Zoek.exe v5.0.0.0 Updated 18-01-2015 Tool run by Ivan on vr 23-01-2015 at 15:56:30,91. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: E:\Downloads\altbinz\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-23-145430.log 43500 bytes ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "*LABAL*"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PricePeepUpdater.lnk] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "DelaypluginInstall"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Wondershare not found C:\Program Files (x86)\IObit\LiveUpdate not found C:\ProgramData\Freemake not found C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\qb4o1pw7.default-1392829858299\extensions\npapi@n.com not found C:\Program Files (x86)\PricePeep not found C:\PROGRA~3\ProductData deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ivan\AppData\Local\Temp ==== 2015-01-23 14:45:51 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\Ivan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcnyycz.dll 2015-01-23 14:09:39 924E769D54CF9520F13014F785A8A5EC 99176 ----a-w- C:\Users\Ivan\AppData\Local\Temp\gert0.exe ====== Java Cache ===== 2015-01-22 12:31:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Ivan\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-4b1f87f0 ====== C:\Windows\SysWOW64 ===== 2015-01-23 14:37:15 13D186FA6F19823C598335443CE233BC 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-20 12:54:53 81674239BC81FB7DBEE85B8A35F5C863 214528 ----a-w- C:\Windows\SysWOW64\WSCM32.dll 2015-01-20 12:54:53 5F5FFD142DE69616EE8610811182D075 721263 ----a-w- C:\Windows\SysWOW64\WSCM64.dll 2015-01-14 09:09:40 FE48346938C1CDDDF4E4097DB9B99764 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 09:09:40 92940397DFFB4D237EA5BB22FF912BDC 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll 2015-01-14 09:09:37 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 09:09:37 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 09:09:36 9606307F5E1EABA98ACB61206EFC2127 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-01-21 10:19:35 7C3B449F661D99A9B1033A14033D2987 849360 ----a-w- C:\Windows\Sysnative\msvcr110.dll 2015-01-20 10:14:58 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe 2015-01-14 09:09:40 8B301D474B478E9A92823BAB50A7BC49 303616 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2015-01-14 09:09:39 B6A58491307B4CADA572583D863DC602 210432 ----a-w- C:\Windows\Sysnative\profsvc.dll 2015-01-14 09:09:39 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2015-01-14 09:09:38 0A70B8D78AF95894E221DDAC6482DF6D 5553592 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-01-14 09:09:37 F4846789B3795F14DCB7D92ED1DAF74F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-01-14 09:09:37 DE595EACC79006E7B15B848BF0831E78 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-01-14 09:09:36 BA6D609BAB615991E8791CA1DFFD034C 50176 ----a-w- C:\Windows\Sysnative\srclient.dll ====== C:\Windows\Sysnative\drivers ===== 2015-01-20 10:19:57 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-01-20 10:19:57 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-01-20 10:19:57 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-01-14 09:09:39 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2014-12-29 18:16:30 6C1506E58A2A0F1FC6756D322C576C5F 387776 ----a-w- C:\Windows\Sysnative\drivers\cbfs4.sys ====== C:\Windows\Tasks ====== 2014-12-27 17:04:13 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-23 10:00:40 -------- d-----w- C:\Program Files\trend micro 2015-01-20 10:07:31 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== 2015-01-23 14:37:16 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-01-20 10:22:21 -------- d-----w- C:\PROGRA~2\ESET 2015-01-13 14:10:50 -------- d-----w- C:\PROGRA~2\GPLGS 2015-01-13 09:56:18 -------- d-----w- C:\PROGRA~2\COMMON~1\IObit 2014-12-29 18:16:26 -------- d-----w- C:\PROGRA~2\KPN ======= C: ===== 2015-01-22 10:51:21 88C0515C389BCE0B8C96F968A6BC206C 506 ----a-w- C:\DelFix.txt ====== C:\Users\Ivan\AppData\Roaming ====== 2015-01-22 10:15:54 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\Juli\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\Ivan\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\DefaultAppPool\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-22 10:15:54 -------- d-----w- C:\Users\Administrator\AppData\Local\Temp 2015-01-21 10:26:47 -------- d-----w- C:\Users\Ivan\AppData\Roaming\VoipConnect 2015-01-21 10:09:38 -------- d-----w- C:\Users\Administrator\AppData\Local\Zoner 2015-01-21 10:07:42 -------- d-----w- C:\Users\Administrator\AppData\Local\Skype 2015-01-21 10:07:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\VDownloader 2015-01-21 10:07:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\TerraTec 2015-01-21 10:07:29 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2015-01-13 14:11:26 -------- d-----w- C:\Users\Ivan\AppData\Local\Comodo 2015-01-05 22:30:02 -------- d-----w- C:\Users\Ivan\AppData\Local\GVOX 