Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Pangea on do 27-08-2015 at 12:14:10,72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pangea\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 27-8-2015 12:15:42 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Mozilla Firefox.bak deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\AVAST Software deleted successfully C:\Users\Pangea\AppData\Roaming\TP deleted successfully C:\Users\Pangea\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Pangea\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ABBYY FineReader 9.0 Sprint ABN AMRO e.dentifier2 software Acer Backup Manager Acer ePower Management Acer eRecovery Management Acer Updater Acer VCM Adobe Acrobat Reader DC - Nederlands Adobe Refresh Manager Adobe Shockwave Player 12.0 AKO Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Audacity 2.0.5 Backup Manager V3 Bonjour Brother MFL-Pro Suite DCP-350C CCleaner Conexant HD Audio Corel WinDVD dBpoweramp Music Converter Epson Connect Printer Setup Epson Event Manager Epson Gebruikershandleiding XP-800 Series Epson Netwerkhandleiding XP-800 Series EPSON Scan EpsonNet Print Freecom Hard Drive Formatter 1.40 Google Chrome Google Drive Google Update Helper Handleiding Epson Connect iCloud Identity Card InFlac 1.1.1 Install Absolute Data Protect Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology iTunes Launch Manager LibreOffice 4.3.7.2 Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4.5.1 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 40.0.2 (x86 nl) Mozilla Maintenance Service Mozilla Thunderbird 31.7.0 (x86 nl) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Norton AntiVirus Polar FlowSync versie 2.3.8 ProMash ProShield Ralink RT2870 Wireless LAN Card Realtek PCIE Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3023224) Security Update for Microsoft .NET Framework 4.5.1 (KB3035490) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) SoulseekQt SUPERAntiSpyware swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Visual Studio C++ 10.0 Runtime VLC media player 2.0.5 Welcome Center Winamp Winamp Applicatie Detect Windows Media Player Firefox Plugin WinRAR archiver ==== Running Processes ====================== C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\NAV.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\NAV.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Pangea\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default ---- Lines CT2865317 removed from prefs.js ---- user_pref("CT2865317..clientLogIsEnabled", true); user_pref("CT2865317..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2865317..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2865317.1000234.TWC_TMP_city", "AMSTERDAM"); user_pref("CT2865317.1000234.TWC_TMP_country", "NL"); user_pref("CT2865317.1000234.TWC_locId", "NLXX0002"); user_pref("CT2865317.1000234.TWC_location", "Amsterdam, Netherlands"); user_pref("CT2865317.1000234.TWC_region", "OT"); user_pref("CT2865317.1000234.TWC_temp_dis", "c"); user_pref("CT2865317.1000234.TWC_wind_dis", "kmh"); user_pref("CT2865317.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"19°C\",\"temperatureClear\":\"19°C\",\"highTemperature\":\"19°C\ user_pref("CT2865317.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2865317.AppTrackingLastCheckTime", "Wed Nov 23 2011 13:19:33 GMT+0100"); user_pref("CT2865317.CTID", "CT2865317"); user_pref("CT2865317.CurrentServerDate", "23-11-2011"); user_pref("CT2865317.DSInstall", true); user_pref("CT2865317.DialogsAlignMode", "LTR"); user_pref("CT2865317.DialogsGetterLastCheckTime", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.DownloadReferralCookieData", ""); user_pref("CT2865317.EMailNotifierPollDate", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.FeedLastCount5397019970362056034", 261); user_pref("CT2865317.FeedPollDate2429156812186649977", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813040823546", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813130095866", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813224203613", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813230837251", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813454291735", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813729834876", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156813860870021", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156814264681793", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156814863075366", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedPollDate2429156815257761081", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.FeedTTL2429156813040823546", 15); user_pref("CT2865317.FeedTTL2429156813130095866", 10); user_pref("CT2865317.FeedTTL2429156813454291735", 5); user_pref("CT2865317.FeedTTL2429156814264681793", 5); user_pref("CT2865317.FirstServerDate", "3-11-2011"); user_pref("CT2865317.FirstTime", true); user_pref("CT2865317.FirstTimeFF3", true); user_pref("CT2865317.FixPageNotFoundErrors", false); user_pref("CT2865317.GroupingServerCheckInterval", 1440); user_pref("CT2865317.