Zoek.exe Version 4.0.0.4 Updated 31-08-2013 Tool run by Hammoudane on vr 06/09/2013 at 20:38:39,05. Microsoft® Windows Vista™ Home Premium 6.0.6001 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hammoudane\Downloads\zoek.exe [Script inserted] ==== System Restore Info ====================== 6/09/2013 20:45:04 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{38A91FD4-7A1F-4CF5-B241-D7B501DAF1CF} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{038cb5c7-48ea-4af9-94e0-a1646542e62b} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\*{038cb5c7-48ea-4af9-94e0-a1646542e62b} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\*{b317125e-2f10-4388-bf1f-2c31c6cd89ed} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\*{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebCake Desktop Updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ibupdaterservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ibupdaterservice deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Hammoudane\AppData\Roaming\Mozilla\Firefox\Profiles\0 ---- Lines 5090395ed5620@5090395ed5659.com removed from prefs.js ---- ---- Lines 5090395ed5620@5090395ed5659.com modified from prefs.js ---- ---- Lines 5090395ed5620@5090395ed5659.com removed from user.js ---- ---- Lines OneClickDownload removed from prefs.js ---- ---- Lines OneClickDownload modified from prefs.js ---- ---- Lines OneClickDownload removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20130609_2054_.backup prefs_20130609_2054_.backup ProfilePath: C:\Users\Hammoudane\AppData\Roaming\Mozilla\Firefox\Profiles\extensions ---- Lines 5090395ed5620@5090395ed5659.com removed from prefs.js ---- ---- Lines 5090395ed5620@5090395ed5659.com modified from prefs.js ---- ---- Lines 5090395ed5620@5090395ed5659.com removed from user.js ---- ---- Lines OneClickDownload removed from prefs.js ---- ---- Lines OneClickDownload modified from prefs.js ---- ---- Lines OneClickDownload removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20130609_2054_.backup prefs_20130609_2054_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "bProtectTabs"=- ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Program Files\Mozilla Firefox\user.js" deleted "C:\Users\Hammoudane\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted "C:\Users\Hammoudane\Downloads\SoftonicDownloader_for_easy-video-splitter.exe" deleted "C:\Windows\System32\dmwu.exe" deleted "C:\Windows\System32\Tasks\DSite" deleted "C:\Users\Public\sdelevURL.tmp" deleted "C:\Users\Hammoudane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk" deleted "C:\Users\Hammoudane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" deleted "C:\Windows\tasks\OptimizerPro1UpdaterTask{23B17526-C8D2-4D28-BAB6-5AA52DF554B9}.job" deleted "C:\Windows\tasks\OptimizerPro1UpdaterTask{A3CDEA6E-F6FA-4BD9-BB7B-7CDC99596E55}.job" deleted "C:\Windows\system32\Tasks\EPUpdater" deleted "C:\Windows\system32\tasks\QtraxPlayer" deleted "C:\Windows\tasks\OptimizerPro1UpdaterTask{23B17526-C8D2-4D28-BAB6-5AA52DF554B9}.job" deleted "C:\Windows\tasks\OptimizerPro1UpdaterTask{A3CDEA6E-F6FA-4BD9-BB7B-7CDC99596E55}.job" deleted "C:\Windows\tasks\WxDFastUpdaterTask{D700D7C1-1F00-4CF7-869F-E361D2D24DDE}.job" deleted "C:\user.js" deleted "C:\Windows\system32\roboot.exe" deleted "C:\Windows\system32\ImHttpComm.dll" deleted "C:\Windows\system32\dmwu.exe" deleted "C:\Windows\System32\ConduitEngine.tmp" deleted "C:\Program Files\PremierOpinion\pmls.dll" deleted "C:\Program Files\PremierOpinion\pmropn.exe" deleted "C:\Program Files\PremierOpinion\pmservice.exe" deleted "C:\Users\Hammoudane\AppData\Roaming\Betcat\WebCakeDesktop.exe" deleted "C:\ProgramData\Wincert\win32cert.dll" deleted "C:\ProgramData\Wincert\win32prop.dll" deleted "C:\Windows\System32\jmdp\lmrn.dll" deleted "C:\Windows\System32\jmdp\sqlite3.dll" deleted "C:\Windows\System32\jmdp\stij.exe" deleted "C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll" deleted "C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe" deleted "C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" deleted "C:\Program Files\SweetIM\Messenger\mgArchive.dll" deleted "C:\Program Files\SweetIM\Messenger\mgcommon.dll" deleted "C:\Program Files\SweetIM\Messenger\mgcommunication.dll" deleted "C:\Program Files\SweetIM\Messenger\mgconfig.dll" deleted "C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll" deleted "C:\Program Files\SweetIM\Messenger\mghooking.dll" deleted "C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll" deleted "C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll" deleted "C:\Program Files\SweetIM\Messenger\mgsimcommon.dll" deleted "C:\Program Files\SweetIM\Messenger\mgSweetIM.dll" deleted "C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll" deleted "C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll" deleted "C:\Program Files\SweetIM\Messenger\msvcp71.dll" deleted "C:\Program Files\SweetIM\Messenger\msvcr71.dll" not deleted "C:\Program Files\SweetIM\Messenger\SweetIM.exe" deleted "C:\Users\Hammoudane\AppData\Roaming\Betcat\dat\Desktop.OS.dll" deleted "C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe" deleted "C:\Users\Hammoudane\AppData\Roaming\Bandoo" deleted "C:\ProgramData\Bcool" deleted "C:\ProgramData\wxDownload" deleted "C:\Program Files\Movies Toolbar" not deleted "C:\Program Files\Bandoo" deleted "C:\Program Files\Betcat" deleted "C:\Program Files\Search Results Toolbar" deleted "C:\Program Files\ShoppingReport" deleted "C:\Program Files\Windows Searchqu Toolbar" deleted "C:\Program Files\Optimizer Pro" deleted "C:\Program Files\PremierOpinion" not deleted "C:\Program Files\WebCake" deleted "C:\Program Files\sweetpacks bundle uninstaller" deleted "C:\Program Files\WhiteSmoke" deleted "C:\Program Files\BrowserCompanion" deleted "C:\Program Files\SweetIM" not deleted "C:\Program Files\Conduit" deleted "C:\Program Files\ConduitEngine" deleted "C:\Program Files\Common Files\Wondershare" deleted "C:\found.000" deleted "C:\Users\Hammoudane\AppData\Roaming\Betcat" deleted "C:\Users\Hammoudane\AppData\Roaming\WebCake" deleted "C:\Users\Hammoudane\AppData\Roaming\Web Cake" deleted "C:\Users\Hammoudane\AppData\Roaming\BabSolution" deleted "C:\Users\Hammoudane\AppData\Roaming\Babylon" deleted "C:\Users\Hammoudane\AppData\Roaming\Registry Mechanic" deleted "C:\Users\Hammoudane\AppData\Roaming\Bandoo" deleted "C:\Users\Hammoudane\AppData\Roaming\DSite" deleted "C:\Users\Hammoudane\AppData\Roaming\Systweak" deleted "C:\Users\Hammoudane\AppData\Roaming\OpenCandy" deleted "C:\Users\Hammoudane\Qtrax" deleted "C:\ProgramData\Browser Manager" deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\APN" deleted "C:\ProgramData\Datamngr" deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\Wincert" deleted "C:\ProgramData\SweetIM" deleted "C:\ProgramData\wxDownload" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Premium" not deleted "C:\ProgramData\Babylon" deleted "C:\ProgramData\Bcool" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion" deleted "C:\Users\Hammoudane\AppData\Local\iLivid" deleted "C:\Users\Hammoudane\AppData\Local\Ilivid Player" deleted "C:\Users\Hammoudane\AppData\Local\ilividmoviestoolbardla" deleted "C:\Users\Hammoudane\AppData\Local\CRE" deleted "C:\Users\Hammoudane\AppData\Local\Wondershare" deleted "C:\Users\Hammoudane\AppData\Local\Bundled software uninstaller" deleted "C:\Users\Hammoudane\AppData\Local\PackageAware" deleted "C:\Users\Hammoudane\AppData\Local\Conduit" deleted "C:\Users\Hammoudane\AppData\LocalLow\ShoppingReport" deleted "C:\Users\Hammoudane\AppData\LocalLow\Claro LTD" deleted "C:\Users\Hammoudane\AppData\LocalLow\Bcool" deleted "C:\Users\Hammoudane\AppData\LocalLow\searchresultstb" deleted "C:\Users\Hammoudane\AppData\LocalLow\ilividmoviestoolbardla" deleted "C:\Users\Hammoudane\AppData\LocalLow\BabylonToolbar" deleted "C:\Users\Hammoudane\AppData\LocalLow\Delta" deleted "C:\Users\Hammoudane\AppData\LocalLow\DataMngr" deleted "C:\Users\Hammoudane\AppData\LocalLow\Incredibar.com" deleted "C:\Users\Hammoudane\AppData\LocalLow\PriceGong" deleted "C:\Users\Hammoudane\AppData\LocalLow\searchquband" deleted "C:\Users\Hammoudane\AppData\LocalLow\Conduit" deleted "C:\Users\Hammoudane\AppData\LocalLow\ConduitEngine" deleted "C:\Windows\System32\jmdp" deleted "C:\Windows\System32\ARFC" deleted "C:\Windows\System32\WNLT" deleted "C:\Windows\System32\searchplugins" deleted "C:\Windows\System32\Extensions" deleted "C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted "C:\Users\Hammoudane\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com" deleted "C:\Program Files\Movies Toolbar\Datamngr" not deleted "C:\Program Files\SweetIM\Messenger" not deleted "C:\Users\Hammoudane\AppData\Roaming\Betcat\dat" deleted "C:\ProgramData\Premium\OptimizerPro1" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\HAMMOU~1\AppData\Local\Temp ==== 2013-08-30 20:33:22 945D09C0925F771F907DEE3D0452ECF4 40960 ----a-w- C:\Users\HAMMOU~1\AppData\Local\Temp\rtdrvmon.exe ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-09-06 16:41:20 -------- d-----w- C:\Program Files\Speccy 2013-09-06 16:29:12 -------- d-----w- C:\Program Files\Trend Micro 2013-08-16 10:52:55 51992 ----a-w- C:\Program Files\WBDesktop.Updater.1.0.0.16.exe ======= C: ===== ====== C:\Users\Hammoudane\AppData\Roaming ====== ====== C:\Users\Hammoudane ====== 2013-09-06 16:46:49 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Hammoudane\Downloads\RSIT.exe 2013-09-06 16:37:41 1EFDECC41128BABB5B09B4C9BEB98D46 5127856 ----a-w- C:\Users\Hammoudane\Downloads\spsetup122.exe 2013-08-31 13:20:11 -------- d-----w- C:\ProgramData\PicBlock 2013-08-27 14:26:12 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Hammoudane\attrib ====== C: exe-files == 2013-09-06 16:49:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\Hammoudane.exe 2013-09-06 14:55:16 514FC42D49F76C16CC1839A6B9D3AC05 1611104 ----a-w- C:\Program Files\Google\Update\Install\{6A070DB1-7384-4421-B44D-E8FEB72CBCD3}\29.0.1547.66_29.0.1547.62_chrome_updater.exe 2013-09-06 14:55:16 514FC42D49F76C16CC1839A6B9D3AC05 1611104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_29.0.1547.62_chrome_updater.exe 2013-09-03 08:23:37 F722776B89AF7BF68C7FF2B19483DA1F 171088 ----a-w- C:\Users\Hammoudane\AppData\Local\Temp\busB885\CrxUpdater_g.exe 2013-09-03 08:23:37 F722776B89AF7BF68C7FF2B19483DA1F 171088 ----a-w- C:\Users\Hammoudane\AppData\Local\Temp\bus6680\CrxUpdater_g.exe 2013-08-30 20:33:22 945D09C0925F771F907DEE3D0452ECF4 40960 ----a-w- C:\Users\Hammoudane\AppData\Local\Temp\rtdrvmon.exe === C: other files == ==== Firefox Extensions ====================== ProfilePath: C:\Users\Hammoudane\AppData\Roaming\Mozilla\Firefox\Profiles\0 - Online HD TV - %ProfilePath%\extensions\onlinehdtv@onlinehd.tv.xpi ==== Firefox Plugins ====================== ==== Deleting Files \ Folders ====================== "C:\Users\Hammoudane\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaabcbmongicmdegkmmfgdickgnnob - C:\Users\Hammoudane\AppData\Local\ilividmoviestoolbardla\GC\toolbar.crx[] cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Hammoudane\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files\BrowserCompanion\blabbers-ch.crx[] cnnkiplpgphflnkphofpfpmgdlgijhio - C:\ProgramData\Bcool\cnnkiplpgphflnkphofpfpmgdlgijhio.crx[] dkinklhnkmkhkhofcnapakaoehijaoih - No path found[] dlnembnfbcpjnepmfjmngjenhhajpdfd - No path found[] eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Hammoudane\AppData\Roaming\BabSolution\CR\Delta.crx[] fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files\WebCakeLayers.crx[05/08/2013 16:33] jbajpeofkjjeiamcglnmldoboonfkiol - C:\Program Files\Movies Toolbar\Datamngr\chromeExtension.crx[] jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[] jfcagokicjljbocfhmaglpddhfphdgpd - C:\ProgramData\wxDownload\jfcagokicjljbocfhmaglpddhfphdgpd.crx[] kfkcangbigakljkjeglcofaomihpejif - No path found[] kibaojpmcohambhjfgefecjgcafpdoli - C:\ProgramData\Bcool\kibaojpmcohambhjfgefecjgcafpdoli.crx[] kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Hammoudane\AppData\Local\Torch\Plugins\TorchPlugin.crx[20/06/2013 16:57] mkndcbhcgphcfkkddanakjiepeknbgle - C:\Program Files\PremierOpinion\pmcm.