Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by AlineJan on wo 09/04/2014 at 10:20:30,87. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\AlineJan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-04-08-092456.log 434 bytes C:\zoek-results2014-04-08-194737.log 402 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Mega Browse deleted successfully C:\PROGRA~2\COMMON~1\Telespree deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\Program Files\Common Files\Symantec Shared deleted successfully C:\PROGRA~3\Browser Manager deleted successfully C:\PROGRA~3\BrowserProtect deleted successfully C:\PROGRA~3\CorelCAD deleted successfully C:\Users\AlineJan\AppData\Roaming\HpUpdate deleted successfully C:\Users\AlineJan\AppData\Roaming\Malwarebytes deleted successfully C:\Users\AlineJan\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\AlineJan\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3d86a75b-cb6b-4764-885d-ca6336f04ba2} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^AlineJan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Movies Toolbar deleted C:\ProgramData\Datamngr deleted "C:\Windows\tasks\ReclaimerUpdateFiles_AlineJan.job" deleted "C:\Windows\tasks\ReclaimerUpdateXML_AlineJan.job" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\AlineJan\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-04-05 19:45:55 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-05 19:45:40 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-05 19:45:40 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-03-29 13:32:44 D0F6DEE46E2D7C11D7528E8616DBA03D 61120 ----a-w- C:\Windows\Sysnative\drivers\wStLibG64.sys ====== C:\Windows\Tasks ====== 2014-03-27 06:33:32 D2FE71E91EB7EB364C24F576AC814B43 3630 ----a-w- C:\Windows\Sysnative\Tasks\RNUpgradeHelperResumePrompt_AlineJan 2014-03-25 17:45:36 C653FB5122450CE52BC397DDAF49A63D 3352 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2635711567-3001363841-3105779589-1001 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-07 08:19:32 -------- d-----w- C:\Program Files\trend micro 2014-03-23 15:08:12 -------- d-----w- C:\Program Files\Corel 2014-03-23 15:08:12 -------- d-----w- C:\Program Files\Common Files\Corel ======= C:\PROGRA~2 ===== 2014-03-25 17:45:08 -------- d-----w- C:\PROGRA~2\RealNetworks 2014-03-25 17:45:01 -------- d-----w- C:\PROGRA~2\COMMON~1\xing shared 2014-03-25 17:44:32 -------- d-----w- C:\PROGRA~2\Real 2014-03-22 12:29:44 -------- d-----w- C:\PROGRA~2\Microsoft SDKs 2014-03-22 12:29:43 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio 9.0 ======= C: ===== ====== C:\Users\AlineJan\AppData\Roaming ====== 2014-03-25 17:45:36 -------- d-----w- C:\Users\AlineJan\AppData\Roaming\RealNetworks 2014-03-25 17:45:28 -------- d-----w- C:\Users\AlineJan\AppData\Local\Real 2014-03-25 17:44:01 -------- d-----w- C:\Users\AlineJan\AppData\Roaming\Real 2014-03-23 19:58:25 -------- d-----w- C:\Users\AlineJan\AppData\Roaming\Corel 2014-03-23 19:56:39 -------- d-----w- C:\Users\AlineJan\AppData\Local\CrashRpt 2014-03-23 19:56:39 -------- d-----w- C:\Users\AlineJan\AppData\Local\Corel Corporation 2014-03-23 15:09:22 -------- d-----w- C:\Users\AlineJan\AppData\Roaming\CorelCAD x64 ====== C:\Users\AlineJan ====== 2014-03-25 17:45:06 -------- d-----w- C:\ProgramData\RealNetworks 2014-03-25 17:44:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-03-25 17:44:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-03-25 17:42:26 -------- d-----w- C:\ProgramData\Real 2014-03-23 15:08:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelCAD 2014 x64 ====== C: exe-files == 2014-04-07 08:19:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\AlineJan.exe 2014-04-07 08:19:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\AlineJan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1DHB1JX\RSITx64.exe 2014-04-07 08:19:19 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\AlineJan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1DHB1JX\RSITx64.exe 2014-04-05 19:45:07 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\AlineJan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXWTCWRS\mbam-setup-2.0.1.1004.exe 2014-04-05 19:45:07 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Documents and Settings\AlineJan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXWTCWRS\mbam-setup-2.0.1.1004.exe === C: other files == 2014-04-05 19:45:55 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-05 19:45:40 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-05 19:45:40 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\wincert\\win32c~1.dll c:\\progra~2\\movies~1\\datamngr\\mgrldr.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Denzi] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Denzi" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Denzi\\Denzi.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Easybits Recovery" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP CoolSense] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP CoolSense" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP CoolSense\\CoolSense.exe -byrunkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Quick Launch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Quick Launch" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch\\HPMSGSVC.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iLivid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iLivid" "hkey"="HKCU" "command"="\"C:\\Users\\AlineJan\\AppData\\Local\\iLivid\\iLivid.