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2865317.HPInstall", false); user_pref("CT2865317.HasUserGlobalKeys", true); user_pref("CT2865317.HomePageProtectorEnabled", false); user_pref("CT2865317.HomepageBeforeUnload", "http://www.google.com/ig"); user_pref("CT2865317.Initialize", true); user_pref("CT2865317.InitializeCommonPrefs", true); user_pref("CT2865317.InstallationAndCookieDataSentCount", 3); user_pref("CT2865317.InstallationType", "UnknownIntegration"); user_pref("CT2865317.InstalledDate", "Thu Nov 03 2011 08:17:21 GMT+0100"); user_pref("CT2865317.IsAlertDBUpdated", true); user_pref("CT2865317.IsGrouping", false); user_pref("CT2865317.IsInitSetupIni", true); user_pref("CT2865317.IsMulticommunity", false); user_pref("CT2865317.IsOpenThankYouPage", true); user_pref("CT2865317.IsOpenUninstallPage", false); user_pref("CT2865317.LanguagePackLastCheckTime", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440); user_pref("CT2865317.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2865317.LastLogin_3.7.0.6", "Wed Nov 23 2011 13:19:45 GMT+0100"); user_pref("CT2865317.LatestVersion", "3.8.0.8"); user_pref("CT2865317.Locale", "nl"); user_pref("CT2865317.MCDetectTooltipHeight", "83"); user_pref("CT2865317.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2865317.MCDetectTooltipWidth", "295"); user_pref("CT2865317.MyStuffEnabledAtInstallation", true); user_pref("CT2865317.OriginalFirstVersion", "3.7.0.6"); user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search"); user_pref("CT2865317.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); user_pref("CT2865317.SearchFromAddressBarIsInit", true); user_pref("CT2865317.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q="); user_pref("CT2865317.SearchInNewTabEnabled", true); user_pref("CT2865317.SearchInNewTabIntervalMM", 1440); user_pref("CT2865317.SearchInNewTabLastCheckTime", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2865317.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"); user_pref("CT2865317.SearchProtectorEnabled", false); user_pref("CT2865317.SearchProtectorToolbarDisabled", false); user_pref("CT2865317.SendProtectorDataViaLogin", true); user_pref("CT2865317.ServiceMapLastCheckTime", "Wed Nov 23 2011 13:19:22 GMT+0100"); user_pref("CT2865317.SettingsLastCheckTime", "Wed Nov 23 2011 13:19:21 GMT+0100"); user_pref("CT2865317.SettingsLastUpdate", "1321973127"); user_pref("CT2865317.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2865317&SearchSource=13"); user_pref("CT2865317.ThirdPartyComponentsInterval", 504); user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Thu Nov 03 2011 08:17:17 GMT+0100"); user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1256026239"); user_pref("CT2865317.ToolbarShrinkedFromSetup", false); user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityTool user_pref("CT2865317.Uninstall", true); user_pref("CT2865317.UserID", "UN03170594436846985"); user_pref("CT2865317.WeatherNetwork", ""); user_pref("CT2865317.WeatherPollDate", "Wed Nov 23 2011 13:19:24 GMT+0100"); user_pref("CT2865317.WeatherUnit", "C"); user_pref("CT2865317.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2865317.alertChannelId", "1257316"); user_pref("CT2865317.autoDisableScopes", -1); user_pref("CT2865317.backendstorage.cbfirsttime", "546875204E6F7620303320323031312030383A31373A323620474D542B30313030"); user_pref("CT2865317.backendstorage.pairingkey", "41384333334431343932373430333341343637444437313343413737374644374630304632393944"); user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F"); user_pref("CT2865317.cbcountry_001", "NL"); user_pref("CT2865317.cbfirsttime", "Tue Jul 31 2012 19:53:55 GMT+0200"); user_pref("CT2865317.defaultSearch", "FALSE"); user_pref("CT2865317.embeddedsData", "[{\"appId\":\"129363015615338104\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"get user_pref("CT2865317.enableSearchFromAddressBar", "FALSE"); user_pref("CT2865317.firstTimeDialogOpened", true); user_pref("CT2865317.fixPageNotFoundError", "true"); user_pref("CT2865317.