2014-12-29 18:16:34 -------- d-----w- C:\Users\Ivan\AppData\Roaming\_@@ 2014-12-29 18:16:30 -------- d-----w- C:\Users\Ivan\AppData\Roaming\VDRIVE_KPN 2014-12-29 18:16:30 -------- d-----w- C:\Users\Ivan\AppData\Roaming\B26AA735 2014-12-27 19:34:35 -------- d-----w- C:\Users\Ivan\AppData\Roaming\BBCiPlayerDownloads 2014-12-27 19:33:46 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer 2014-12-27 19:33:44 -------- d-----w- C:\Users\Ivan\AppData\Local\BBC ====== C:\Users\Ivan ====== 2015-01-23 14:37:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-23 14:05:59 -------- d-----w- C:\ProgramData\Oracle 2015-01-21 10:26:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoipConnect 2015-01-20 10:07:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-01-13 14:11:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2015-01-13 09:55:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2015-01-07 13:24:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2014-12-29 18:16:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN 2014-12-29 18:16:27 -------- d-----w- C:\ProgramData\@43AD_S ====== C: exe-files == 2015-01-23 14:41:19 F1A2E9146124E17D752AAACAE7D8F6EC 7265872 ----a-w- C:\Program Files (x86)\Google\Update\Install\{6902656A-CDF2-424B-BAC0-321A43BA51A9}\40.0.2214.91_39.0.2171.99_chrome_updater.exe 2015-01-23 14:41:19 F1A2E9146124E17D752AAACAE7D8F6EC 7265872 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.91\40.0.2214.91_39.0.2171.99_chrome_updater.exe 2015-01-23 14:37:07 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-01-23 14:37:07 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-01-23 14:37:07 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-01-23 14:37:03 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\orbd.exe 2015-01-23 14:37:03 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files (x86)\$tools\Java\bin\ssvagent.exe 2015-01-23 14:37:03 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\servertool.exe 2015-01-23 14:37:03 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\ktab.exe 2015-01-23 14:37:03 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\rmiregistry.exe 2015-01-23 14:37:03 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files (x86)\$tools\Java\bin\unpack200.exe 2015-01-23 14:37:03 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\policytool.exe 2015-01-23 14:37:03 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\tnameserv.exe 2015-01-23 14:37:03 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\pack200.exe 2015-01-23 14:37:03 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\klist.exe 2015-01-23 14:37:03 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\rmid.exe 2015-01-23 14:37:02 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files (x86)\$tools\Java\bin\javacpl.exe 2015-01-23 14:37:02 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\java-rmi.exe 2015-01-23 14:37:02 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\kinit.exe 2015-01-23 14:37:02 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files (x86)\$tools\Java\bin\java.exe 2015-01-23 14:37:02 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files (x86)\$tools\Java\bin\jp2launcher.exe 2015-01-23 14:37:02 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\jjs.exe 2015-01-23 14:37:02 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files (x86)\$tools\Java\bin\keytool.exe 2015-01-23 14:37:02 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files (x86)\$tools\Java\bin\javaws.exe 2015-01-23 14:37:02 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files (x86)\$tools\Java\bin\javaw.exe 2015-01-23 14:37:02 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files (x86)\$tools\Java\bin\jabswitch.exe 2015-01-23 14:09:39 924E769D54CF9520F13014F785A8A5EC 99176 ----a-w- C:\Users\Ivan\AppData\Local\Temp\gert0.exe 2015-01-23 10:00:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ivan.exe 2015-01-21 10:26:43 7732E1B28CF21058CE88F898516F4615 1217303 ----a-w- C:\Program Files (x86)\$internet\$VOIP\VoipConnect\unins000.exe 2015-01-21 10:26:43 4EE92BA4AEFE618D694F13605B7DA5C5 23048288 ----a-w- C:\Program Files (x86)\$internet\$VOIP\VoipConnect\VoipConnect.exe 2015-01-20 12:54:54 FC8C8B27DBCD71CD84AFBA563F540083 471552 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\URLReqService.exe 2015-01-20 12:54:54 CE8E48C5E632910B32987EF76E0BDCD5 71168 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\CT_LossLessCopy.exe 2015-01-20 12:54:54 B356393F854A12CD9ABA9A679DF0794B 85504 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\taskkill.exe 2015-01-20 12:54:54 5C5FD9766E78CADBB6EC67961766C406 2216848 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\WsTaskLoad.exe 2015-01-20 12:54:51 C787F7FF38184D125BDD358FD57A1FCF 101376 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\CrashService.exe 2015-01-20 12:54:51 63ACEE85DDBDC4137D942066FF0B12F2 221696 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\CommandQTPlayer.exe 2015-01-20 12:54:51 