Zoek.exe v5.0.0.0 Updated 13-November-2014 Tool run by roberto scooters on do 13-11-2014 at 13:05:15,49. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\roberto scooters\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 13-11-2014 13:07:28 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\eSobi deleted successfully C:\Program Files\log deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\VipBoxSportsApp.com deleted successfully C:\PROGRA~2\Babylon deleted successfully C:\PROGRA~2\PCSettings deleted successfully C:\Users\roberto scooters\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\roberto scooters\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14d02517-c8be-4735-a344-3c8366c77aa0} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14d02517-c8be-4735-a344-3c8366c77aa0} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{598f4e85-2ee6-43a8-bf43-c75c82b925fe} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{598f4e85-2ee6-43a8-bf43-c75c82b925fe} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6df8a038-1b03-41eb-a92b-0e82de08ee4a} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6df8a038-1b03-41eb-a92b-0e82de08ee4a} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1df253a-9e7a-480d-b6a5-7a435b520dbb} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b1df253a-9e7a-480d-b6a5-7a435b520dbb} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40f650b7-7625-4388-a39d-e7224d0a69b6} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40f650b7-7625-4388-a39d-e7224d0a69b6} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully HKEY_CLASSES_ROOT\CLSID\{7888381e-e4f0-48f5-a278-b48b0187d950} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8040829d-1177-46e2-9157-8282438b79c7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{14d02517-c8be-4735-a344-3c8366c77aa0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14d02517-c8be-4735-a344-3c8366c77aa0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{598f4e85-2ee6-43a8-bf43-c75c82b925fe} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598f4e85-2ee6-43a8-bf43-c75c82b925fe} deleted successfully HKEY_CLASSES_ROOT\CLSID\{6df8a038-1b03-41eb-a92b-0e82de08ee4a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6df8a038-1b03-41eb-a92b-0e82de08ee4a} deleted successfully HKEY_CLASSES_ROOT\CLSID\{b1df253a-9e7a-480d-b6a5-7a435b520dbb} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1df253a-9e7a-480d-b6a5-7a435b520dbb} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\CLSID\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} deleted successfully HKEY_CLASSES_ROOT\CLSID\{40f650b7-7625-4388-a39d-e7224d0a69b6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{7888381e-e4f0-48f5-a278-b48b0187d950} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{8040829d-1177-46e2-9157-8282438b79c7} deleted successfully HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{40f650b7-7625-4388-a39d-e7224d0a69b6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{40f650b7-7625-4388-a39d-e7224d0a69b6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Acer\Empowering Technology\SysMonitor.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\MyPC Backup\BackupStack.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\PROGRA~1\MOTITA~2\bar\1.bin\94barsvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\NLSSRV32.EXE C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe C:\Program Files\MyWebFace_5a\bar\1.bin\5abrmon.exe C:\Program Files\Motitags_94\bar\1.bin\APPINTEGRATOR.EXE C:\Program Files\mbot_nl_91\mbot_nl_91.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Popcorn Time\Updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\bin32\nSvcAppFlt.exe C:\Program Files\bin32\nSvcIp.exe C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\roberto scooters\Downloads\zoek.