Zoek.exe v5.0.0.0 Updated 16-June-2014 Tool run by Coban on ma 16-06-2014 at 16:23:30,73. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Coban\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16-6-2014 16:24:42 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Panda Security deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Panda Security deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\Users\Coban\AppData\Roaming\GrabPro deleted successfully C:\Users\Coban\AppData\Roaming\Media Player Classic deleted successfully C:\Users\Coban\AppData\Roaming\Panda Security deleted successfully C:\Users\Coban\AppData\Roaming\TP deleted successfully C:\Users\Coban\AppData\Roaming\Windows Live Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default user.js not found ---- Lines snap.do removed from prefs.js ---- user_pref("browser.startup.homepage", "http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=399d07af-2a11-4add-ad49-ec4c7dee65be&sea user_pref("keyword.URL", "http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=399d07af-2a11-4add-ad49-ec4c7dee65be&searchtype=ds&in ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 modified from prefs.js ---- user_pref("extensions.enabledAddons", "addconvertbutton%40convertfiles.com:1.3.1,xthunder%40lshai.com:1.3.4,%7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_16-06-2014_1633_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] ==== Deleting Files \ Folders ====================== C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\extensions\xthunder@lshai.com deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\COMMON~1\337 deleted C:\PROGRA~2\Desk 365 deleted C:\Users\Coban\AppData\Roaming\Desk 365 deleted C:\Users\Coban\AppData\Roaming\DVDVideoSoftIEHelpers deleted C:\Users\Coban\AppData\Roaming\Babylon deleted C:\Users\Coban\AppData\Roaming\OpenCandy deleted C:\Users\Coban\AppData\Local\Bundled software uninstaller deleted C:\Users\Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted C:\Users\Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx deleted C:\Users\Coban\AppData\Local\Google\Chrome\User Data\Default\bprotector web data deleted C:\Users\Coban\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard deleted C:\windows\SysNative\Tasks\Browser Manager deleted C:\Users\Coban\AppData\LocalLow\boost_interprocess deleted C:\prefs.js deleted C:\END deleted C:\Windows\Syswow64\shoCD04.tmp deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\searchplugins\safesearch.xml deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\searchplugins\Web Search.xml deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\bprotector_extensions.sqlite deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\bprotector_prefs.js deleted C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi deleted "C:\ProgramData\naunobxkdyfvsez" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Coban\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-06-12 14:12:00 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2014-06-12 14:11:59 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2014-06-12 14:11:59 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-06-12 14:11:59 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 14:11:59 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 14:11:55 B50E34870FC8F8CA79BCC2DC3183D691 421376 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-06-12 14:11:55 947DA106EE001900969D42425FBDA183 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-06-12 14:11:55 3829D7D8B098F87C454E468DCAAE4912 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 14:11:55 32FE42E13195DEAF78D1E348F51A5AEE 353792 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 14:11:55 2DCB8AEC38AE1427CB1CFE2432D05107 223232 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 14:11:55 23330909BD92B7611815365559860952 1810432 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-06-12 14:11:54 CFD26829131439B71D0109F9D5345573 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-06-12 14:11:54 9000CE8689BD16819AF8AFDB83B94CCE 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 14:11:54 148B2F103FD322A4B8AEB82D7B35D0AF 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-06-12 14:11:52 B7363143940197BD9F16FD957B4F8131 12356608 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-06-12 14:11:50 0D7B6A0829874B057FF9D35F612B44F5 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe 2014-06-12 14:11:49 BA7CC0D3170EB03FA610BA8EA3A01E9D 65536 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 14:11:49 B2D65154D4D36D6CA22BB586C016C1C1 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 14:11:49 AA5456C16D7F4B73177FD46AD63A12C4 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-06-12 14:11:49 9F5AC4090D7C9F2591060DAC310FD294 1106432 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-06-12 14:11:49 61F727795CAA98C3FCDB48379B78E370 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 14:11:49 4439087A375EFDD297DC470C3214D7D6 41472 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2014-06-12 14:11:48 AD2C67A381CC7148BB98A66BB04DDF5B 9711104 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-06-12 14:11:48 60D2396F470C110B7FAB1CFA4AC0D34B 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 14:11:48 0A3EF805B406103971F27B9597EB98BC 231936 ----a-w- C:\Windows\SysWOW64\url.dll 2014-06-12 14:11:47 74DD13DF9DC59CCC5AE5528ECFA29BE9 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-12 14:12:00 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 801280 ----a-w- C:\Windows\Sysnative\usp10.dll 2014-06-12 14:11:59 ECA6AC33BD9E441F7B47D173D715D268 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-06-12 14:11:59 3408DD8081DC22858AE2E6ABD2594C02 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2014-06-12 14:11:59 0E3A7EC2B9590EA7767BBB1823630DEA 