Zoek.exe Version 4.0.0.5 Updated 22-October-2013 Tool run by maurice on di 22-10-2013 at 18:07:12,96. Running in: Normal Mode Internet Access Detected Launched: C:\Users\maurice\Desktop\zoek.exe [Script inserted] ==== System Restore Info ====================== Failed to create System Restore Point ==== Empty Folders Check ====================== C:\PROGRA~2\Capcom deleted successfully C:\PROGRA~2\EA Games deleted successfully C:\PROGRA~2\Kalypso Media deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\NEXON deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\Rockin Android deleted successfully C:\PROGRA~2\Stunlock Studios deleted successfully C:\PROGRA~2\Video Codec deleted successfully C:\PROGRA~2\WB Games deleted successfully C:\PROGRA~2\Winamp deleted successfully C:\PROGRA~2\Wondershare deleted successfully C:\Program Files\Babylon deleted successfully C:\Users\maurice\AppData\Roaming\FOG Downloader deleted successfully C:\Users\maurice\AppData\Roaming\NetDrive deleted successfully C:\Users\maurice\AppData\Roaming\Software Informer deleted successfully C:\Users\maurice\AppData\Roaming\systweak deleted successfully C:\Users\maurice\AppData\Roaming\TERA deleted successfully C:\Users\maurice\AppData\Roaming\Three Rings Design deleted successfully C:\Users\maurice\AppData\Roaming\Ventrilo deleted successfully C:\Users\maurice\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\maurice\AppData\Local\.# deleted successfully C:\Users\maurice\AppData\Local\PackageAware deleted successfully ==== Creating Sample_22-10-2013_1814.zip ====================== Copied file C:\Users\maurice\cn.exe to sample\cn.exe C:\Users\Public\Desktop\sample_22-10-2013_1814.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44cf-8957-5838F569A31D} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82F3C22E-267C-6D72-0CFC-14423BD28855} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82F3C22E-267C-6D72-0CFC-14423BD28855} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\fiddlerhook@fiddler2.com deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater14.2.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater14.2.0 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default ---- Lines 50f31d8a92e30@50f31d8a92e68.com removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"50d621bc931e2@50d621bc9321b.com\":{\"version\":\"3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\"},\"50f31d8a92e30@50f31d8a92e68.com\":{\"version\":\"3.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50f31d8a92e30@50f31d8a92e68.com\"}}"); ---- Lines 50f31d8a92e30@50f31d8a92e68.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mywebsearch.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\MyWebSearch\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"50f31d8a92e30@50f31d8a92e68.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50f31d8a92e30@50f31d8a92e68.com\",\"mtime\":1359230471295},\"m3ffxtbr@mywebsearch.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mywebsearch.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines 50f31d8a92e30@50f31d8a92e68.com removed from user.js ---- ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.babExt", ""); user_pref("extensions.BabylonToolbar.babTrack", "affID= 112060&tt=010412_crm"); user_pref("extensions.BabylonToolbar.bbDpng", 26); user_pref("extensions.BabylonToolbar.dfltSrch", true); user_pref("extensions.BabylonToolbar.hmpg", true); user_pref("extensions.BabylonToolbar.id", "981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar.instlDay", "15465"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?affID= 112060&tt=010412_crm&babsrc=KW_ss&mntrId=981c382300000000000002004c4f4f50&q="); user_pref("extensions.BabylonToolbar.lastDP", 26); user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:49:26"); user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0"); user_pref("extensions.BabylonToolbar.newTab", true); user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?affID= 112060&tt=010412_crm&babsrc=NT_ss&mntrId=981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar.noFFXTlbr", false); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.propectorlck", 97790532); user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.ptch_0717", true); user_pref("extensions.BabylonToolbar.smplGrp", "azb"); user_pref("extensions.BabylonToolbar.srcExt", "ss"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:49:26"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID= 112060&tt=010412_crm"); user_pref("extensions.BabylonToolbar_i.hardId", "981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar_i.id", "981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar_i.instlDay", "15465"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:49:26"); ---- Lines BabylonToolbar