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Motitags_94Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Motitags_94Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BackupStack deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_13-11-2014_1324_.backup ProfilePath: C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\5bfy8qp6.default user.js not found ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_13-11-2014_1324_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14d02517-c8be-4735-a344-3c8366c77aa0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598f4e85-2ee6-43a8-bf43-c75c82b925fe}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6df8a038-1b03-41eb-a92b-0e82de08ee4a}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1df253a-9e7a-480d-b6a5-7a435b520dbb}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- "MyWebFace Search Scope Monitor"=- "MyWebFace_5a Browser Plugin Loader"=- "Motitags EPM Support"=- "Motitags AppIntegrator 32-bit"=- "Motitags Search Scope Monitor"=- "mbot_nl_91"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Browser Infrastructure Helper"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Delta not found C:\ProgramData\PCSettings not found C:\Users\roberto scooters\AppData\Local\mbot_nl_91 deleted C:\Program Files\MyPC Backup deleted C:\Program Files\FastPlayer deleted C:\Program Files\PepperZip deleted C:\Users\roberto scooters\AppData\Local\Motitags_94 deleted C:\Users\roberto scooters\appdata\locallow\Motitags_94 deleted C:\Users\roberto scooters\appdata\locallow\MyWebFace_5a deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted C:\Users\roberto scooters\AppData\Roaming\Babylon deleted C:\Users\roberto scooters\AppData\Roaming\Delta deleted C:\Users\roberto scooters\AppData\Roaming\Registry Mechanic deleted C:\PROGRA~2\roth0.pad deleted C:\PROGRA~2\kjhy64.txt deleted C:\PROGRA~2\Tarma Installer deleted C:\Users\roberto scooters\AppData\Local\iLivid deleted C:\Users\roberto scooters\AppData\Local\LPT deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mypc backup deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VipBoxSportsApp.com deleted C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dealermodule Creco deleted C:\Users\roberto scooters\AppData\LocalLow\IAC deleted C:\Users\roberto scooters\AppData\LocalLow\Delta deleted C:\Users\roberto scooters\AppData\LocalLow\Smartbar deleted C:\Windows\wininit.ini deleted C:\Windows\system32\Tasks\BrowserProtect deleted C:\Windows\system32\Tasks\LaunchSignup deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\5bfy8qp6.default\searchplugins\safesearch.xml deleted "C:\Users\roberto scooters\AppData\Local\2433f433" deleted "C:\Users\roberto scooters\AppData\Roaming\2433f433" deleted "C:\ProgramData\2433f433" deleted "C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi" deleted "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" deleted "C:\Program Files\mbot_nl_91\mbot_nl_91.exe" deleted "C:\Program Files\mbot_nl_91\mbot_nl_91.exe" deleted "C:\Program Files\mbot_nl_91\mbot_nl_91.exe" deleted "C:\Program Files\Motitags_94\bar\1.bin\94dlghk.dll" deleted "C:\Program Files\Motitags_94\bar\1.bin\94SrcAs.dll" deleted "C:\Program Files\Motitags_94\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\Motitags_94\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\HPG.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrmon.exe" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrstub.dll" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\T8RES.DLL" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Interop.WMPLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\MACTrackBarLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sgml.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sgmu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sidb.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sidc.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\siem.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sipb.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.exe" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smsp.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smta.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smtu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spbe.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spbl.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sppsm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spusm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srau.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srbs.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srbu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srns.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srom.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srpdm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srut.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll" deleted "C:\Program Files\Motitags_94\bar\1.bin\94dlghk.dll" deleted "C:\Program Files\Motitags_94\bar\1.bin\94SrcAs.dll" deleted "C:\Program Files\Motitags_94\bar\1.bin\APPINTEGRATOR.EXE" deleted "C:\Program Files\Motitags_94\bar\1.bin\APPINTEGRATORSTUB.