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2014-06-12 14:11:59 0465A8CFDDB4FFDB569802A70B9443D5 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-06-12 14:11:56 2C053C9B2A8249F1F9B38ED1AE455771 506368 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-06-12 14:11:55 D1D5E22152E98F6429DBE42F833AD980 2338816 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-06-12 14:11:55 84A13AB118F433898B5ABA36E8D7CA91 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-06-12 14:11:55 1DF433CEED3F53FEE13389FC8B7176C9 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-06-12 14:11:55 0B3676DC14476F214EFCEBB73FA19C67 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-06-12 14:11:54 CE841E740A66525986E0C3D5B9B2768F 86016 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-06-12 14:11:54 C1E50E66DD3DF55834E301D1D7D85652 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-06-12 14:11:54 7676052785229DFD00537264736DFC33 282112 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-06-12 14:11:54 4015D1D5312657AF4245403640C2776A 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-06-12 14:11:54 34898D3453D5DE5AE9F5CD8DA862776C 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-06-12 14:11:52 EBE2B1BD1AC4537B9BCAB09F5BCA695C 248320 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-06-12 14:11:52 115705BBED3CACDCEEFDA25E516A92A1 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-06-12 14:11:50 E9AD350BC2C7FE88058D6E7A21F8734E 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-06-12 14:11:50 AA6BE99A1C04C1DA2EC9880247554BE2 17857536 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-06-12 14:11:50 98DDD3C25A96C3672E6C3D845A378FC4 2148352 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-06-12 14:11:50 96679519B6125B13030BC01124029675 12800 ----a-w- C:\Windows\Sysnative\mshta.exe 2014-06-12 14:11:49 CB939DBCC8F71F5B3BC904E6A968ADBD 55296 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2014-06-12 14:11:49 321B6E44211F63494DEA762D3A04BCB1 1348608 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-06-12 14:11:48 E480B83F8DD71D696617C6A461D25D7E 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-06-12 14:11:47 C8012AB70CF5E71A6355502EEC86EFE9 11264 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2014-06-12 14:11:47 96A7F98F7FFDC105F3772BF008D3387F 237056 ----a-w- C:\Windows\Sysnative\url.dll 2014-06-12 14:11:47 88C4525F04C77198BB2BDF1AA5AD8298 1494016 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-06-12 14:11:47 192422D65E5B522284C607CB83CA0E9A 10890240 ----a-w- C:\Windows\Sysnative\ieframe.dll ====== C:\Windows\Sysnative\drivers ===== 2014-06-15 20:56:24 BC6A822686BE8546CA3F8342E82E8567 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-06-15 20:56:24 6BEB02EBE93CF1E7E5EB1B594B0FA380 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-06-15 20:56:24 055C8E71F6DCE9215E31E91BAADDB27F 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-06-12 14:11:59 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-12 14:11:59 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-16 09:27:47 -------- d-----w- C:\Program Files\trend micro 2014-05-21 13:59:15 -------- d-----w- C:\Program Files\iTunes 2014-05-21 13:59:15 -------- d-----w- C:\Program Files\iPod 2014-05-21 13:51:05 -------- d-----w- C:\Program Files\Bonjour ======= C:\PROGRA~2 ===== 2014-06-15 20:44:52 -------- d-----w- C:\PROGRA~2\Trend Micro 2014-06-05 12:50:58 -------- d-----w- C:\PROGRA~2\Popcorn Time 2014-05-21 13:59:15 -------- d-----w- C:\PROGRA~2\iTunes 2014-05-21 13:51:05 -------- d-----w- C:\PROGRA~2\Bonjour ======= C: ===== ====== C:\Users\Coban\AppData\Roaming ====== 2014-06-06 19:33:56 1D721F24EFCFDE1B81B98AB0E177766E 5446040 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2014-06-05 12:51:26 -------- d-----w- C:\Users\Coban\AppData\Local\Popcorn-Time 2014-06-05 12:51:20 -------- d-----w- C:\Users\Coban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time ====== C:\Users\Coban ====== 2014-05-21 14:00:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-05-21 13:59:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-05-21 13:52:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-05-20 20:59:48 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches ====== C: exe-files == 2014-06-16 09:27:48 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Coban.exe 2014-06-16 09:27:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O0AJ3E7\RSITx64.exe 2014-06-15 20:53:38 509E42DD6D402BD23A1DE687EAD6C24D 17305656 ----a-w- C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4YY82PU\mbam-setup.exe 2014-06-15 15:44:10 A90034756B9702C2ED0375433EC26C8E 7561808 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.153\35.0.1916.153_35.0.1916.114_chrome_updater_alt.exe 2014-06-12 14:11:56 511E0519B437C263E95EA46330312B7F 172224 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-06-12 14:11:55 EF15B0554634BD981BB718E9BF6EE891 46784 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-06-12 14:11:50 E9AD350BC2C7FE88058D6E7A21F8734E 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-06-12 14:11:50 96679519B6125B13030BC01124029675 12800 ----a-w- C:\Windows\System32\mshta.exe 2014-06-12 14:11:50 0D7B6A0829874B057FF9D35F612B44F5 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe 2014-06-12 14:11:49 B2D65154D4D36D6CA22BB586C016C1C1 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 14:11:49 7BA5B7DEDE25D44F3E664D5BA067E3CD 758000 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-06-12 14:11:49 3AC6E5CF6322A7A8360D6CCFE79ABC33 763632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-06-12 14:11:47 D14CBA888EF2A88C28CB5E6396A295DA 22528 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2014-06-12 14:11:47 C8012AB70CF5E71A6355502EEC86EFE9 11264 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-06-12 