==== Older Logs ====================== D:\zoek-results05-09-2013-2330.log 24827 bytes ==== Creating Sample_11-09-2013_1212.zip ====================== Process rundll32.exe killed Copied file D:\Users\stefaan\AppData\Roaming\BabMaint.exe to sample\BabMaint.exe Copied file \install.exe to sample\install.exe sample\BabMaint.exe renamed to CC1A55091FD96BCB624AD791CD15D179 sample\install.exe renamed to 520A6D1CBCC9CF642C625FE814C93C58 D:\Users\Public\Desktop\sample_11-09-2013_1212.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3303594453-3049945180-739671812-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3303594453-3049945180-739671812-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDefendert deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserDefendert deleted successfully ==== Deleting Files \ Folders ====================== "D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted "D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "D:\Windows\System32\Tasks\PC Performer" deleted "D:\Windows\System32\Tasks\DealPly" deleted "D:\Windows\System32\Tasks\DealPlyUpdate" deleted "D:\Windows\System32\Tasks\DSite" deleted "D:\Users\stefaan\Downloads\SoftonicDownloader_for_rk-launcher.exe" deleted "D:\Users\stefaan\Downloads\SoftonicDownloader_voor_fastest-free-youtube-downloader-to-mp3-converter (1).exe" deleted "D:\Users\stefaan\Downloads\SoftonicDownloader_voor_fastest-free-youtube-downloader-to-mp3-converter.exe" deleted "D:\Users\stefaan\Downloads\SoftonicDownloader_voor_youtube-to-mp3-converter.exe" deleted "D:\Windows\system32\Tasks\Express FilesUpdate" deleted "D:\Windows\system32\Tasks\BrowserDefendert" deleted "D:\Windows\system32\Tasks\EPUpdater" deleted "D:\Windows\tasks\DSite.job" deleted "D:\user.js" deleted "D:\END" deleted "D:\Users\Public\Desktop\PC Performer.lnk" deleted "D:\Users\stefaan\AppData\Roaming\BabMaint.exe" deleted "D:\Users\stefaan\AppData\Roaming\7go\7go.crx" deleted "D:\Users\stefaan\AppData\Roaming\7go\icon.ico" deleted "D:\Users\stefaan\AppData\Roaming\7go" deleted "D:\Program Files\Smart Driver Updater" deleted "D:\Program Files\ExpressFiles" deleted "D:\Program Files\Delta" deleted "D:\Program Files\Common Files\DVDVideoSoft\TB" deleted "D:\Program Files\Common Files\DVDVideoSoft\bin" deleted "D:\Program Files\GoforFiles" deleted "D:\Program Files\Yontoo" deleted "D:\Program Files\SweetIM" deleted "D:\Users\stefaan\AppData\Roaming\GoforFiles" deleted "D:\Users\stefaan\AppData\Roaming\ExpressFiles" deleted "D:\Users\stefaan\AppData\Roaming\DVDVideoSoftIEHelpers" deleted "D:\Users\stefaan\AppData\Roaming\DSite" deleted "D:\Users\stefaan\AppData\Roaming\PerformerSoft" deleted "D:\Users\stefaan\AppData\Roaming\Smart Driver Updater" deleted "D:\Users\stefaan\AppData\Local\DirectDownloader" deleted "D:\Users\stefaan\AppData\Local\PackageAware" deleted "D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted "D:\Users\stefaan\AppData\LocalLow\BabylonToolbar" deleted "D:\Users\stefaan\AppData\LocalLow\Delta" deleted "D:\Windows\System32\searchplugins" deleted "D:\Windows\System32\Extensions" deleted "D:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" deleted "D:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted ==== Files Recently Created / Modified ====================== ====== D:\Windows ==== ====== D:\Users\stefaan\AppData\Local\Temp ==== ====== D:\Windows\system32 ===== ====== D:\Windows\system32\drivers ===== 2013-09-06 14:27:44 E6D35F3AA51A65EB35C1F2340154A25E 54016 ----a-w- D:\Windows\System32\drivers\ywvp.sys 2013-08-14 20:53:30 4E8B9BE71B807B3BAEDB7F4243F85E3C 1293760 ----a-w- D:\Windows\System32\drivers\tcpip.sys 