Zoek.exe Version 4.0.0.4 Updated 30-07-2013 Tool run by Ward en Margreet on wo 31-07-2013 at 14:16:39,26. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ward en Margreet\Desktop\zoek.exe [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 31-7-2013 14:18:26 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2375649081-2910261836-444980794-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2375649081-2910261836-444980794-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2375649081-2910261836-444980794-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCSUService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PCSUService deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default ---- Lines incredibar removed from prefs.js ---- user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.did", "10643"); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.id", "47428a30000000000000d85d4cbed26f"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.instlDay", "15727"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.ppd", "1"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQWCt9EA2&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.upn2", "6PQWCt9EA2"); user_pref("extensions.incredibar_i.upn2n", "92544318279460002"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.140:17:35"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); ---- Lines incredibar modified from prefs.js ---- ---- Lines incredibar removed from user.js ---- user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQWCt9EA2&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.id", "47428a30000000000000d85d4cbed26f"); user_pref("extensions.incredibar_i.instlDay", "15727"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.140:17:32"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.upn2", "6PQWCt9EA2"); user_pref("extensions.incredibar_i.upn2n", "92544318279460002"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.did", "10643"); user_pref("extensions.incredibar_i.ppd", "1"); ---- Lines b1.org removed from prefs.js ---- ---- Lines b1.org modified from prefs.js ---- ---- Lines b1.org removed from user.js ---- ---- Lines mystart removed from prefs.js ---- ---- Lines mystart modified from prefs.js ---- ---- Lines mystart removed from user.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines ask.com removed from user.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines Web Search removed from user.js ---- ---- Lines mysearch removed from prefs.js ---- ---- Lines mysearch modified from prefs.js ---- ---- Lines mysearch removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_31-07-2013_1422_.backup prefs_31-07-2013_1422_.backup ProfilePath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112 user.js not found ---- Lines incredibar removed from prefs.js ---- ---- Lines incredibar modified from prefs.js ---- ---- Lines b1.org removed from prefs.js ---- ---- Lines b1.org modified from prefs.js ---- ---- Lines mystart removed from prefs.js ---- ---- Lines mystart modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines mysearch removed from prefs.js ---- ---- Lines mysearch modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_31-07-2013_1422_.backup ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Users\Ward en Margreet\AppData\Roaming\Camdata.ini" deleted "C:\Users\Ward en Margreet\AppData\Roaming\CamLayout.ini" deleted "C:\Users\Ward en Margreet\AppData\Roaming\CamShapes.ini" deleted "C:\Users\Ward en Margreet\AppData\Roaming\Drives Monitor_Settings.ini" deleted "C:\Users\Ward en Margreet\AppData\Roaming\vispa.ini" deleted "C:\Users\Ward en Margreet\AppData\Roaming\QNVW601P.dll" deleted "C:\Windows\WININIT.INI" deleted "C:\Users\Ward en Margreet\AppData\Local\VWLFE64.tmp" deleted "C:\Windows\tasks\PC SpeedUp Service Deactivator.job" deleted "C:\user.js" deleted "C:\prefs.js" deleted "C:\Program Files (x86)\GUM8871.tmp" deleted "C:\Program Files (x86)\PC Speed Up" deleted "C:\Program Files (x86)\adawaretb" deleted "C:\Users\Ward en Margreet\AppData\Roaming\B1Toolbar" deleted "C:\ProgramData\blekko toolbars" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up" deleted "C:\Users\Ward en Margreet\AppData\Local\B1E" deleted "C:\Users\Ward en Margreet\AppData\Local\PackageAware" deleted "C:\Users\Ward en Margreet\AppData\LocalLow\adawaretb" deleted "C:\Users\Ward en Margreet\AppData\LocalLow\facemoods.com" deleted "C:\Windows\SysWow64\AI_RecycleBin" deleted "C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default\adawaretb" deleted "C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112\adawaretb" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\WARDEN~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-07-30 12:33:26 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-07-06 09:50:37 -------- d-----w- C:\Program Files\Unlocker ======= C:\Program Files (x86) ===== ======= C: ===== ====== C:\Users\Ward en Margreet\AppData\Roaming ====== 2013-07-29 09:10:33 27148597C71E75DE7DEE67F98D9D9BCF 37 -csh--w- C:\users\Ward en Margreet\AppData\Local\70149b02515b3bb20dd492.47983420 2013-07-29 09:10:33 -------- dcsh--w- C:\users\Ward en Margreet\AppData\Local\ms-drivers 2013-07-07 14:41:35 -------- dc----w- C:\users\Ward en Margreet\AppData\Local\Riot 2013-07-06 09:50:38 -------- dc----w- C:\users\Ward en Margreet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-03 15:52:18 8E658FF1E47D1B83CE547B9E2D5C4F0E 11136 -c--a-w- C:\users\Ward en Margreet\AppData\Local\dd_vcredistUI480F.txt 2013-07-03 15:52:18 3841E37E8320DA82AEED1651D4DC375D 404090 -c--a-w- C:\users\Ward en Margreet\AppData\Local\dd_vcredistMSI480F.txt ====== C:\Users\Ward en Margreet ====== 2013-07-30 12:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 -c--a-w- C:\Users\Ward en Margreet\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-30 12:20:55 4C47469F47FD9F8437B62A86F6E0874F 666633 -c--a-w- C:\Users\Ward en Margreet\Downloads\adwcleaner(1).exe 2013-07-29 09:12:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek 2013-07-07 14:41:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIOT 2013-07-06 11:01:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2013-07-05 15:58:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2013-07-03 22:22:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presentation To Video Converter 2013-07-03 22:22:17 -------- d-----w- C:\ProgramData\GeoVid ====== C: exe-files == 2013-07-30 12:32:34 683FDD3D773C58B262DC07CD0C6CE938 10285040 -c--a-w- C:\Users\Ward en Margreet\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-30 12:20:55 4C47469F47FD9F8437B62A86F6E0874F 666633 -c--a-w- C:\Users\Ward en Margreet\Downloads\adwcleaner(1).exe 2013-07-30 07:30:42 4F3A274E95A94E196AC224E1646E8013 147120 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\15.4.0\DriverInstaller.exe 2013-07-30 07:30:38 308598FF177676648E043CE28E09FCCD 2267824 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\15.4.0\ScriptHelper.exe 2013-07-30 07:30:33 2F208AD0E44992E5FF1CB7C6B699C263 1616048 ----a-w- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe 2013-07-27 06:57:12 FB3CAFEE6A2C7641D3A15395D9A9ED0C 24576 ----a-r- C:\Program Files\Calibre2\calibre-smtp.exe 2013-07-27 06:57:12 EB62871B524AE49833B01803629437FF 24576 ----a-r- C:\Program Files\Calibre2\calibre-complete.exe 2013-07-27 06:57:12 E783B93E15FE2A49E823A8AF6CBB85F7 24576 ----a-r- C:\Program Files\Calibre2\calibre-debug.exe 2013-07-27 06:57:12 D22F2866B587C90248328455A053EF58 24576 ----a-r- C:\Program Files\Calibre2\lrs2lrf.exe 2013-07-27 06:57:12 BE3EECED5EB5AA75B99C0E7F493A6B8E 24576 ----a-r- C:\Program Files\Calibre2\ebook-convert.exe 2013-07-27 06:57:12 B60722CE64328405F70FFC7303FE6CB3 24576 ----a-r- C:\Program Files\Calibre2\calibre-parallel.exe 2013-07-27 06:57:12 AD91D7FE22FC762902A63FF5A234BFF7 24576 ----a-r- C:\Program Files\Calibre2\lrf2lrs.exe 2013-07-27 06:57:12 A79D6AC562435D9C1086E2ADD8439CD3 24576 ----a-r- C:\Program Files\Calibre2\calibredb.exe 2013-07-27 06:57:12 83B27D250C102D67C324F1BE61ACC07A 173056 ----a-r- C:\Program Files\Calibre2\calibre.exe 2013-07-27 06:57:12 7B09080E9ABF4ADDB365B2DC94DA5137 24576 ----a-r- C:\Program Files\Calibre2\ebook-meta.exe 2013-07-27 06:57:12 6C9F8CAF78DDCC645A1BC25804509251 24576 ----a-r- C:\Program Files\Calibre2\calibre-customize.exe 2013-07-27 06:57:12 6BD44C892E86FB441916240C96F20C06 24576 ----a-r- C:\Program Files\Calibre2\calibre-server.exe 2013-07-27 06:57:12 585068C4297707A8EECB8664B06553B3 24576 ----a-r- C:\Program Files\Calibre2\ebook-polish.exe 2013-07-27 06:57:12 3BE3E06C750AA2809EFFC1519BBEF9DF 24576 ----a-r- C:\Program Files\Calibre2\ebook-device.exe 2013-07-27 06:57:12 3070FDE4BF478317FF68ADCB261AD4B3 24576 ----a-r- C:\Program Files\Calibre2\web2disk.exe 2013-07-27 06:57:12 26BF02CB15B8869B7FC31C640A7EC89F 76800 ----a-r- C:\Program Files\Calibre2\ebook-viewer.exe 2013-07-27 06:57:12 2219523123F60C0B509A20CA977614E7 24576 ----a-r- C:\Program Files\Calibre2\fetch-ebook-metadata.exe 2013-07-27 06:57:12 0D69031109B13CC70446FDDFD827B5B1 24576 ----a-r- C:\Program Files\Calibre2\markdown-calibre.exe 2013-07-27 06:57:12 0CBE7AF010DEA79442C8B814D7C01CE9 76800 ----a-r- C:\Program Files\Calibre2\lrfviewer.exe === C: other files == 2013-07-30 20:24:00 E6761FE6FE6847D76ADDB83DA2DE06FA 567 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO.zip 2013-07-30 20:24:00 DB6052B87283D39FD34A1CA827D643B5 584 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO1.zip 2013-07-30 20:24:00 D12930DD2EAB11BA2E994D5BBB201BEC 644 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO3.zip 2013-07-30 20:24:00 1CBFE0277BCAF0D6362AC1636487504B 725 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO2.zip 2013-07-30 12:33:26 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-30 07:30:58 A18651DEEC522D0C3362266A26A8CC97 257159 ----a-w- C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx 2013-07-27 06:57:14 1B8A12B13BA5D6E6F532B8D7A8DB22AF 48003573 ----a-r- C:\Program Files\Calibre2\pylib.zip 2013-07-27 06:47:02 FAEDEC3092A583F961E32B91145EC516 7781818 ----a-r- C:\Program Files\Calibre2\resources\localization\locales.zip 2013-07-27 06:46:40 711B314B516545079F3A3C7B960FB05C 5129729 ----a-r- C:\Program Files\Calibre2\resources\builtin_recipes.