08B5B10FF35E44B0A6495DA56F626327 464384 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\MetadataConvert.exe 2015-01-20 12:54:50 41A6084C3BAF8515E10292DC73176CBD 530944 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\AddToiTunes.exe 2015-01-20 12:54:50 2FAC0EFE86E5DAA443A071FDFAB218D9 338944 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\PlaySvr.exe 2015-01-20 12:54:49 3E36E0C811E6F670D0A4BD77C3BC12FF 240128 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\CmdConverter.exe 2015-01-20 12:54:47 032C8EEAFF6CF5CB8BD6CC0D7FDB3BFC 41472 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\cmdCheckATI.exe 2015-01-20 12:54:43 9E1CB2E27CDEA74D0DE2425B9597BFDB 1958288 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\CheckGraphicsType.exe 2015-01-20 12:54:43 8C40FD08E1B1950060A2AA73546434A5 2411408 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\WSVCUSplash.exe 2015-01-20 12:54:43 7E18AF90340E87B1116DFFB288FA738E 1547152 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\Setup.exe 2015-01-20 12:54:43 472C2C447FE76ECB8430FC5FBD194745 1956352 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\BrowserPlugInHelper.exe 2015-01-20 12:54:43 017F9781ECA3BF46EF44572CE3D8DE59 2737552 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\OnlineDemand.exe 2015-01-20 12:54:42 845EC522D31C8EC811B3A75BA9C540D0 3669904 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\ScreenCapture.exe 2015-01-20 12:54:41 1CAF0F9D698EEC83D874F067AAACBAA6 2209104 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\Wondershare Helper Compact.exe 2015-01-20 10:22:24 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2015-01-20 10:22:24 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2015-01-20 10:22:24 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2015-01-20 10:22:24 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2015-01-20 10:22:23 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2015-01-20 10:14:58 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2015-01-20 10:07:32 760B03AE5E3244E22FFC3C1AE1F5264A 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe 2015-01-20 10:07:31 7B3BE448BCACBF31FA486FAA67BF28C4 10820032 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe === C: other files == 2015-01-23 14:45:45 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Ivan\AppData\Local\Temp\_MEI37042\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-01-23 14:45:45 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Ivan\AppData\Local\Temp\_MEI37042\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2015-01-23 14:37:03 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files (x86)\$tools\Java\lib\deploy\ffjcext.zip 2015-01-22 10:18:18 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Ivan\AppData\Local\Temp\_MEI42602\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-01-22 10:18:17 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Ivan\AppData\Local\Temp\_MEI42602\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2015-01-20 12:54:53 E157130BCB04A128AF43AD1E1E343395 1014395 ----a-w- C:\Program Files (x86)\$Multimedia\Video Converter Ultimate\python27.zip 2015-01-20 10:19:57 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-01-20 10:19:57 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-01-20 10:19:57 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Copy"="C:\Users\Ivan\AppData\Roaming\Copy\CopyAgent.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3258346545-2544975186-4239377297-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Directory Opus Desktop Dblclk"="C:\Program Files (x86)\$tools\Directory Opus\dopusrt.exe /dblclk" "Google Update"="C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Zoner Photo Studio Service 16"="C:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSService.exe" "KiesPDLR.exe"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Zoner Photo Studio Autoupdate"="C:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSTRAY.EXE" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "IceDriveClient"="C:\Program Files (x86)\KPN\Opslag Online\VirtualDrive.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "VoipConnect"="C:\Program Files (x86)\$internet\$VOIP\VoipConnect\VoipConnect.exe -nosplash -minimized" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Copy"="C:\Users\Ivan\AppData\Roaming\Copy\CopyAgent.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "KeePass 2 PreLoad"="C:\Program Files (x86)\$various\KeePass Password Safe\KeePass.exe --preload" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Directory Opus Desktop Dblclk"="C:\Program Files (x86)\$tools\Directory Opus\dopusrt.exe /dblclk" "Google Update"="C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "Zoner Photo Studio Service 16"="C:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSService.exe" "KiesPDLR.exe"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Zoner Photo Studio Autoupdate"="C:\Program Files (x86)\$Multimedia\Photo Studio 16\Program32\ZPSTRAY.EXE" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "IceDriveClient"="C:\Program Files (x86)\KPN\Opslag Online\VirtualDrive.