modified from prefs.js ---- ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar_i.babTrack", "affID= 112060&tt=010412_crm"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.id", "981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar_i.hardId", "981c382300000000000002004c4f4f50"); user_pref("extensions.BabylonToolbar_i.instlDay", "15465"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:49:26"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); ---- Lines Search removed from prefs.js ---- user_pref("sweetim.toolbar.search.external", ""); ---- Lines Search modified from prefs.js ---- ---- Lines Search removed from user.js ---- ---- Lines babsrc removed from prefs.js ---- user_pref("somoto.old_dnscatch", "http://search.babylon.com/?affID= 112060&tt=010412_crm&babsrc=KW_ss&mntrId=981c382300000000000002004c4f4f50&q="); user_pref("somoto.old_homepage", "http://search.babylon.com/?affID= 112060&tt=010412_crm&babsrc=HP_ss&mntrId=981c382300000000000002004c4f4f50"); ---- Lines babsrc modified from prefs.js ---- ---- Lines babsrc removed from user.js ---- ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- user_pref("extensions.enabledAddons", "{75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8,{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.4,OneClickDownload@OneClickDownload.com:1.0,plugin@yontoo.com:1.20.00,{EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2,m3ffxtbr@mywebsearch.com:1.3,{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mywebsearch.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\MyWebSearch\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\disabled\",\"mtime\":1359230471295},\"m3ffxtbr@mywebsearch.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mywebsearch.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines WebSearch removed from user.js ---- ---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC removed from prefs.js ---- ---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC modified from prefs.js ---- user_pref("extensions.enabledAddons", "{75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8,{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.4,OneClickDownload@OneClickDownload.com:1.0,plugin@yontoo.com:1.20.00,{EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2,m3ffxtbr@mydisabled.com:1.3,{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mydisabled\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\disabled\",\"mtime\":1359230471295},\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mydisabled.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines 75656794-AB59-4712-BFBC-5D816D56F3BC removed from user.js ---- ---- Lines snapdo removed from prefs.js ---- user_pref("browser.newtab.url", "http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=nt&installDate=15/05/2013&q="); ---- Lines snapdo modified from prefs.js ---- ---- Lines snapdo removed from user.js ---- ---- Lines ask.com removed from prefs.js ---- user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*"); ---- Lines ask.com modified from prefs.js ---- ---- Lines ask.com removed from user.js ---- ---- Lines search.com removed from prefs.js ---- ---- Lines search.com modified from prefs.js ---- ---- Lines search.com removed from user.js ---- ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics"); user_pref("extentions.y2layers.installId", "d044471d-6f38-45ec-b33e-7f8239386217"); ---- Lines y2layers modified from prefs.js ---- ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "d044471d-6f38-45ec-b33e-7f8239386217"); user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics"); ---- Lines yontoo removed from prefs.js ---- ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledAddons", "{disabled}:1.1.8,{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.4,OneClickDownload@OneClickDownload.com:1.0,plugin@yontoo.com:1.20.00,{EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2,m3ffxtbr@mydisabled.com:1.3,{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mydisabled\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\disabled\",\"mtime\":1359230471295},\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mydisabled.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@yontoo.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@yontoo.