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2375649081-2910261836-444980794-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "PCSpeedUp"="C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot" "PMBVolumeWatcher"="D:\PlayMemories Home\PMBVolumeWatcher.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Cobian Backup 11 interface"="D:\Cobian Backup 11\cbInterface.exe -service" "QuickTime Task"="D:\QuickTime\QTTask.exe -atboottime" "vProt"="C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "PCSpeedUp"="C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BDRegion" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenu" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe\" /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="facemoods" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\facemoods.com\\facemoods\\1.4.17.7\\facemoodssrv.exe\" /md I" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="D:\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="D:\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDVD9LanguageShortcut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVD9LanguageShortcut" "hkey"="HKLM" "command"="D:\\PowerDVD\\PowerDVD9\\Language\\Language.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="D:\\Sony\\PMBVolumeWatcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"D:\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl9] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl9" "hkey"="HKLM" "command"="D:\\PowerDVD\\PowerDVD9\\PDVD9Serv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Java\\jre6\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"D:\\TomTom HOME 2\\TomTomHOMERunner.exe\" -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GammaTray.lnk" "backup"="C:\\Windows\\pss\\GammaTray.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="D:\\MAGICT~1\\GAMMAT~1.EXE " "item"="GammaTray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate1c9ce8c4b052c43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PMBDeviceInfoProvider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceLayer] ==== Startup Folders ====================== 2013-01-05 21:04:07 997 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk 2012-11-23 21:36:58 1956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk 2009-02-23 22:10:05 1695 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-06-2013 20:22] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default - Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Undetermined - %ProfilePath%\extensions\4dc435998df779693658e6e94d9fc25e129ccd049543c0429047dcb2aab492c7_lp.key - Undetermined - %ProfilePath%\extensions\4dc435998df779693658e6e94d9fc25e129ccd049543c0429047dcb2aab492c7_lp.key - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - LastPass - %ProfilePath%\extensions\support@lastpass.com - Undetermined - %ProfilePath%\extensions\temp - Azerty II - %ProfilePath%\extensions\{044FA143-992A-435f-95A5-39E25470F8F0} - Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}(12) - Brushed - %ProfilePath%\extensions\{07D70F98-08D3-432e-8BD6-496AD6481A68} - Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} - Qute - %ProfilePath%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D} - Plastikfox Crystal SVG - %ProfilePath%\extensions\{4674e8a2-eb7e-4822-b517-b18328b3e8e8} - Noia 2.0 eXtreme - %ProfilePath%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - PimpZilla - %ProfilePath%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} - iFox - %ProfilePath%\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} - ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} - Cookies Manager - %ProfilePath%\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} - FirefoxModern - %ProfilePath%\extensions\{d8bd53e7-7ad6-4fb0-9dea-ee0f111fb4c8} - Outlook 2003 Blue - %ProfilePath%\extensions\{e8cba685-830c-1283-6314-a6ae605cc7be} - Pinball - %ProfilePath%\extensions\{fb0cbf5b-695b-4322-8b49-5dedbfb946fc} - Personas - %ProfilePath%\extensions\personas@christopher.beard.xpi - Adblock Lite - %ProfilePath%\extensions\{1e9a63ef-84ec-49a4-8d6f-2dd9524e90d0}.xpi - PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi - IE View - %ProfilePath%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi - Googlebar Lite - %ProfilePath%\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi - LeechBlock - %ProfilePath%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi - Red Cats green flavor - %ProfilePath%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi - User Agent Switcher - %ProfilePath%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi - SearchPreview - %ProfilePath%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi ProfilePath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112 - Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com - LastPass - %ProfilePath%\extensions\support@lastpass.com - Forecastfox - %ProfilePath%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default E18B5B26F41D8C37CCAA7256F29F6A15 - D:\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) C7794A997CEC29173A4401F3AE16C51F - D:\VideoLAN\VLC\npvlc.dll - VLC Web Plugin D493C8FC0D0FD015BB9765658D77346E - C:\Users\Ward en Margreet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 59F25E08AC650B2838942025628FE70F - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll - FileLab plugin F6A25814F6D9DF2C2C14189BF7231258 - D:\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector 86FD0445C7A92516FC0BA201C79B8E9E - D:\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - D:\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - D:\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - D:\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - D:\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 CF62BB08DB5D40548AF4B1AD6650BEEA - D:\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla 625D0A824F513CE1CABB8861E97F2142 - D:\Google\Picasa3\npPicasa2.dll - Picasa AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 99F97C9FE748C37528C338A423577FCB - D:\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin 9A6101F29E2E9D41B99CBCC8F106E8FE - D:\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system 86FD0445C7A92516FC0BA201C79B8E9E - D:\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - D:\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - D:\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - D:\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - D:\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 C548328E9DE5EB73350EF292D7140662 - D:\Google\Picasa3\npPicasa3.dll - Picasa Profilepath: C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112 AA2B0803778428522D1CF29EF5AC2DDB - C:\Users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater 2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.16 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash 86FD0445C7A92516FC0BA201C79B8E9E - D:\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - D:\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - D:\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - D:\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - D:\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 D493C8FC0D0FD015BB9765658D77346E - C:\Users\Ward en Margreet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player C548328E9DE5EB73350EF292D7140662 - D:\Google\Picasa3\npPicasa3.dll - Picasa 546A28FBC44B984FD92530227BF6F5C2 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) 0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) 558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin B70509F8ABCBE6B75AE0976A969CDE8F - C:\Users\Ward en Margreet\AppData\LocalLow\Square Enix\nprun3d.dll - Square Enix Secure Launcher 59F25E08AC650B2838942025628FE70F - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll - FileLab plugin 625D0A824F513CE1CABB8861E97F2142 - D:\Google\Picasa3\npPicasa2.dll - Picasa AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29-11-2012 21:35] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\15.4.0.5\avg.crx[30-07-2013 09:29] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page Before"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="http://search.b1.org/?bsrc=hmior&chid=c167991" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page Before"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} Google Url="http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=nl&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFFBLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1" ==== Reset Google Chrome ====================== Nothing found to reset ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ward en Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ward en Margreet\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ward en Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Ward en Margreet\AppData\Local\Mozilla\Firefox\Profiles\t4q9e1vm.default\Cache emptied successfully C:\users\Ward en Margreet\AppData\Local\Mozilla\Firefox\Profiles\vvzoxkp6.default-1372282939112\Cache emptied successfully C:\users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default\forecastfox\cache emptied successfully C:\users\Ward en Margreet\AppData\Roaming\Mozilla\Firefox\Profiles\t4q9e1vm.default\personas\cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\WARDEN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Ward en Margreet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on wo 31-07-2013 at 14:29:17,94 ======================