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "VoipConnect"="C:\Program Files (x86)\$internet\$VOIP\VoipConnect\VoipConnect.exe -nosplash -minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2std"="C:\Windows\vsnp2std.exe" "Acronis Scheduler2Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "VDownloader"="C:\Program Files (x86)\$internet\VDownloader\VDownloader.exe /silent" "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "SamsungRapidApp"="C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2 Service" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acronis Scheduler2Service" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Remote Control Editor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Remote Control Editor" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\TerraTec\\Remote\\TTTvRc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snp2std] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="snp2std" "hkey"="HKLM" "command"="C:\\Windows\\vsnp2std.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Standby] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Standby" "hkey"="HKLM" "command"="\"c:\\Program Files (x86)\\Common Files\\Corel\\Standby\\Standby.exe\" -START" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayServer] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrayServer" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\$Multimedia\\MAGIX\\Movies_on_DVD_TV_Edition\\TrayServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsnp2std] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tsnp2std" "hkey"="HKLM" "command"="C:\\Windows\\tsnp2std.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\30937D~1.207\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.2 HD Edition.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PHOTOfunSTUDIO 5.2 HD Edition.lnk" "backup"="C:\\Windows\\pss\\PHOTOfunSTUDIO 5.2 HD Edition.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\COMMON~1\\PANASO~1\\PHOTOF~1\\AUTOST~1.EXE -e \"C:\\Program Files (x86)\\$Multimedia\\Panasonic\\PHOTOfunSTUDIO 5.2 HD\\PHOTOfunSTUDIO.exe\"" "item"="PHOTOfunSTUDIO 5.2 HD Edition" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] "backup"="C:\\Windows\\pss\\LimeWire On Startup.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\$INTER~1\\LimeWire\\LimeWire.exe -startup" "item"="LimeWire On Startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YninViewer.lnk] "backup"="C:\\Windows\\pss\\YninViewer.lnk.Startup" "backupExtension"=".Startup" "item"="YninViewer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\afcdpsrv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DUMeterSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FileZilla Server] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RelevantKnowledge] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SandraAgentSrv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Xlight FTP Server] ==== Startup Folders ====================== 2013-11-28 19:50:52 1171 ----a-w- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk 2013-06-04 08:38:47 1108 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-09-14 13:47:41 1141 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2014-02-03 21:07:19 1104 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk 2010-05-05 17:31:51 2251 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk 2013-12-07 18:08:31 180 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA Experience.url 2013-12-03 21:35:46 180 ----a-w- C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nvidia Expirience.url 2010-05-17 22:10:54 1167 ----a-w- C:\Users\Juli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Voipbuster.lnk 2011-11-09 11:30:49 2109 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA.job --a------ C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [11-07-2012 23:54] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 10:29] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 10:29] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core.job --a------ C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2014 10:33] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA.job --a------ C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [22-10-2014 10:33] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Ivan)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core" [C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA" [C:\Users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000Core" [C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3258346545-2544975186-4239377297-1000UA" [C:\Users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MotoHelper Initial Update" ["C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe"] "C:\Windows\SysNative\tasks\MotoHelper MUM" ["C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe"] "C:\Windows\SysNative\tasks\MotoHelper