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2865317.fixUrls", true); user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit. user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Wed Nov 23 2011 13:19:25 GMT+0100"); user_pref("CT2865317.homepageProtectorEnableByLogin", true); user_pref("CT2865317.initDone", true); user_pref("CT2865317.installId", "fft1A3.tmp.exe"); user_pref("CT2865317.installType", "XPE"); user_pref("CT2865317.isAppTrackingManagerOn", true); user_pref("CT2865317.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2865317.isNewTabEnabled", false); user_pref("CT2865317.isPerformedSmartBarTransition", "true"); user_pref("CT2865317.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2865317.myStuffEnabled", true); user_pref("CT2865317.myStuffPublihserMinWidth", 400); user_pref("CT2865317.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" user_pref("CT2865317.myStuffServiceIntervalMM", 1440); user_pref("CT2865317.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF user_pref("CT2865317.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"http%3A%2F%2Fwww.ekudos.nl%2F\",\"EB_MAIN_FRAME_TITLE\" user_pref("CT2865317.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.oldAppsList", "129363015615025603,129363015615338104,1000234,129363015615494356,1000034,129416029873125873,129363015616119359,539 user_pref("CT2865317.openThankYouPage", "true"); user_pref("CT2865317.openUninstallPage", "FALSE"); user_pref("CT2865317.revertSettingsEnabled", true); user_pref("CT2865317.scriptSource", "http://127.0.0.1:10000/gui/"); user_pref("CT2865317.search.searchAppId", "129363015615338104"); user_pref("CT2865317.search.searchCount", "0"); user_pref("CT2865317.searchInNewTabEnabled", "false"); user_pref("CT2865317.searchInNewTabEnabledInHidden", "true"); user_pref("CT2865317.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2865317.searchProtectorDialogDelayInSec", 10); user_pref("CT2865317.searchProtectorEnableByLogin", true); user_pref("CT2865317.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.sendUsageEnabled", "false"); user_pref("CT2865317.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2865317\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://uTorrentBarNL.OurToolbar.com user_pref("CT2865317.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_NL\"}"); user_pref("CT2865317.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2865317.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); user_pref("CT2865317.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346094317041"); user_pref("CT2865317.serviceLayer_services_appTracking_lastUpdate", "1343757234819"); user_pref("CT2865317.serviceLayer_services_appsMetadata_lastUpdate", "1346094316645"); user_pref("CT2865317.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1346094316861"); user_pref("CT2865317.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346094411385"); user_pref("CT2865317.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1346094316953"); user_pref("CT2865317.serviceLayer_services_searchAPI_lastUpdate", "1346094316696"); user_pref("CT2865317.serviceLayer_services_serviceMap_lastUpdate", "1346094316119"); user_pref("CT2865317.serviceLayer_services_toolbarContextMenu_lastUpdate", "1346094316782"); user_pref("CT2865317.serviceLayer_services_toolbarSettings_lastUpdate", "1346101601608"); user_pref("CT2865317.serviceLayer_services_translation_lastUpdate", "1346094317027"); user_pref("CT2865317.settingsINI", true); user_pref("CT2865317.shouldFirstTimeDialog", "false"); user_pref("CT2865317.smartbar.CTID", "CT2865317"); user_pref("CT2865317.smartbar.Uninstall", "0"); user_pref("CT2865317.smartbar.isHidden", true); user_pref("CT2865317.smartbar.toolbarName", "uTorrentBar_NL "); user_pref("CT2865317.testingCtid", ""); user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Wed Nov 23 2011 13:19:26 GMT+0100"); user_pref("CT2865317.toolbarBornServerTime", "3-11-2011"); user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CT2865317.toolbarCurrentServerTime", "27-8-2012"); user_pref("CT2865317.url_history0001", "magnet:?xt=urn:btih:7c149d8e06907498d11a8a4d973e2eb3ef8b9b20&dn=PC+Tools+Registry+Mechanic+v11.1.0.188+Final+B user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", "\"1291824363\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317", "\"189bc05ed9753368aadfb2b80f08021d\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2865317&octid=CT2865317", "\"1321973128\""); user_pref("CommunityToolbar.ToolbarsList", "CT2865317"); user_pref("CommunityToolbar.ToolbarsList2", "CT2865317"); user_pref("CommunityToolbar.ToolbarsList4", "CT2865317"); ---- Lines