Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by epcs on wo 03/08/2016 at 18:24:41,87. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\epcs\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3/08/2016 18:26:43 Zoek.exe System Restore Point Created Successfully. ==== Suspicious Entries Found ====================== SYMLINKS found in C:\Program Files\Windows Defender SYMLINKS found in C:\Program Files\Microsoft Security Client ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\HPSSUPPLY deleted successfully C:\Users\epcs\AppData\Roaming\Malwarebytes deleted successfully C:\Users\epcs\AppData\Local\DriverToolkit deleted successfully C:\Users\epcs\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\epcs\AppData\Local\EmieSiteList deleted successfully C:\Users\epcs\AppData\Local\EmieUserList deleted successfully ==== Symlinks Removed ====================== Reparse point C:\Program Files\Windows Defender\MpAsDesc.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpClient.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpCmdRun.exe successfully deleted Reparse point C:\Program Files\Windows Defender\MpCommu.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpEvMsg.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpOAV.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpRTP.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MpSvc.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MSASCui.exe successfully deleted Reparse point C:\Program Files\Windows Defender\MsMpCom.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MsMpLics.dll successfully deleted Reparse point C:\Program Files\Windows Defender\MsMpRes.dll successfully deleted Reparse point C:\Program Files\Windows Defender\nl-NL successfully deleted Reparse point C:\Program Files\Microsoft Security Client\DbgHelp.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\EppManifest.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpAsDesc.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpClient.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpCmdRun.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpCommu.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\mpevmsg.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpOAv.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpRTP.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MpSvc.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MSESysprep.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MsMpCom.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MsMpEng.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MsMpLics.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MsMpRes.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\msseces.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\msseoobe.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\msseooberes.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\MsseWat.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\NisLog.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\NisSrv.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\NisWFP.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\Setup.exe successfully deleted Reparse point C:\Program Files\Microsoft Security Client\SetupRes.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\shellext.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\SqmApi.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\SymSrv.dll successfully deleted Reparse point C:\Program Files\Microsoft Security Client\SymSrv.yes successfully deleted Reparse point C:\Program Files\Microsoft Security Client\Backup successfully deleted Reparse point C:\Program Files\Microsoft Security Client\Drivers successfully deleted Reparse point C:\Program Files\Microsoft Security Client\en-us successfully deleted ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is Wendy's pctje Het volumenummer is DC35-6632 Map van C:\ 10/02/2012 17:17 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\ProgramData 10/02/2012 17:17 Application Data [C:\ProgramData] 10/02/2012 17:17 Desktop [C:\Users\Public\Desktop] 10/02/2012 17:17 Documents [C:\Users\Public\Documents] 10/02/2012 17:17 Favorites [C:\Users\Public\Favorites] 10/02/2012 17:17 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 10/02/2012 17:17 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Oracle\Java\javapath 03/08/2016 18:19 java.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe] 03/08/2016 18:19 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe] 03/08/2016 18:19 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users 10/02/2012 17:17 All Users [C:\ProgramData] 10/02/2012 17:17 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 10/02/2012 17:17 Application Data [C:\ProgramData] 10/02/2012 17:17 Desktop [C:\Users\Public\Desktop] 10/02/2012 17:17 Documents [C:\Users\Public\Documents] 10/02/2012 17:17 Favorites [C:\Users\Public\Favorites] 10/02/2012 17:17 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 10/02/2012 17:17 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Oracle\Java\javapath 03/08/2016 18:19 java.