Routing" ["C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe"] "C:\Windows\SysNative\tasks\MotoHelper Update" ["C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe"] "C:\Windows\SysNative\tasks\SamsungMagician" ["C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Ivan" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{36F55315-E5E7-4B7B-B9D3-45DD63B9BC5E}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8E5CE5A4-305C-4FF7-B28B-A7F7EAE9940B}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{14613E83-E147-47DB-8C7A-1585A6628057}" [msiexec.exe] "C:\Windows\SysNative\tasks\{2320BB52-5D43-4658-BC1D-B8CDB89F9350}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{B77B32C3-B854-4C49-8E63-6764F7E86316}" ["c:\users\ivan\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\qb4o1pw7.default-1392829858299 user_pref("browser.startup.homepage", "https://www.facebook.com/"); ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3ez57wbs.default user_pref("browser.startup.homepage", "https://www.facebook.com/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "support@vdownloader.com"="C:\Program Files (x86)\$internet\VDownloader\Addons\FireFox" [08-04-2014 10:26] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\hrole8o1.default - Undetermined - C:\Program Files (x86)\$internet\Mozilla\Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} - Undetermined - C:\Program Files (x86)\$internet\Mozilla\Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - Undetermined - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com - Default Manager - %ProfilePath%\extensions\DefaultManager@Microsoft ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\qb4o1pw7.default-1392829858299 - Undetermined - hu@dictionaries.addons.mozilla.org - Undetermined - he@dictionaries.addons.mozilla.org - Undetermined - npapi@n.com - HSpell - %ProfilePath%\extensions\he@dictionaries.addons.mozilla.org - Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org - Hebrew IL Language Pack - %ProfilePath%\extensions\langpack-he@firefox.mozilla.org.xpi ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\SeaMonkey\Profiles\3ez57wbs.default - Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org - ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - DOM-granskaren DOM Inspector - %ProfilePath%\extensions\inspector@mozilla.org.xpi - Undetermined - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}.xpi - JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Thunderbird\Profiles\fxbvxset.default - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\en-GB@dictionaries.addons.mozilla.org - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\countrylookup@fvds.frih.net - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8} - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\hu@dictionaries.addons.mozilla.org - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7} - Undetermined - C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\fxbvxset.default\extensions\nl-NL@dictionaries.addons.mozilla.org - Country Lookup - %ProfilePath%\extensions\countrylookup@fvds.frih.net - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - Hungarian dictionary - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - send_format_ldap - %ProfilePath%\extensions\send_format_ldap@milimail.org - Contacts Sidebar - %ProfilePath%\extensions\{4dce973c-25a5-4657-8e37-6c2a85c24a7e} - Mailbox Alert - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7} - Copy Link Name for Thunderbird - %ProfilePath%\extensions\{C632CA78-E184-44BE-9F15-E8183EDDCC0F} - View Headers Toggle Button - %ProfilePath%\extensions\{CC181FFE-82BD-4c02-907F-4B79C4C404F2} - Display Mail User Agent - %ProfilePath%\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548F8} - header scroll extension - %ProfilePath%\extensions\{F8147CF4-B9E3-445B-AA87-081ED66548FA} ProfilePath: C:\Users\Ivan\AppData\Roaming\Thunderbird\Profiles\9dxpynrg.default - Country Lookup - %ProfilePath%\extensions\countrylookup@fvds.frih.net - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - Magyar helyesrs-ellenrz sztr - %ProfilePath%\extensions\hu@dictionaries.addons.mozilla.org - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - Folder Pane View Switcher - %ProfilePath%\extensions\FolderPaneSwitcher@kamens.us.xpi - Skicka Senare - %ProfilePath%\extensions\sendlater3@kamens.us.xpi - Send Format LDAP - %ProfilePath%\extensions\send_format_ldap@milimail.org.xpi - Undetermined - %ProfilePath%\extensions\{9c21158b-2c76-4d0a-980a-c51fc9cefaa7}.xpi - Google Contacts - %ProfilePath%\extensions\{BDD92442-0534-4D6F-A966-BAB7D561D781}.xpi ProfilePath: C:\Users\Ivan\AppData\Roaming\TomTom\HOME\Profiles\8q0mqwvh.