8347-417E-BE7E-AAD3F6D22E03}" [C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet 5740 series" ["C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\Windows\SysNative\tasks\Performance Service Schedualer" [C:\Program Files (x86)\Performance Service\PerformanceService.exe] "C:\Windows\SysNative\tasks\SmartComp Safe Network Schedualer" [C:\Program Files (x86)\SmartComp Safe Network\msnworker.exe] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] AdBlock - Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom PDFescape - Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioombffmiompnnfbajkmmghjaleclnjo Chrome Web Store Payments - Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="127.0.0.1:8118" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Rico\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [HP Officejet 5740 series (NET)] "C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH54U3Y1YM05ZF:NW" -scfn "HP Officejet 5740 series (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: CurseClientStartup.ccip O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: LucidSvc - LucidLogix - C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Razer Wizard Service (RzWizardService) - Razer Inc. - C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=43 folders=23 45923745 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Rico\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Rico\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 18/12/2015 at 16:45:24,65 ======================