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Speed Maximizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PC Speed Maximizer" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\PC Speed Maximizer\\SPMLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Samsung Link] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Samsung Link" "hkey"="HKLM" "command"="\"C:\\Program Files\\Samsung\\Samsung Link\\Samsung Link Tray Agent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SetDefault] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SetDefault" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP LaunchBox\\SetDefault.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Smart Driver Updater] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Smart Driver Updater" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Smart Driver Updater\\SDULauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SUPERAntiSpyware" "hkey"="HKCU" "command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^AlineJan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SharePort Plus.lnk] "item"="SharePort Plus" "path"="C:\\Users\\AlineJan\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SharePort Plus.lnk" "backup"="C:\\Windows\\pss\\SharePort Plus.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\D-Link\\SHAREP~1\\SHAREP~1.EXE" ==== Startup Folders ====================== 2013-01-05 21:11:40 1055 ----a-w- C:\Users\AlineJan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/03/2014 21:09] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/03/2013 21:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/03/2013 21:49] C:\Windows\tasks\HPCeeScheduleForAlineJan.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe [] C:\Windows\tasks\RNUpgradeHelperLogonPrompt_AlineJan.job --a------ C:\Users\AlineJan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [25/03/2014 19:50] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\EPUpdater" [C:\Users\AlineJan\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe] "C:\Windows\SysNative\tasks\Express FilesUpdate" [C:\Program Files (x86)\ExpressFiles\EFUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForAlineJan" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050 J610 series" ["C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\HpWebReg.exe" [C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe] "C:\Windows\SysNative\tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe"] "C:\Windows\SysNative\tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe"] "C:\Windows\SysNative\tasks\LaunchApp" [C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe"] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2635711567-3001363841-3105779589-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2635711567-3001363841-3105779589-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RNUpgradeHelperLogonPrompt_AlineJan" [C:\Users\AlineJan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe] "C:\Windows\SysNative\tasks\RNUpgradeHelperResumePrompt_AlineJan" [C:\Users\AlineJan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E2CC32F0-6222-44DC-B2FD-C4B5500BFE05}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\YourFile DownloaderUpdate" [C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [25/03/2014 19:45] ==== Firefox Extensions ====================== ExtDir: C:\Users\AlineJan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - FT Downloader - %ExtDir%\ftd@ftd.com.xpi - Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bicnnkjibmphdeigoodpjlcklcnaobdj - C:\Program Files (x86)\TornTV.com\torntv10.crx[] dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\AlineJan\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 16:24] kanflfepiobnpjbljmngfgegijhdpljm - C:\Program Files (x86)\HP SimplePass\tschrome.crx[01/04/2013 03:25] lgnbhdnimikkoodkogjlcllngimhlapp - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx[] lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\AlineJan\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[] YouTube - AlineJan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - AlineJan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf RealDownloader - AlineJan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Website Logon - AlineJan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm Gmail - AlineJan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Ask Toolbar - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne Google Docs - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DropToS - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Google Search - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Torch Music - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad FaceLift - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk RealDownloader - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Website Logon - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm Torch Helper - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Google Wallet - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Torch Music - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed Hola for Torch - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh Gmail - AlineJan\AppData\Local\Torch\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2635711567-3001363841-3105779589-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=496 folders=37 28294171 bytes) ==== EOF on wo 09/04/2014 at 21:30:13,64 ======================