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\ASSISTMONITOR.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\HPG.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\TOOLBARGUARD.DLL" deleted "C:\Program Files\Motitags_94\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrmon.exe" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrstub.dll" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrmon.exe" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\5abrstub.dll" deleted "C:\Program Files\MyWebFace_5a\bar\1.bin\T8RES.DLL" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Interop.WMPLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\MACTrackBarLib.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sgml.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sgmu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sidb.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sidc.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\siem.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sipb.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.exe" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smsp.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smta.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\smtu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spbe.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spbl.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\sppsm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\spusm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srau.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srbs.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srbu.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srns.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srom.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srpdm.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\srut.dll" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll" deleted "C:\Program Files\Motitags_94" not deleted "C:\Program Files\MyWebFace_5a" not deleted "C:\Program Files\Microsoft\BingBar" not deleted "C:\Program Files\mbot_nl_91" deleted "C:\Users\roberto scooters\AppData\Local\Smartbar" not deleted "C:\Program Files\mbot_nl_91" deleted "C:\Program Files\Motitags_94" not deleted "C:\Program Files\MyWebFace_5a" not deleted "C:\PROGRA~2\???4" not deleted "C:\Program Files\mbot_nl_91" deleted "C:\Program Files\MyWebFace_5a" not deleted "C:\Users\roberto scooters\AppData\Local\Smartbar" not deleted "C:\Program Files\Motitags_94\bar" not deleted "C:\Program Files\Motitags_94\bar\1.bin" not deleted "C:\Program Files\Motitags_94\bar\1.bin\assists" deleted "C:\Program Files\Motitags_94\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\MyWebFace_5a\bar" not deleted "C:\Program Files\MyWebFace_5a\bar\1.bin" not deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application" not deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\nl" deleted "C:\Program Files\Motitags_94\bar" not deleted "C:\Program Files\Motitags_94\bar\1.bin" not deleted "C:\Program Files\Motitags_94\bar\1.bin\assists" deleted "C:\Program Files\Motitags_94\bar\1.bin\assists\ie_default_search_provider" deleted "C:\Program Files\MyWebFace_5a\bar" not deleted "C:\Program Files\MyWebFace_5a\bar\1.bin" not deleted "C:\Program Files\MyWebFace_5a\bar" not deleted "C:\Program Files\MyWebFace_5a\bar\1.bin" not deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application" not deleted "C:\Users\roberto scooters\AppData\Local\Smartbar\Application\nl" deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 2814 MB CPU Info: AMD Athlon(tm) 7450 Dual-Core Processor CPU Speed: 2410,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek HDMI Output (Realtek Hi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 9200 | NVIDIA GeForce 9200 | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Juniper Network Connect Virtual Adapter | NVIDIA nForce 10/100/1000 Mbps Networking Controller CD / DVD Drives: 1x (G: | ) G: HL-DT-STDVDRAM GH40F Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 139,0GB | F: 139,0GB Hard Disks - Free: C: 63,3GB | F: 95,4GB Manufacturer *: Phoenix Technologies, LTD BIOS Info: AT/AT COMPATIBLE | 04/01/09 | ACRSYS - 42302e31 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer WMCP78M Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton AntiVirus On-access