conduit removed from prefs.js ---- user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\""); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "RI0i/dIgP9+fnhQsT/1dFw=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "lnsNV9M54eN24FUq9fK1cA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "zIbGyRW2KAzDFX+FaRFHmA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "KkqTxz18Neh/j4sUf0IuNw=="); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=nl", "\"1ecf2032fb34ec58d328ec937c1856fc\""); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Bastiaan\\Application Data\\Mozilla\\Firefox\\Profiles\\a5xqpy75.bas user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); ---- Lines CommunityToolbar removed from prefs.js ---- user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1257316/1252989/NL", "\"0\""); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "RI0i/dIgP9+fnhQsT/1dFw=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "lnsNV9M54eN24FUq9fK1cA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "zIbGyRW2KAzDFX+FaRFHmA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "KkqTxz18Neh/j4sUf0IuNw=="); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=nl", "\"1ecf2032fb34ec58d328ec937c1856fc\""); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Nov 23 2011 13:19:23 GMT+0100"); user_pref("CommunityToolbar.globalUserId", "3e114d9d-dfb0-4541-a6e4-0eade430bb19"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Bastiaan\\Application Data\\Mozilla\\Firefox\\Profiles\\a5xqpy75.bas user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6"); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 03 2011 08:17:21 GMT+0100"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Nov 03 2011 09:17:31 GMT+0100"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 03 2011 08:17:18 GMT+0100"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "d6dd60da-0170-4366-be50-6e8a41eabad9"); user_pref("CommunityToolbar.originalHomepage", "http://www.google.com/ig"); user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "1443fa59331acdda105c4c291d39055c"); ---- Lines smartbar removed from prefs.js ---- user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- user_27-08-2015_1231_.backup prefs_27-08-2015_1231_.backup ProfilePath: C:\Users\Pangea\AppData\Roaming\Thunderbird\Profiles\b0vt2red.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_27-08-2015_1231_.backup ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475 prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Mozilla Firefox.bak not found C:\ProgramData\Ad-Aware Browsing Protection not found C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default\searchplugins\safesearch.xml deleted C:\Program Files (x86)\Ad-Aware Antivirus deleted C:\PROGRA~2\Toolbar Cleaner deleted C:\PROGRA~2\adawaretb deleted C:\PROGRA~3\blekko toolbars deleted C:\Users\Pangea\AppData\LocalLow\adawaretb deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\sho2795.tmp deleted C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default\jetpack deleted C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default\CT2865317 deleted C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default\adawaretb deleted C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default\conduitCommon deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3948 MB CPU Info: Intel(R) Pentium(R) CPU B950 @ 2.10GHz CPU Speed: 2123,4 MHz Sound Card: MD 20888 (Intel(R) Display Audi | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR5B97 Wireless Network Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8B0AW Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 285,0GB Hard Disks - Free: C: 228,4GB Manufacturer *: INSYDE BIOS Info: AT/AT COMPATIBLE | 10/17/11 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer BAV50_HR Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton AntiVirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton AntiVirus disabled (Outdated) Default Browser: Firefox 40.0.2 Internet Explorer Version: 11.0.9600.17959 Mozilla Firefox version: 40.0.2 (x86 nl) Google Chrome version: 44.0.2403.157 Adobe Reader version: 15.8.20082.147029 Shockwave Player version: 12.0.4r144 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-12 22:09:13 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe ====== C:\Users\Pangea\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-08-19 11:10:13 A98799EBA5BAABF1AB2BAFCE488FC9F9 19871232 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-08-19 11:10:12 225DB7BABA68ED284693EAEE04E94EA1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-08-19 11:10:14 E5F2BB962F84A8F8D996FEA33F4C817B 25191936 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-08-19 11:10:12 4FD63532DBF78DC6B50078F769E7949F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-08-13 17:00:41 168EA9CD9BD6056BB6F60B57D5304BBE 52736 ----a-w- C:\Windows\Sysnative\basesrv.dll ====== C:\Windows\Sysnative\drivers ===== 2015-08-12 22:09:45 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-08-12 22:09:43 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-08-12 22:09:43 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-08-12 22:09:43 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-08-12 22:09:42 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-08-12 22:09:42 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys ====== C:\Windows\Tasks ====== 2015-08-25 16:44:49 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-08-26 18:40:18 -------- d-----w- C:\Program Files\trend micro 2015-08-26 16:48:15 -------- d-----w- C:\Program Files\iTunes 2015-08-26 16:48:15 -------- d-----w- C:\Program Files\iPod ======= C:\PROGRA~2 ===== 2015-08-26 16:48:15 -------- d-----w- C:\PROGRA~2\iTunes 2015-08-25 16:42:15 -------- d-----w- C:\PROGRA~2\Adobe ======= C: ===== ====== C:\Users\Pangea\AppData\Roaming ====== 2015-08-27 10:02:20 -------- d-----w- C:\Users\Pangea\AppData\Local\CEF ====== C:\Users\Pangea ====== 2015-08-26 18:38:20 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Pangea\Desktop\RSITx64.exe 2015-08-26 16:48:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-25 12:23:55 F119524883AF4BAC56581ED77CEEF828 6667640 ----a-w- C:\Users\Pangea\Downloads\ccsetup509.exe 2015-08-19 10:05:30 594E23DD0288855CE2F2335F25C42E34 6609608 ----a-w- C:\Users\Pangea\Downloads\ccsetup508.exe ====== C: exe-files == 2015-08-27 09:12:59 CBBD8D9A382A0025A2B2F44ECB870264 403672 ----a-w- C:\ProgramData\Adobe\ARM\S\11476\AdobeARMHelper.exe 2015-08-27 09:06:20 A2093376C6EECD097179739D8612041B 10369728 ----a-w- C:\$Windows.~BT\Sources\setupprep.exe 2015-08-26 18:40:18 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Pangea.exe 2015-08-26 18:38:20 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Pangea\Desktop\RSITx64.exe 2015-08-26 16:44:44 72488C1B1E71085033FD7ECB965CFF7D 77080 ----a-w- C:\Users\Pangea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7L48146Q\SetupAdmin[1].exe 2015-08-26 16:44:44 72488C1B1E71085033FD7ECB965CFF7D 77080 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.2.2.25\SetupAdmin.exe 2015-08-25 12:26:10 E3FB05F33E1404AD606B1E1FE7C323C3 998104 ----a-w- C:\Windows\Temp\403085105103836926215086693801414771577\AdobeARM.exe 2015-08-25 12:23:55 F119524883AF4BAC56581ED77CEEF828 6667640 ----a-w- C:\Users\Pangea\Downloads\ccsetup509.exe 2015-08-23 07:23:29 3FEA0616A7C34AD431291D36F044F86E 42996304 ----a-w- C:\Program Files (x86)\Google\Update\Install\{7466DCFB-F4F3-4499-91AA-98A8D18033CE}\44.0.2403.157_chrome_installer.exe 2015-08-23 07:23:28 3FEA0616A7C34AD431291D36F044F86E 42996304 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_chrome_installer.exe 2015-08-22 08:23:08 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C3442C3F-E92B-477E-B79C-699433DAFF12}\44.0.2403.157_44.0.2403.155_chrome_updater.exe 2015-08-22 08:23:08 E2AB465A4F48E9E64FE028374249B881 981584 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_44.0.2403.155_chrome_updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-217574371-964669836-844138514-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Polar FlowSync"="C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "ProShieldTSR"="C:\Program Files\Acer ProShield\EgisTSR.exe /run" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Ad-Aware Antivirus" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Ad-Aware Antivirus\\AdAwareLauncher\" --windows-run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Ad-Aware Browsing Protection" "hkey"="HKLM" "command"="\"C:\\ProgramData\\Ad-Aware Browsing Protection\\adawarebp.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter3] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter3" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Brother\\ControlCenter3\\brctrcen.