Zoek.exe v5.0.0.1 Updated 01-November-2015 Tool run by user on di 03/11/2015 at 18:19:26,53. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\user\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3/11/2015 18:21:30 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Philips deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Symantec deleted successfully C:\Users\user\AppData\Roaming\Lite deleted successfully C:\Users\user\AppData\Roaming\Opera deleted successfully C:\Users\user\AppData\Local\ApplicationHistory deleted successfully C:\Users\user\AppData\Local\Cyberlink deleted successfully C:\Users\user\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\user\AppData\Local\EmieSiteList deleted successfully C:\Users\user\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2555910220-1676176957-1096322211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\obwkx8q2.default user.js not found ---- Lines babylon modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ ---- Lines blabbers modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20150311_1839_.backup ProfilePath: C:\Users\user\AppData\Roaming\Philips-Songbird\Profiles\9446itt6.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150311_1839_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Philips not found C:\PROGRA~3\{F0489EF2-D393-4114-85BA-A94D71D89543} deleted C:\found.000 deleted C:\PROGRA~3\OberonGameConsole deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\user\Documents\Updater deleted "C:\ProgramData\.tv5" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\user\AppData\Local\Temp ==== 2015-11-03 17:07:58 A560DBA4BC0D93CE2CB25FD68C5D191E 71168 ----a-w- C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknowoz.dll ====== Java Cache ===== 2015-10-08 13:42:21 63EC58C1C645F39288922BEA80FB2D5C 16222 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1a124a-2200b207 2015-10-13 05:50:34 699216D7C01FBFE103F54283F5902EE8 649 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4de63de6-1c2a1f15 2015-10-08 13:42:21 529B89BE1D190FC97D5B177A756AD09E 2424 ----a-w- C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3e8c5e7a-50a82a9e ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-10-31 19:15:58 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-10-31 19:15:33 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-10-31 19:15:33 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-10-31 19:15:32 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-10-14 13:57:43 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-10-14 13:57:43 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-10-14 13:57:43 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-10-14 13:57:42 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-10-14 13:57:42 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-10-14 13:56:31 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-11-02 15:07:08 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-10-08 13:49:20 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\user\AppData\Roaming ====== 2015-10-17 05:31:01 -------- d-----w- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-08 13:48:59 -------- d-----w- C:\Users\user\AppData\Roaming\Sun ====== C:\Users\user ====== 2015-11-02 15:06:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\user\Downloads\RSITx64.exe 2015-10-31 19:13:14 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe 2015-10-08 13:48:59 -------- d-----w- C:\Users\user\.oracle_jre_usage ====== C: exe-files == 2015-11-02 15:07:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\user.exe 2015-11-02 15:06:42 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\user\Downloads\RSITx64.exe 2015-10-31 19:13:14 49E3825ACB348F848D9B841E4D48FD3B 22908888 ----a-w- C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe === C: other files == 2015-10-31 19:15:58 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-10-31 19:15:33 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-10-31 19:15:33 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-10-31 19:15:32 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2555910220-1676176957-1096322211-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Photo Downloader" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Photoshop Elements 5.0\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Advanced Audio v2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Dolby Advanced Audio v2" "hkey"="HKLM" "command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecPMMUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\user\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelTBRunOnce] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IntelTBRunOnce" "hkey"="HKLM" "command"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LManager" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NUSB3MON] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NUSB3MON" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Renesas Electronics\\USB 3.0 Host Controller Driver\\Application\\nusb3mon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\PlayMemories Home\\PMBVolumeWatcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SuiteTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SynTPEnh" "hkey"="HKLM" "command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ExifLauncher2.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ExifLauncher2.lnk" "backup"="C:\\Windows\\pss\\ExifLauncher2.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\FINEPI~1\\QUICKD~1.EXE " "item"="ExifLauncher2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\user\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor5.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DsiWMIService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EgisTec Ticket Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ePowerSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GREGService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Live Updater Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NBService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NMIndexingService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PMBDeviceInfoProvider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\rpcapd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TurboBoost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TwonkyMedia] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS] ==== Startup Folders ====================== 2014-08-14 12:14:19 1135 ----a-w- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/10/2013 17:38] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000Core.job --a------ C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 05:33] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000UA.job --a------ C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 05:33] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000UA.job --a------ C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 06:38] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 06:38] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000Core" [C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000UA" [C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000Core" [C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2555910220-1676176957-1096322211-1000UA" [C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-06-18 04:33:50 -------- d-----w- C:\PROGRA~3\Dropbox 2015-10-31 19:15:32 -------- d-----w- C:\PROGRA~3\Malwarebytes ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{EBA722F5-038F-4CAF-9EE2-545A221628BC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn" [03/11/2015 18:10] ==== Firefox Extensions ====================== ProfilePath: C:\Users\user\AppData\Roaming\Philips-Songbird\Profiles\9446itt6.default - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\7digital@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewh264dec@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmpeg4dec@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-nl@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com - Undetermined - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com ExtDir: C:\Users\user\AppData\Roaming\Mozilla\Extensions - Undetermined - %ExtDir%\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== Profilepath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\obwkx8q2.default F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.80 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx[23/09/2015 07:44] iikflkcanblccfahdhdonehdalibjnif - No path found[] Google Slides - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Norton Security Toolbar - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Google Search - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Norton Identity Safe - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Chrome Web Store Payments - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Norton Security Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Norton Identity Safe - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Chrome Web Store Payments - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="https://www.google.com/search?q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2555910220-1676176957-1096322211-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-2555910220-1676176957-1096322211-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=37 folders=17 792139 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\nicola\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\user\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\user\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 03/11/2015 at 18:53:32,22 ======================