2013-08-14 20:51:09 B37B08F2E5EEB1A37E448E09BACE1101 31232 ----a-w- D:\Windows\System32\drivers\tssecsrv.sys ====== D:\Windows\Tasks ====== 2013-08-28 18:42:11 AFFF9ECADB987EBBFC1070400E4B1E4E 3634 ----a-w- D:\Windows\system32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series 2013-08-28 18:19:18 B208C3DC5FD3571F1DB8EFA3FF1BC26A 270 ----a-w- D:\Windows\Tasks\DriverDoc_UPDATES.job 2013-08-28 18:19:18 5C96EC85FD492F078888716BA7CF73E1 3020 ----a-w- D:\Windows\system32\Tasks\DriverDoc_UPDATES 2013-08-28 18:19:11 62566E034ED29EF04C60C5BD856A1AB9 3110 ----a-w- D:\Windows\system32\Tasks\DriverDocRunAtStartup ====== D:\Windows\Temp ====== ======= D:\Program Files ===== 2013-09-05 09:56:12 -------- d-----w- D:\Program Files\trend micro 2013-09-01 22:09:48 -------- d-----w- D:\Program Files\iPod 2013-09-01 22:09:47 -------- d-----w- D:\Program Files\iTunes 2013-08-29 08:00:45 -------- d-----w- D:\Program Files\7Go Games 2013-08-29 08:00:35 -------- d-----w- D:\Program Files\Video Performer 2013-08-28 18:42:31 -------- d-----w- D:\Program Files\Microsoft 2013-08-28 18:42:27 -------- d-----w- D:\Program Files\HP Photo Creations 2013-08-28 18:41:39 -------- d-----w- D:\Program Files\HP 2013-08-28 18:19:06 -------- d-----w- D:\Program Files\DriverDoc ======= D: ===== ====== D:\Users\stefaan\AppData\Roaming ====== 2013-08-31 20:52:59 -------- d-----w- D:\users\stefaan\AppData\Local\avgchrome 2013-08-29 08:01:35 -------- d-----w- D:\users\stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender 2013-08-29 08:01:13 -------- d-----w- D:\users\stefaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer 2013-08-28 18:42:14 -------- d-----w- D:\users\stefaan\AppData\Roaming\HpUpdate 2013-08-28 18:41:16 -------- d-----w- D:\users\stefaan\AppData\Local\HP 2013-08-28 18:30:03 -------- d-----w- D:\users\stefaan\AppData\Local\ElevatedDiagnostics 2013-08-28 18:19:08 -------- d-----w- D:\users\stefaan\AppData\Roaming\Solvusoft ====== D:\Users\stefaan ====== 2013-09-09 06:51:41 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- D:\Users\stefaan\Downloads\tdsskiller.exe 2013-09-05 09:55:13 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- D:\Users\stefaan\Downloads\RSIT.exe 2013-09-01 22:10:30 -------- d-----w- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2013-09-01 22:09:47 -------- d-----w- D:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-08-29 08:01:07 -------- d-----w- D:\ProgramData\BrowserDefender 2013-08-29 08:00:51 -------- d-----w- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer 2013-08-28 18:42:27 -------- d-----w- D:\ProgramData\Visan 2013-08-28 18:42:27 -------- d-----w- D:\ProgramData\HP Photo Creations 2013-08-28 18:42:02 -------- d-----w- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2013-08-28 18:41:42 -------- d-----w- D:\ProgramData\HP 2013-08-28 18:41:34 26B5C6D00ED485E883A08A0D82C0CB69 57 ----a-w- D:\ProgramData\Ament.ini 2013-08-28 18:35:14 AD25AD09344ABBF4E296589440C1FE35 51012704 ----a-w- D:\Users\stefaan\Downloads\DJ2050_J510_1313.exe 2013-08-28 18:27:05 90DB0DC7F88A778B4937A776DA737BA3 3441528 ----a-w- D:\Users\stefaan\Downloads\DriverDoc_2013_a (2).exe 2013-08-28 18:25:57 90DB0DC7F88A778B4937A776DA737BA3 3441528 ----a-w- D:\Users\stefaan\Downloads\DriverDoc_2013_a (1).exe 2013-08-28 18:25:15 90DB0DC7F88A778B4937A776DA737BA3 3441528 ----a-w- D:\Users\stefaan\Downloads\DriverDoc_2013_a.exe 2013-08-28 18:21:37 90DB0DC7F88A778B4937A776DA737BA3 3441528 ----a-w- D:\Users\stefaan\Downloads\HP_(Hewlett_Packard)_Deskjet_2050_-_J510a_Driver_Update_08-2013.exe 2013-08-28 18:19:06 -------- d-----w- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverDoc 2013-08-28 18:18:36 90DB0DC7F88A778B4937A776DA737BA3 3441528 ----a-w- D:\Users\stefaan\Downloads\HP_(Hewlett_Packard)_Deskjet_2050_Driver_Update_08-2013.exe ====== D: exe-files == 2013-09-09 06:51:41 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- D:\Users\stefaan\Downloads\tdsskiller.exe 2013-09-05 09:56:13 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- D:\Program Files\trend micro\stefaan.exe 2013-09-05 09:55:13 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- D:\Users\stefaan\Downloads\RSIT.exe 2013-09-05 08:11:45 514FC42D49F76C16CC1839A6B9D3AC05 1611104 ----a-w- D:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_29.0.1547.62_chrome_updater.exe === D: other files == 2013-09-11 10:12:52 146DFEB699EF69F189D2BF0BBC110644 313049 ----a-w- D:\Users\Public\Desktop\sample_11-09-2013_1212.zip 2013-09-06 14:27:44 E6D35F3AA51A65EB35C1F2340154A25E 54016 ----a-w- D:\Windows\System32\drivers\ywvp.sys ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - D:\Program Files\DealPly\DealPly.crx[] gjajpkikblccgefaibcafkfbanllpefi - D:\Users\stefaan\AppData\Roaming\7go\7go.crx[] jcdgjdiieiljkfkdcloehkohchhpekkn - D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] licjnkifamhpbaefhdpacpmihicfbomb - D:\Program Files\PricePeep\pricepeep.crx[] niapdbllcanepiiimjjndipklodoedlc - D:\Program Files\Yontoo\YontooLayers.crx[] nneajnkjbffgblleaoojgaacokifdkhm - D:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06-05-2013 10:12] ogccgbmabaphcakpiclgcnmcnimhokcj - D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions gaiilaahiahdejapggenmdmafpmbipje - D:\Program Files\DealPly\DealPly.crx[] nikpibnbobmbdbheedjfogjlikpgpnhp - D:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[12-12-2012 19:51] YouTube - stefaan - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - stefaan - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - stefaan - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf 7Go Games - stefaan - Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi Card number - stefaan - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Better Pop Up Blocker - stefaan - Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic DivX Plus Web Player HTML5 \u003Cvideo\u003E - stefaan - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - stefaan - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi deleted successfully D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjajpkikblccgefaibcafkfbanllpefi_0.localstorage deleted successfully D:\Users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gjajpkikblccgefaibcafkfbanllpefi_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.babylon.com/?babsrc=HP_def_bay2g" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {469162C6-CA9D-46F6-A268-5472CDCC08E4} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3303594453-3049945180-739671812-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-3303594453-3049945180-739671812-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-3303594453-3049945180-739671812-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully ==== Empty IE Cache ====================== D:\Users\stefaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Users\stefaan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== D:\users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully D:\users\stefaan\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== D:\Windows\Temp successfully emptied D:\Users\stefaan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== D:\$RECYCLE.BIN successfully emptied D:\RECYCLER successfully emptied ==== EOF on wo 11-09-2013 at 12:19:15,48 ======================