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget\P0000000000000000] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EPLTarget\\P0000000000000000" "hkey"="HKCU" "command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIJAE.EXE /EPT \"EPLTarget\\P0000000000000000\" /M \"XP-800 Series\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUFAXRCV] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FUFAXRCV" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Epson Software\\FAX Utility\\FUFAXRCV.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FUFAXSTM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FUFAXSTM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Epson Software\\FAX Utility\\FUFAXSTM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudServices" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WinampAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk] "item"="Acer VCM" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acer VCM.lnk" "backup"="C:\\Windows\\pss\\Acer VCM.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Acer\\ACERVC~1\\AcerVCM.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Timex Trainer Launcher.lnk] "item"="Timex Trainer Launcher" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Timex Trainer Launcher.lnk" "backup"="C:\\Windows\\pss\\Timex Trainer Launcher.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Timex\\TIMEXT~1\\TBEGGL~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Pangea^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] "item"="EvernoteClipper" "path"="C:\\Users\\Pangea\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EvernoteClipper.lnk" "backup"="C:\\Windows\\pss\\EvernoteClipper.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\Evernote\\Evernote\\EVERNO~2.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-01-2013 21:34] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-01-2013 21:34] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\WSCStub.exe"] "C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\SymErr.exe] "C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default user_pref("browser.startup.homepage", "http://www.ekudos.nl/home"); user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="); ==== Firefox Proxy Settings ====================== ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default user_pref("network.proxy.backup.ftp", ""); user_pref("network.proxy.backup.ftp_port", 0); user_pref("network.proxy.backup.gopher", ""); user_pref("network.proxy.backup.gopher_port", 0); user_pref("network.proxy.backup.socks", ""); user_pref("network.proxy.backup.socks_port", 0); user_pref("network.proxy.backup.ssl", ""); user_pref("network.proxy.backup.ssl_port", 0); user_pref("network.proxy.ftp", "110.64.96.7:8080"); user_pref("network.proxy.gopher", "110.64.96.7:8080"); user_pref("network.proxy.http", "110.64.96.7:8080"); user_pref("network.proxy.share_proxy_settings", true); user_pref("network.proxy.socks", "110.64.96.7:8080"); user_pref("network.proxy.ssl", "110.64.96.7:8080"); user_pref("network.proxy.type", 1); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFPlgn" [27-08-2015 11:01] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default - Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi - DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475 - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475 D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\Exts\Chrome.crx[10-07-2015 06:03] iikflkcanblccfahdhdonehdalibjnif - No path found[] Norton Security Toolbar - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Norton Identity Safe - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Chrome Web Store Payments - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Pangea\AppData\Local\Google\Chrome\User Data\Default\Preferences .com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13082116281133491","lastpingday":"13083318004478300","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"nl","default_locale":"en","description":"Betalingen via Chrome Web Store","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Betalingen via Chrome Web Store","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.2.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.2.