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe] 03/08/2016 18:19 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe] 03/08/2016 18:19 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users\Default 10/02/2012 17:17 Application Data [C:\Users\Default\AppData\Roaming] 10/02/2012 17:17 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 10/02/2012 17:17 Local Settings [C:\Users\Default\AppData\Local] 10/02/2012 17:17 My Documents [C:\Users\Default\Documents] 10/02/2012 17:17 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 10/02/2012 17:17 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 10/02/2012 17:17 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 10/02/2012 17:17 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 10/02/2012 17:17 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 10/02/2012 17:17 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 10/02/2012 17:17 Application Data [C:\Users\Default\AppData\Local] 10/02/2012 17:17 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 10/02/2012 17:17 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 10/02/2012 17:17 My Music [C:\Users\Default\Music] 10/02/2012 17:17 My Pictures [C:\Users\Default\Pictures] 10/02/2012 17:17 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\epcs 17/09/2012 11:23 Application Data [C:\Users\epcs\AppData\Roaming] 17/09/2012 11:23 Cookies [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Cookies] 17/09/2012 11:23 Local Settings [C:\Users\epcs\AppData\Local] 17/09/2012 11:23 Menu Start [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Start Menu] 17/09/2012 11:23 Mijn documenten [C:\Users\epcs\Documents] 17/09/2012 11:23 NetHood [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 17/09/2012 11:23 Netwerkprinteromgeving [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 17/09/2012 11:23 Recent [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Recent] 17/09/2012 11:23 SendTo [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\SendTo] 17/09/2012 11:23 Sjablonen [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\epcs\AppData\Local 17/09/2012 11:23 Application Data [C:\Users\epcs\AppData\Local] 17/09/2012 11:23 Geschiedenis [C:\Users\epcs\AppData\Local\Microsoft\Windows\History] 17/09/2012 11:23 Temporary Internet Files [C:\Users\epcs\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Start Menu 17/09/2012 11:23 Programma's [C:\Users\epcs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\epcs\Documents 17/09/2012 11:23 Mijn afbeeldingen [C:\Users\epcs\Pictures] 17/09/2012 11:23 Mijn muziek [C:\Users\epcs\Music] 17/09/2012 11:23 Mijn video's [C:\Users\epcs\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 10/02/2012 17:17 My Music [C:\Users\Public\Music] 10/02/2012 17:17 My Pictures [C:\Users\Public\Pictures] 10/02/2012 17:17 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 6 bestand(en) 0 bytes 51 map(pen) 25.657.085.952 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Classes\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Update service deleted successfully ==== Deleting Files \ Folders ====================== C:\Users\epcs\AppData\Local\Google\Desktop\Install\{b75d6057-e371-f2b8-9a34-86b664a6e258} not found C:\Program Files (x86)\Popcorn Time deleted C:\PROGRA~2\pandasecuritytb deleted C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted C:\PROGRA~3\Package Cache deleted C:\Users\epcs\AppData\Local\IAC deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter deleted C:\Users\epcs\AppData\LocalLow\pandasecuritytb deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\epcs\AppData\Local\Temp ==== 2016-08-03 11:10:28 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\epcs\AppData\Local\Temp\ehdrv.sys 2016-08-03 10:51:47 78E00B88F4967B4162213602C0E08B02 741440 ----a-w- C:\Users\epcs\AppData\Local\Temp\jre-8u101-windows-au.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-08-03 16:19:33 F78D2BF2C551BE9DF6A2F3210A2964C1 97856 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-08-03 10:33:09 34309132ABE90878D54B6597B559EDEC 61712 ----a-w- C:\Windows\Sysnative\drivers\PSKMAD.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-08-03 16:20:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2016-08-03 16:18:45 -------- d-----w- C:\PROGRA~2\Java ======= C: ===== ====== C:\Users\epcs\AppData\Roaming ====== 2016-08-03 11:10:11 -------- d-----w- C:\Users\epcs\AppData\Local\ESET ====== C:\Users\epcs ====== 2016-08-03 16:19:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-08-03 16:17:22 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\epcs\Downloads\chromeinstall-8u101 (1).exe 2016-08-03 16:05:20 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\epcs\Downloads\chromeinstall-8u101.exe 2016-08-03 11:09:47 FA9772E3C031ECCFBB216EBEC46133FF 6760064 ----a-w- C:\Users\epcs\Downloads\esetonlinescanner_enu.exe ====== C: exe-files == 2016-08-03 16:19:33 F8211DB97BF852C3292C3E9C710C19D9 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2016-08-03 16:19:33 E3E51A21B00CDDE757E4247257AA7891 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2016-08-03 16:19:33 48C96771106DBDD5D42BBA3772E4B414 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2016-08-03 16:19:21 F434A8AC7F1C8C0E2587B9A9F30E397B 52800 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssvagent.exe 2016-08-03 16:19:21 ED3F3D8E4C382BF8095B9DE217511E29 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\policytool.exe 2016-08-03 16:19:21 E9AA62B1696145A08D223E7190785E25 