14:11:47 77AEB4008A5E1015599A4DC6AE50C33B 223232 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-06-12 14:11:47 74DD13DF9DC59CCC5AE5528ECFA29BE9 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2014-06-12 14:11:47 28581C0764DE916B87F8836E40F7D56E 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-06-12 14:11:46 2CEC4E901C78335A5595DA780C9CE257 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-06-12 14:11:46 054E45A74734CDBDDEFB503CBBA0E0DF 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe === C: other files == 2014-06-15 20:56:24 BC6A822686BE8546CA3F8342E82E8567 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-15 20:56:24 6BEB02EBE93CF1E7E5EB1B594B0FA380 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-06-15 20:56:24 055C8E71F6DCE9215E31E91BAADDB27F 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-12 14:11:59 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-12 14:11:59 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "InternetCalls"="C:\Program Files (x86)\InternetCalls.com\InternetCalls\internetcalls.exe -nosplash -minimized" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Windows\CurrentVersion\runonce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "InternetCalls"="C:\Program Files (x86)\InternetCalls.com\InternetCalls\internetcalls.exe -nosplash -minimized" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acrobat Assistant 8.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 11.0\\Acrobat\\Acrotray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hobbyist Software VLC Streamer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Hobbyist Software VLC Streamer" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Hobbyist Software\\VLC Streamer\\VLC Streamer Configuration.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPConnectionManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPConnectionManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Connection Manager\\HPCMDelayStart.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-11-2011 15:54] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForCOBAN-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13-09-2010 22:15] C:\Windows\tasks\HPCeeScheduleForCoban.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForCoban" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForCOBAN-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe"] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{4D9CA7BB-4295-445D-BDC3-4F47CF3FC0CB}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{BE65A1D9-4520-4C57-92BF-8E12A53F0871}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.1.0.104.161/nl/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF" [21-11-2013 01:07] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default - DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 - Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFF - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Convert.Files - %ProfilePath%\extensions\addconvertbutton@convertfiles.com.xpi - Media Converter - %ProfilePath%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi - Sothink Web Video Downloader for Firefox - %ProfilePath%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Coban\AppData\Roaming\Mozilla\Firefox\Profiles\z93js5lc.default A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bejnhdlplbjhffionohbdnpcbobfejcc - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx[29-04-2014 14:31] dfaldikcoaplhepekpbngkepfcoiihef - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[22-08-2011 05:50] efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21-12-2013 08:04] kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 15:13] Google Drive - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Norton Identity Safe for Google Chrome™ - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc YouTube - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Website Logon - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef Adobe Acrobat - Create PDF - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj Google Wallet - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - Coban\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=399d07af-2a11-4add-ad49-ec4c7dee65be&searchtype=ds&q={searchTerms}&installDate={installDate}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {27C205D4-0E1A-41F4-AC40-954AA150AB6B} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C7520077-EF9A-4B72-AA51-A2C62C8016BE} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_nlNL457" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1327584340-4008737961-4063509114-1001\Software\Microsoft\Internet Explorer\SearchScopes\{27C205D4-0E1A-41F4-AC40-954AA150AB6B} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Coban\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Coban\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Coban\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O0AJ3E7 will be deleted at reboot C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4YY82PU will be deleted at reboot C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYMX4E97 will be deleted at reboot C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Coban\AppData\Local\Mozilla\Firefox\Profiles\z93js5lc.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Coban\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=385 folders=64 25369633 bytes) ==== Empty Temp Folders ====================== C:\Users\Coban\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Coban\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O0AJ3E7" deleted "C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4YY82PU" deleted "C:\Users\Coban\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYMX4E97" not found ==== EOF on ma 16-06-2014 at 16:42:48,23 ======================