scanning disabled (Outdated) Anti-Spyware: Norton AntiVirus disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 33.1 Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 33.1 (x86 nl) Adobe Reader version: 10.1.12.15 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 15.0.0.223 Shockwave Player version: 11.6.8r638 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ROBERT~1\AppData\Local\Temp ==== 2014-11-13 11:43:10 E2ED43ADEB040E4BD5459A2E5A29497F 560024 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\APNSetup.exe 2014-11-07 15:18:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\fnfttsx6.dll 2014-11-06 11:13:16 69190830B6C2AF2F81D88B5094A18B86 634968 ------w- C:\Users\roberto scooters\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS.exe 2014-11-06 06:30:02 A4F62A57C134DAFC319A8B6B7132C2C6 10489888 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\Shop2.exe 2014-11-05 13:38:26 E02F396387F8AA59FA7CC942638D67EE 69056 ------w- C:\Users\roberto scooters\AppData\Local\Temp\C5E767E6-04C1-459E-9B11-5A92251DB9DF[i]\BaofengUpdate.exe 2014-11-05 13:38:26 1087BE1ED3E4CF8BAC3DFB8BCF76FACF 1891840 ------w- C:\Users\roberto scooters\AppData\Local\Temp\C5E767E6-04C1-459E-9B11-5A92251DB9DF[i]\UninstallManager.exe 2014-11-05 13:38:25 3A30D6A48390FA807156AA161F6A8189 108032 ------w- C:\Users\roberto scooters\AppData\Local\Temp\C5E767E6-04C1-459E-9B11-5A92251DB9DF[i]\BFVUpdateM.dll 2014-11-05 13:37:53 6C0A85738A537B899737E6ED77DF48FA 5598856 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\BackupSetup.exe 2014-11-05 13:37:53 5FC9C3133CF5D756B590BBCBE9FE0DF8 3680184 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\C0Etmp\mybestofferstoday.exe 2014-11-05 13:37:53 5AA07BC79C99A89F2740114DDCDA2423 151216 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\C24tmp\setup.exe 2014-11-05 13:37:53 56EEC54AA9E3DB5B2EE166C912406868 11643720 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\C09tmp\setup.exe 2014-11-05 13:37:53 331B97D75ADD85C0359045B6ADDF48D7 576592 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\C0Btmp\lly_omiga-plus.exe 2014-11-05 13:37:53 24937A2C7E1F9640EFF1A33FF6428B12 2349601 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\C22tmp\setup.exe ====== Java Cache ===== 2014-11-13 11:44:43 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\roberto scooters\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-2e504432 2014-11-13 11:43:54 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\roberto scooters\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-55dcfb10 2014-11-13 11:43:54 092A8BEF6BAE7A9B7F583CE30D5CFA62 424 ----a-w- C:\Users\roberto scooters\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2014-11-13 11:43:52 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\roberto scooters\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-372b9c1e 2014-11-13 11:43:54 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\roberto scooters\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-4bb6af04 ====== C:\Windows\system32 ===== 2014-11-13 11:43:05 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-11-12 17:34:35 51992CC4DF2DB150950C6CB505556B9A 146432 ----a-w- C:\Windows\System32\msaudite.dll 2014-11-12 17:34:35 15F315B53C69930BF907D9A0FFCB6206 619520 ----a-w- C:\Windows\System32\adtschema.dll 2014-11-12 17:34:34 DBD84E59D631569EC3E756EF144E8431 449536 ----a-w- C:\Windows\System32\termsrv.dll 2014-11-12 17:34:34 0C96812AAEDA38C89DC6C3F0AE7B6930 1259008 ----a-w- C:\Windows\System32\lsasrv.dll 2014-11-12 17:33:51 37A4DF3BCA563FB7537B881AE91BA9C4 1249280 ----a-w- C:\Windows\System32\msxml3.dll 2014-11-12 17:33:51 06A9049BA8B9F20D755CF03FD12E8AFD 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-11-12 17:33:08 C0D56D9E570D8C294D1D9B2B32D4C857 278528 ----a-w- C:\Windows\System32\schannel.dll 2014-11-12 17:32:52 BC4C024BDC8B676CC58BCE1D5BA7BC04 67072 ----a-w- C:\Windows\System32\packager.dll 2014-11-12 17:31:52 FD7A26BF790751B527E632BD9346DDFD 729600 ----a-w- C:\Windows\System32\IMJP10K.DLL 2014-11-12 17:30:32 BE377621E2D2B483F8EF447079E55585 396800 ----a-w- C:\Windows\System32\AudioEng.dll 2014-11-12 17:30:32 A0344CD5E3F552340AB226E864E1710B 170496 ----a-w- C:\Windows\System32\EncDump.dll 2014-11-12 17:30:32 8E98A99187FF17FC1D48E6FAFFD870BE 316928 ----a-w- C:\Windows\System32\audiosrv.dll 2014-11-12 17:30:32 56B73070DB745E192307EB7AB6C55CD5 274432 ----a-w- C:\Windows\System32\AUDIOKSE.dll 2014-11-12 17:30:20 2908C2D90B78FDC24326B7854079E44E 