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13057453294017406","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.101\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"8589163E930EE2B0A4CA2D7AB390F1F0E8506BBD9E4A2ED2BEB5C9B84B62F6AD"},"default_search_provider":{"keyword":"77294C4EF304AA32D808572F889F18412C6688265C8F637A49F724409434CA06","name":"240522C3F7C06325D698BE5B9020247918B672A10BC5E50255E7D795621E4FFC","search_url":"E86B03C1F103F19653288C58F07F2C1DA347B90F277499779E97A645BFE7F610"},"default_search_provider_data":{"template_url_data":"8F9613DC34F7FD296FB2A003EF4E4FD30E708B29944BDA5563FBB1E447A97E00"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"9C215984CD5F6D1D1F7F86CEE1F9B31A137DE40CB64759D27DC036F13DCA8032","bepbmhgboaologfdajaanbcjmnhjmhfn":"6AA8DF85F5217800641B14A33774E12EE05744996C4DFC64CCFE0038FAFE7A55","cjabmdjcfcfdmffimndhafhblfmpjdpe":"C3D9843CFFEEC2EB6812551B8F04674D36E949EDB332A9ABAC288D99FAB29B6C","eemcgdkfndhakfknompkggombfjjjeno":"DEEC6838781BFF2C91FF78B05FFE884F7D66C00CAEA423E04A919BCB3AA7B344","ennkphjdgehloodpbhlhldgbnhmacadg":"F60D363FCCE70BD8DF92086F7ACCF972676FB8F2700928A430E1BC2058B3469D","gfdkimpbcpahaombhbimeihdjnejgicl":"AC1D51CC25FA3BAC3E9B2702F19613A882DF1CB02EE70EF738A875CFB75AC1DA","iikflkcanblccfahdhdonehdalibjnif":"DC729502242CAF5EA70EAAA32F87199AE7146E3DF49BCB61CCC64DBE69AC1712","kmendfapggjehodndflmmgagdbamhnfd":"A41F3B868F7DB4A871B933526D554710D99FC9AFBC04F8F096D1515C43FADE38","mfehgcgbbipciphmccgaenjidiccnmng":"1609219688FC2D57C9F382EB95D180DC3195C759D346F48E924E96E96C1C3365","mgndgikekgjfcpckkfioiadnlibdjbkf":"2703C296051957B1E8C85419AE04D567512EB69264D52F46F9A9A1D7E5385045","mhjfbmdgcfjbbpaeojofohoefgiehjai":"30A84DDE3C9167FCA8E2C6156A305F298F10262228660F28FC277072784BD73E","neajdppkdcdipfabeoofebfddakdcjhd":"253A1AFAC1C875DF90010073A0D539FFA66693756EAA8FEC6CFC614A29607455","nkeimhogjdpnpccoofpliimaahmaaome":"CB2439EA279F9A9F389D78944CFE40069ED4D221159A20281E90A1E4175CC7D1","nmmhkkegccagdldgiimedpiccmgmieda":"4E9664062C18CB0BE0A2070B4E753FBEB2B6C08F68DCF42B64FC221874615C3E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"077C7FD20E583250A72D685C74A428E158BFBA58E54397F0B0ECC1725A2EB0B4"}},"google":{"services":{"account_id":"14D942D3E6EAB469CC756A7A41F82AD183AE3612C7234B92DB6589033D7C2CEB","last_username":"488A7BBC72857B0EE6A36B5E7C23565BFB3DB51D55B3B8EAA276B41C017620A5","username":"6253C6C421219A2A951B4C6F7E4799802335CB4396045469D5DFC20BC67D9ABB"}},"homepage":"18DF7B75CE0D2E1430467359CF117C529A8801A5386B87360C33167F772BC4E1","homepage_is_newtabpage":"FF51626096506361A049EF41838F8D6EFBF8611B1AA1BE6D67C5C3CABA1C7525","pinned_tabs":"5FBB02021EB105E7379AAFF177F9AE7A281FAF31E328D846858FC1EADF7A36D9","prefs":{"preference_reset_time":"F0715FE3ADC33AD33C3B6DC9FD9690F0F149D0F39973304491919261215B202E"},"profile":{"reset_prompt_memento":"8F764965F94BA9E06237CD8A6FD047B587C11E155B0033AB4E18E428B02D1DA4"},"safebrowsing":{"incidents_sent":"FDAA9A6EE85F28C0DC932F1FCCBA4E2FAB1909CAAAE4F1D976A75E81F9168779"},"search_provider_overrides":"F431B8BB188F459B0A463AD5D7DDDC3BD290CA92507E9443488268F026EE3D6A","session":{"restore_on_startup":"C87A4432FB6CAD0F618805A3FB5C3C052D69D30724D8A868BDDFAE1576848CFF","startup_urls":"995F291BA63E9994465714EC08DE500EDC7164447B719CC49A4BBEDCF8A6FA6E"},"software_reporter":{"prompt_reason":"1FF6F08ADFC3B1DB6E7C71D4989E0F6C1A58A9A1447A0F0CB91BF7189014AC6F","prompt_seed":"CEA77EB396E6F39C3EFA492866418DE4CBD9539D4BA8A03420DC67293B798279","prompt_version":"DD912403C0D8AA1FF3D71AD94AAE8B37684B9AEFE604355C685EFD8360B6DF09"},"sync":{"remaining_rollback_tries":"FD5BE32918A1B84CBB79AC415C2D9692C87BEB506F9FD71360A4747CAAFE1E58"}},"super_mac":"BE8C789FA36613A415E593F7C83FE093FD51597C9E7FB064112751228F0381FD"}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://acer.msn.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXRCV deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\coIEPlg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\coIEPlg.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKCU\..\Run: [Polar FlowSync] C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing) O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\NAV.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pangea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Pangea\AppData\Local\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475\cache2 emptied successfully C:\Users\Pangea\AppData\Local\Mozilla\Firefox\Profiles\ysbs19d7.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Pangea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=289 folders=49 222301377 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Pangea\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Pangea\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 27-08-2015 at 12:42:09,86 ======================