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com ProfilePath: C:\Users\Juli\AppData\Roaming\Thunderbird\Profiles\la8yr81t.default - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\qb4o1pw7.default-1392829858299 8560995C727974F27F2A1CE68909FEB9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash D2377C9458EFEB094E38B8C874AA214C - C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Ivan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 6622169512C931AC6DD18CBAC037B6FB - C:\Users\Ivan\AppData\Roaming\TorrentStream\player\npts_plugin.dll - Torrent Stream P2P Multimedia Plug-in 2 F7DD45B40F54FF7E8BDB76F63D1F7102 - C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.91 (Possible outdated, latest Stable version: 39.0.2171.99) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ochbjojkpcmlfeagbaahkofepalngihg - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Ivan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[03-07-2013 23:30] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] ochbjojkpcmlfeagbaahkofepalngihg - C:\Users\Ivan\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx[29-04-2014 22:29] Comodo Drag&Drop Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo Comodo Web Inspector - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn Comodo Media Downloader - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo Comodo Share Page Service - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf Google Wallet - Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Slides - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Text Mode - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adelhekhakakocomdfejiipdnaadiiib Bejeweled - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm Google Docs - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf TV - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh YouTube - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Symbaloo Bookmarker 0.4.2 - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjfgbikbkcmickdalamlmpmkhmbollm Google Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Weerplaza - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa Easy WebContent Free HTML Editor - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn Hola Better Internet Engine - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng Google Sheets - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Lite Weather - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjimegeljmjilcjajmggmmcelbgdeim AdBlock - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom IPCAM - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilncknfmongoaoglobgbggaabhgjjed Hola Better Internet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio TinEye Reverse Image Search - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl TweetDeck by Twitter - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl IE Tab - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd NOS Video - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggmbjghgeahcopdibklblgfkfendefg Televisie - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioiokildeekemklablpefodkilpfkmgp SingleFile Core - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jemlklgaibiijojffihnhieihhagocma TweetDeck Launcher - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk Google Drive App Launcher - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh SingleFile - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle Google Wallet - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Docs PDFPowerPoint Viewer by Google - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn Auto Refresh Plus - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih Gmail - Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Wondershare Video Converter Ultimate - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp Google Search - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Juli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Juli\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.nl/ig", "urls_to_restore_on_startup": [ "http://www.google.nl/ig#t_0", "http://www.weerplaza.nl/nederland/1333+(Molenbuurt,+Landgoederenbuurt)/227", "http://www.facebook.com/", "" ] ==== Chromium Fix ====================== C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage deleted successfully C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Juli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Juli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IPJS224 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\hrole8o1.default\Cache emptied successfully C:\Users\Ivan\AppData\Local\Mozilla\Firefox\Profiles\qb4o1pw7.default-1392829858299\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ivan\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Juli\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=232 folders=56 40823442 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully C:\Users\Ivan\AppData\Local\Temp will be emptied at reboot C:\Users\Juli\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ivan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ivan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IPJS224" not found ==== EOF on vr 23-01-2015 at 17:50:39,17 ======================