564224 ----a-w- C:\Windows\System32\oleaut32.dll 2014-11-12 17:24:50 2833F623494FC1EFC0EAC4401CBBF2F2 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-11-12 06:43:03 F832CFAFA6015E21B33A583C7B2CA19A 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-11-12 06:43:02 ECED64B195BF217D5CFD65698BC9727D 65536 ----a-w- C:\Windows\System32\jsproxy.dll 2014-11-12 06:43:02 DE0269B69861CD68EC8D29AD4A01894E 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-11-12 06:43:02 D07699ACF5301E45006AFD7566769E1B 607744 ----a-w- C:\Windows\System32\msfeeds.dll 2014-11-12 06:43:02 565188FD523603C94FD7619E14FB7E32 421376 ----a-w- C:\Windows\System32\vbscript.dll 2014-11-12 06:43:02 556F78D100D031073A7A01992B74E98E 717824 ----a-w- C:\Windows\System32\jscript.dll 2014-11-12 06:43:02 348F63C1CD7952B1433691D4F8E8B1A8 353792 ----a-w- C:\Windows\System32\dxtmsft.dll 2014-11-12 06:43:02 2A60B15FFD6EEDFBA73728593171AA19 41472 ----a-w- C:\Windows\System32\msfeedsbs.dll 2014-11-12 06:43:02 27FA9CA22666E0AFB03F4433A4CEA5B7 1139712 ----a-w- C:\Windows\System32\urlmon.dll 2014-11-12 06:43:01 C94AEBE5CCA3F390E7CBC64D2FF30CDF 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-12 06:43:01 BF493C48DF485DF0DE5F10EFA1BAA1D2 223232 ----a-w- C:\Windows\System32\dxtrans.dll 2014-11-12 06:43:01 BE27559260267DD7431F9E01F0BF87B6 1802752 ----a-w- C:\Windows\System32\iertutil.dll 2014-11-12 06:43:01 B6260FAA9ACF8AC13312C739B23BD0BE 1129472 ----a-w- C:\Windows\System32\wininet.dll 2014-11-12 06:43:01 AB9015D5B288898E7298BE0DC93BFF0E 176640 ----a-w- C:\Windows\System32\ieui.dll 2014-11-12 06:43:01 5C4AE6F46A4307CC5885FF000EEF3A5D 231936 ----a-w- C:\Windows\System32\url.dll 2014-11-12 06:43:01 4AF7834C2D41512749BE5FB46CF6EF37 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2014-11-12 06:43:01 3A98C11FD14209D9D3A0B4E2943B302C 9739776 ----a-w- C:\Windows\System32\ieframe.dll 2014-11-12 06:43:01 08E805C724637412C73A57E50212DBEC 1427968 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-11-12 06:42:58 9F702DD4CE7AC7C5FD3D8E10D012AC06 73216 ----a-w- C:\Windows\System32\mshtmled.dll 2014-11-12 06:42:57 5BDCC7129C2F0A25F8A8FF6A3BDD9896 12366848 ----a-w- C:\Windows\System32\mshtml.dll 2014-11-12 06:42:57 0484379BFC58E440EF432D2C80CF0912 1810944 ----a-w- C:\Windows\System32\jscript9.dll 2014-11-11 09:42:03 D618D6D6E8C006E8D426500ED20BF4A4 229000 ------w- C:\Windows\System32\MpSigStub.exe ====== C:\Windows\system32\drivers ===== 2014-11-06 11:42:25 E987A9CB539147527F56943BB34B7375 142936 ----a-w- C:\Windows\System32\drivers\SYMEVENT.SYS 2014-11-06 11:42:25 A56FDE291912C739D5EDC705B4552D19 805 ----a-w- C:\Windows\System32\drivers\SYMEVENT.INF 2014-11-06 11:42:25 8128DD4852B101ABD9CFB2B93B7EEC0E 8194 ----a-w- C:\Windows\System32\drivers\SYMEVENT.CAT 2014-10-17 06:01:43 4E404505B3F62ECFBDBCBBCF0A72DBC5 143360 ----a-w- C:\Windows\System32\drivers\fastfat.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-13 11:43:09 -------- d-----w- C:\Program Files\Common Files\Java 2014-11-12 09:41:43 -------- d-----w- C:\Program Files\Popcorn Time 2014-11-11 16:46:22 -------- d-----w- C:\Program Files\trend micro 2014-11-10 16:33:31 -------- d-----w- C:\Program Files\Mozilla Maintenance Service ======= C: ===== ====== C:\Users\roberto scooters\AppData\Roaming ====== 2014-11-12 09:42:26 -------- d-----w- C:\Users\roberto scooters\AppData\Local\PopcornTimeDesktop 2014-11-10 17:23:14 -------- d-----w- C:\Users\roberto scooters\AppData\Local\NPE 2014-11-10 16:33:43 -------- d-----w- C:\Users\roberto scooters\AppData\Local\Mozilla 2014-11-06 06:31:17 -------- d-----w- C:\Users\roberto scooters\AppData\Local\Smartbar 2014-10-24 13:38:27 -------- d-----w- C:\Users\roberto scooters\AppData\Local\Popcorn-Time 2014-10-24 13:37:48 -------- d-----w- C:\Users\roberto scooters\AppData\Local\Popcorn Time ====== C:\Users\roberto scooters ====== 2014-11-13 11:42:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-13 11:20:48 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\roberto scooters\Downloads\jxpiinstall.exe 2014-11-12 16:54:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\roberto scooters\Downloads\RSIT.exe 2014-11-12 09:42:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2014-11-12 09:39:45 537B2BF7F7E94E9F3CC4F99353C30136 52067986 ----a-w- C:\Users\roberto scooters\Downloads\PopcornTime-latest.exe 2014-11-10 16:33:33 -------- d-----w- C:\ProgramData\Mozilla 2014-11-06 11:55:29 -------- d-----w- C:\ProgramData\Oracle ====== C: exe-files == 2014-11-13 11:43:10 E2ED43ADEB040E4BD5459A2E5A29497F 560024 ----a-w- C:\Users\roberto scooters\AppData\Local\Temp\APNSetup.exe 2014-11-13 11:42:29 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-11-13 11:42:29 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-11-13 11:42:29 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-11-13 11:42:17 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2014-11-13 11:42:17 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2014-11-13 11:42:17 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2014-11-13 11:42:17 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2014-11-13 11:42:17 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2014-11-13 11:42:17 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2014-11-13 11:42:17 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2014-11-13 11:42:17 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2014-11-13 11:42:17 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2014-11-13 11:42:17 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-11-13 11:42:17 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2014-11-13 11:42:17 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-11-13 11:42:17 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2014-11-13 11:42:17 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2014-11-13 11:42:17 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2014-11-13 11:42:16 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2014-11-13 11:42:16 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2014-11-13 11:42:16 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2014-11-13 11:42:16 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2014-11-13 11:42:16 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2014-11-13 11:42:16 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2014-11-13 11:20:48 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\roberto scooters\Downloads\jxpiinstall.exe 2014-11-13 07:27:35 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-11-13 07:27:35 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-11-13 07:27:34 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-11-13 07:27:29 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-11-13 07:27:28 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-11-13 07:27:28 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-11-13 07:27:26 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-11-13 07:27:20 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe 2014-11-12 17:31:52 A5300B1610FF61B8C28D1C379CFA7A52 105984 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe 2014-11-12 16:54:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\roberto scooters\Downloads\RSIT.exe 2014-11-12 09:42:02 14A4F9F072A8EF9A3C0C9C91D4B2D259 179200 ----a-w- C:\Program Files\Popcorn Time\Updater.exe 2014-11-12 09:41:50 9985A09C2AD157ACD295254E86B605FF 5790432 ----a-w- C:\Program Files\Popcorn Time\chromecast\node.exe 2014-11-12 09:41:48 149E91A81FF4E31C91AB66B87C03C46E 3643392 ----a-w- C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe 2014-11-12 09:41:43 D822ABBE49DEB928C75C2541095BD714 879171 ----a-w- C:\Program Files\Popcorn Time\unins000.exe 2014-11-12 09:39:45 537B2BF7F7E94E9F3CC4F99353C30136 52067986 ----a-w- C:\Users\roberto scooters\Downloads\PopcornTime-latest.exe 2014-11-12 06:43:03 F832CFAFA6015E21B33A583C7B2CA19A 10752 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-11-12 06:43:02 DE0269B69861CD68EC8D29AD4A01894E 11776 ----a-w- C:\Windows\System32\mshta.exe 2014-11-12 06:43:02 7BA2683147FD7748A54D2F04306561CB 22528 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe 2014-11-12 06:43:02 446DA3FA1EB4294A0270B6369FC49C4E 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-11-12 06:43:02 3DF83938DDB281B310D1CA27A08C4411 470016 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-11-12 06:43:01 C94AEBE5CCA3F390E7CBC64D2FF30CDF 142848 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-12 06:43:00 06DE47CAE6D862847A4F24753C199394 757968 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-11-11 16:46:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\roberto scooters.exe 2014-11-11 09:42:03 D618D6D6E8C006E8D426500ED20BF4A4 229000 ------w- C:\Windows\System32\MpSigStub.exe 2014-11-10 16:33:35 42570D7A89870B2845ACCB5E975060B5 103588 ----a-w- C:\Program Files\Mozilla Maintenance Service\Uninstall.exe 2014-11-10 16:33:33 DEA022193DF8C88F6E2B3E33D148A5DB 114288 ----a-w- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe === C: other files == 2014-11-13 11:42:17 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-11-12 17:24:50 2833F623494FC1EFC0EAC4401CBBF2F2 2054656 ----a-w- C:\Windows\System32\win32k.sys 2014-11-12 09:41:52 9653E1D2EED12AE0BF637523EDB2BC70 3773 ----a-w- C:\Program Files\Popcorn Time\chromecast\node_modules\castv2-client\node_modules\castv2\node_modules\protobuf\protobuf\vsprojects\extract_includes.