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[16/08/2013 12:48] ndkbkobccppmaijogmlganlchookhcnj - C:\ProgramData\Bcool\ndkbkobccppmaijogmlganlchookhcnj.crx[] ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Windows\System32\jmdp\SweetNT.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Hammoudane\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] kfkcangbigakljkjeglcofaomihpejif - No path found[] YouTube - Hammoudane - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Hammoudane - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Card number - Hammoudane - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage deleted successfully C:\Users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-394&t=4" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=84&bd=Presario&pf=cndt" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.trooner.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=84&bd=Presario&pf=cndt" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1a7f91c20000000000000023543b2515&tlver=1.4.19.19&affID=19404" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {615487A1-04E1-4022-8343-DC92E24B7A36} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={BEBE1663-B5D4-4BD6-9132-4B2B7DC0109C}&mid=e6efb0e9062fbb86a41c4dd62994924d-7a3944237d566d5f3e22156ff3a3c059840bc1a3&lang=us&ds=AVG&pr=fr&d=2011-11-28" {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} Unknown Url="Not_Found" {C90D878C-1FAF-4909-A6E7-A09B38C07CD8} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CACEAF84-876E-8C70-E430-23D73FDC358E} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CACEAF84-876E-8C70-E430-23D73FDC358E} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{615487A1-04E1-4022-8343-DC92E24B7A36} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} deleted successfully HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C90D878C-1FAF-4909-A6E7-A09B38C07CD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_CLASSES_ROOT\CLSID\{CACEAF84-876E-8C70-E430-23D73FDC358E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CACEAF84-876E-8C70-E430-23D73FDC358E} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2510180107-2633095666-4145995738-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ec2bae47-25af-4ce9-9e78-10627a49c9ea} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cnnkiplpgphflnkphofpfpmgdlgijhio deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfcagokicjljbocfhmaglpddhfphdgpd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kibaojpmcohambhjfgefecjgcafpdoli deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndkbkobccppmaijogmlganlchookhcnj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hammoudane\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hammoudane\AppData\Local\Temp\Temporary Internet Files(46)\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7H4C0WSG will be deleted at reboot C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\users\Hammoudane\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\HAMMOU~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\SweetIM\Messenger\msvcr71.dll" not found "C:\Windows\System32\dmwu.exesearch" not found "C:\Windows\system32\ImHttpComm.dllsearch" not found "C:\Windows\system32\dmwu.exesearch" not found "C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\Movies Toolbar" not found "C:\Program Files\PremierOpinion" not found "C:\Program Files\SweetIM" not found "C:\ProgramData\Premium" not found "C:\Users\Hammoudane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7H4C0WSG" not found ==== EOF on vr 06/09/2013 at 21:12:45,31 ======================