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\pack200.exe 2016-08-03 16:19:21 CA17B8CBD623477C5D1D334B79890225 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\klist.exe 2016-08-03 16:19:21 C15F0FE651B05F4288CBC3672F6DC3CE 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\unpack200.exe 2016-08-03 16:19:21 B4AD335E868693F009B7644E2ED555C1 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\ktab.exe 2016-08-03 16:19:21 9A4CF09834F086568DF469E3F670BF07 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\keytool.exe 2016-08-03 16:19:21 7DA6AA3CC4763C6F9C20B43E6C9A9547 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\orbd.exe 2016-08-03 16:19:21 7624A9B769CDCF3A75FE5A9FEAADD61F 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\tnameserv.exe 2016-08-03 16:19:21 5F85F7F2DFAC397D642834B61809240F 82496 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2launcher.exe 2016-08-03 16:19:21 4F11D43AA2215CE771DA528878F01C8E 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jjs.exe 2016-08-03 16:19:21 4DE6BFE6EA98BC42A5358ED8307107B2 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\kinit.exe 2016-08-03 16:19:21 43C1D1D0E248604CB3B643C0BDF4EC9A 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\servertool.exe 2016-08-03 16:19:21 31C0CED43A07A2DFF3AFC557EBABBE0F 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmiregistry.exe 2016-08-03 16:19:21 12B6E1C3205A8B17AC20E00A889DFC43 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\rmid.exe 2016-08-03 16:19:20 F8211DB97BF852C3292C3E9C710C19D9 269888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaws.exe 2016-08-03 16:19:20 E3E51A21B00CDDE757E4247257AA7891 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\java.exe 2016-08-03 16:19:20 CF2F023D2B5F0BFB2ECF8AEEA7C51481 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\java-rmi.exe 2016-08-03 16:19:20 C2A59C7343D370BC57765896490331E5 70208 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javacpl.exe 2016-08-03 16:19:20 530D5597E565654D378F3C87654CCABA 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\jabswitch.exe 2016-08-03 16:19:20 48C96771106DBDD5D42BBA3772E4B414 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\bin\javaw.exe 2016-08-03 16:17:22 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\epcs\Downloads\chromeinstall-8u101 (1).exe 2016-08-03 16:05:20 271BD1D1A794BAFCC4A197E14C071A4E 739904 ----a-w- C:\Users\epcs\Downloads\chromeinstall-8u101.exe 2016-08-03 11:09:47 FA9772E3C031ECCFBB216EBEC46133FF 6760064 ----a-w- C:\Users\epcs\Downloads\esetonlinescanner_enu.exe 2016-08-03 10:51:47 78E00B88F4967B4162213602C0E08B02 741440 ----a-w- C:\Users\epcs\AppData\Local\Temp\jre-8u101-windows-au.exe 2016-07-31 18:06:18 946E8C3705E54367A10DB76B0E3B19BA 1554424 ----a-w- C:\Users\epcs\AppData\Local\Google\Chrome\User Data\SwReporter\8.62.4\software_reporter_tool.exe 2016-07-30 12:00:16 C75B240057A7169179DB2EC9E059D4C5 96920 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateBroker.exe 2016-07-30 12:00:16 A2AFEE318C51D8A2BF85A4E46E715565 96920 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe 2016-07-30 12:00:16 8ECEE61C9EFE194B6ACA6030DFE3990E 96920 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe 2016-07-30 12:00:15 812D664B0084DF946C8E9BC01B3FC19E 1065376 ----a-w- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateSetup.exe 2016-07-30 12:00:10 BF76E03E95FD83C31B32639472A8EDCC 174232 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe 2016-07-30 12:00:09 788321A2C0C45F16820E00A8BA8FD3DA 366232 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler64.exe 2016-07-30 12:00:09 58332C83C4A329A744B0B98F934934BB 288920 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleCrashHandler.exe 2016-07-30 12:00:08 A8FD9222E4D72596BB37DA8BE95C0BA4 153752 ----atw- C:\Users\epcs\AppData\Local\Google\Update\1.3.31.5\GoogleUpdate.exe 2016-07-30 12:00:02 812D664B0084DF946C8E9BC01B3FC19E 1065376 ----a-w- C:\Users\epcs\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.5\GoogleUpdateSetup.exe 2016-07-30 11:59:33 8ECEE61C9EFE194B6ACA6030DFE3990E 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe 2016-07-30 11:59:32 C75B240057A7169179DB2EC9E059D4C5 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateBroker.exe 2016-07-30 11:59:32 A2AFEE318C51D8A2BF85A4E46E715565 96920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe 2016-07-30 11:59:32 812D664B0084DF946C8E9BC01B3FC19E 1065376 ----a-w- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateSetup.exe 2016-07-30 11:59:26 BF76E03E95FD83C31B32639472A8EDCC 174232 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe 2016-07-30 11:59:26 788321A2C0C45F16820E00A8BA8FD3DA 366232 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe 2016-07-30 11:59:25 A8FD9222E4D72596BB37DA8BE95C0BA4 153752 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleUpdate.exe 2016-07-30 11:59:25 58332C83C4A329A744B0B98F934934BB 288920 ----atw- C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe 2016-07-30 11:59:16 812D664B0084DF946C8E9BC01B3FC19E 1065376 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.5\GoogleUpdateSetup.exe === C: other files == 2016-08-03 16:19:21 91052ADB799AEF68EA76931997C40CE4 14156 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_101\lib\deploy\ffjcext.zip 2016-08-03 11:10:28 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\epcs\AppData\Local\Temp\ehdrv.sys 2016-08-03 10:33:09 34309132ABE90878D54B6597B559EDEC 61712 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe /c" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" "Google Update"="C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Raptr"="C:\Program Files (x86)\Raptr\raptrstub.exe --startup" "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe /LaunchSysTray" "Panda Security URL Filtering"="C:\Program Files\Panda Security URL Filtering\Panda_URL_Filtering.