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-664834789-352687274-2228832214-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup" "Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" "EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot" "eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" "PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" "RtHDVCpl"="RtHDVCpl.exe" "Skytel"="Skytel.exe" "NBAgent"="C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" ==== Startup Folders ====================== 2011-02-28 12:22:50 1119 ----a-w- C:\Users\roberto scooters\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2010-11-17 16:09:20 1976 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-11-2014 17:31] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22-10-2014 07:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22-10-2014 07:22] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4818" [wscript.exe C:\Users\ROBERT~1\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\FGRun" [C:\Users\roberto] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe] "C:\Windows\system32\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe] "C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] "C:\Windows\system32\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn" [13-11-2014 12:55] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [17-11-2010 17:11] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ROBERT~1\AppData\Roaming\Mozilla\Firefox\Profiles\5bfy8qp6.default - Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn - Undetermined - {F04D2D30-776C-4d02-8627-8E4385ECA58D} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\roberto scooters\AppData\Roaming\Mozilla\Firefox\Profiles\5bfy8qp6.default E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25 238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18 D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update 67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash 5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In F6D12679B9112358AC705A1308156F59 - C:\Users\roberto scooters\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director C1680C34DE8A405C8829AB93236576FD - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bgnnidmnbdkmhfkjgdnngciimpdgohok - C:\Program Files\VipBoxSportsApp.com\stv12.crx[] iikflkcanblccfahdhdonehdalibjnif - No path found[] jbajpeofkjjeiamcglnmldoboonfkiol - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx[] kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\roberto scooters\AppData\Local\Torch\Plugins\TorchPlugin.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 14:13] nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[20-09-2014 09:52] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0210&m=aspire_x1300" "Search Page"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIg,,&q={searchTerms}" "Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIg,,&q={searchTerms}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0210&m=aspire_x1300" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0210&m=aspire_x1300" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIQ,,&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search/?q=%s" "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIg,,&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIg,,&q={searchTerms}" "SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_Xmyr4DsGS5n78FPYRanGofL9ilp5-y4IscDv4OjUxM-2FRpx9ER2l8PnGhctXz7P7P1nhnwsKiY0zy0ArTeAkDESQzS5RafPJC1hZC-eI4zw83TCeiDEKQPP_8ArUq--fm7vXHyN47zE6alPkMYO9GkIg,,&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.nl/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mbot_nl_91_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7473B376-BABC-4D84-BF08-00EE7CE8CD8E} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\673B3747CBAB48D4FB8000EEC78EDCE8 deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Increase performance and video formats for your HTML5