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe /c" "AppEx Accelerator UI"="C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h" "Google Update"="C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe /c" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvastUI.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AvastUI.exe" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVAST Software\\Avast\\AvastUI.exe\" /nogui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_1213b] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AVG-Secure-Search-Update_1213b" "hkey"="HKCU" "command"="C:\\Users\\epcs\\AppData\\Roaming\\AVG 1213b Campaign\\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=789b19cf50f847d1b4ece929319aea2a-cfead8027bb4190ba7976e716dfc425f566fdf4d /CMPID=1213b" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON1B762C (Epson Stylus SX420W)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPSON1B762C (Epson Stylus SX420W)" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIGCE.EXE /FU \"C:\\Windows\\TEMP\\E_SA999.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\epcs\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPUsageTrackingLEDM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPUsageTrackingLEDM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\HP\\HP UT LEDM\\bin\\hppusg.exe\" \"C:\\Program Files (x86)\\HP\\HP UT LEDM\\\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Malwarebytes Anti-Malware" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileBroadband] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileBroadband" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Vodafone\\Vodafone Mobile Broadband\\Bin\\MobileBroadband.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Packard Bell\\Packard Bell Power Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ROC_ROC_JULY_P1] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ROC_ROC_JULY_P1" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\AVG Secure Search\\ROC_ROC_JULY_P1.exe\" / /PROMPT /CMPID=ROC_JULY_P1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vProt" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor9.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ALG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppIDSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AxInstSV] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BDESVC] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2015 19:57] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000Core.job --a------ C:\Users\epcs\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/04/2014 20:13] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000UA.job --a------ C:\Users\epcs\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/04/2014 20:13] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 12:28] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 12:28] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000Core.job --a------ C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe [09/02/2015 20:11] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000UA.job --a------ C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe [09/02/2015 20:11] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000Core" [C:\Users\epcs\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000UA" [C:\Users\epcs\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000Core" [C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1619119679-1942087667-3837415146-1000UA" [C:\Users\epcs\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - 05684b220ad4492b806a404cd19560628e12519ec1874e1eafaa1425422f94a3" [C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - 7dd2d4d506fd49469792eb1291bb473e2d5ff72964af477fa15ac942edf19dbf" [C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - ce64465d3b5645919c30567229aee4bfc3414c485a68402387b11fd94c23186f" [C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 15:27] ==== Chromium Look ====================== Your music is being deleted. Please allow a few hours for all your music to be removed. - epcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi Google Play Music - epcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg Chrome Web Store Payments - epcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - epcs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\epcs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="https://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{631BE007-08E0-497D-B89A-BDB9BE68B0D4} - https://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\SearchScopes\{E81D5DF5-D32F-450D-9128-4D0893D1B357} - http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_USERS\S-1-5-21-1619119679-1942087667-3837415146-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} deleted successfully