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{disabled}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines yontoo removed from user.js ---- ---- Lines privitize removed from prefs.js ---- user_pref("browser.search.defaultengine", "Privitize VPN"); user_pref("browser.search.order.1", "Privitize VPN"); ---- Lines privitize modified from prefs.js ---- ---- Lines privitize removed from user.js ---- ---- Lines helperbar removed from prefs.js ---- user_pref("extensions.helperbar.DockingPositionDown", false); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); user_pref("extensions.helperbar.Visibility", false); ---- Lines helperbar modified from prefs.js ---- ---- Lines helperbar removed from user.js ---- ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from prefs.js ---- ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 modified from prefs.js ---- user_pref("extensions.enabledAddons", "{disabled}:1.1.8,{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.4,OneClickDownload@OneClickDownload.com:1.0,plugin@disabled.com:1.20.00,{EEE6C361-6118-11DC-9C72-001320C79847}:1.5.0.2,m3ffxtbr@mydisabled.com:1.3,{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mydisabled\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\disabled\",\"mtime\":1359230471295},\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mydisabled.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@disabled.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{disabled}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{EEE6C361-6118-11DC-9C72-001320C79847}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines EEE6C361-6118-11DC-9C72-001320C79847 removed from user.js ---- ---- Lines SweetIM removed from prefs.js ---- user_pref("avg.install.userHPSettings", "http://home.sweetim.com/?st=1"); user_pref("sweetim.toolbar.cargo", "3.1010000.10011"); user_pref("sweetim.toolbar.dialogs.0.enable", "true"); user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); user_pref("sweetim.toolbar.dialogs.0.height", "335"); user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.html"); user_pref("sweetim.toolbar.dialogs.0.width", "761"); user_pref("sweetim.toolbar.dialogs.1.enable", "true"); user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); user_pref("sweetim.toolbar.dialogs.1.height", "300"); user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); user_pref("sweetim.toolbar.dialogs.1.width", "500"); user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.*.orkut.com.br/.*|.*login.live.com/.*|.*youtubedownloader.mybrowserbar.com/.*"); user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); user_pref("sweetim.toolbar.mode.debug", "false"); user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search"); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "AVG Secure Search"); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://isearch.avg.com/?cid={FAEAE68E-0055-4675-918B-25A7ACD45D17}&mid=add3f4f58bed47d08abcf1867610cc49-fe8341396e1373598d901e48cde835f10d106647&lang=nl&ds=od011&pr=sa&d=2012-07-25 13:25:15&v=14.0.2.14&pid=avg&sg=&sap=hp"); user_pref("sweetim.toolbar.previous.keyword.URL", "http://search.sweetim.com/search.asp?src=2&q="); user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); user_pref("sweetim.toolbar.scripts.0.enable", "false"); user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false"); user_pref("sweetim.toolbar.scripts.1.callback", ""); user_pref("sweetim.toolbar.scripts.1.domain-whitelist", ""); user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script"); user_pref("sweetim.toolbar.scripts.1.enable", "false"); user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad"); user_pref("sweetim.toolbar.scripts.1.url", "http://cdn1.predictad.com/scripts/publishers/sweetim/predictadme.js"); user_pref("sweetim.toolbar.search.history.capacity", "10"); user_pref("sweetim.toolbar.searchguard.enable", "true"); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); user_pref("sweetim.toolbar.simapp_id", "{FC07A3E3-D4EC-11E1-B4F2-20CF30F425BA}"); user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?crg=3.1010000.10011&barid={FC07A3E3-D4EC-11E1-B4F2-20CF30F425BA}"); user_pref("sweetim.toolbar.version", "1.5.0.2"); ---- Lines SweetIM modified from prefs.js ---- ---- Lines SweetIM removed from user.js ---- ---- Lines SweetPacks removed from prefs.js ---- ---- Lines SweetPacks modified from prefs.js ---- ---- Lines SweetPacks removed from user.js ---- ---- Lines mybrowserbar removed from prefs.js ---- ---- Lines mybrowserbar modified from prefs.js ---- ---- Lines mybrowserbar removed from user.js ---- ---- Lines OneClickDownload removed from prefs.js ---- user_pref("extensions.OneClickDownload.filter", "0,3"); user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":18,\"min\":49}"); ---- Lines OneClickDownload modified from prefs.js ---- user_pref("extensions.enabledAddons", "{disabled}:1.1.8,{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.4,OneClickDownload@OneClickDownload.com:1.0,plugin@disabled.com:1.20.00,{disabled}:1.5.0.2,m3ffxtbr@mydisabled.com:1.3,{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:11.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mydisabled\\\\bar\\\\1.bin\",\"mtime\":1370871079676}}},{\"name\":\"app-global\",\"addons\":{\"afurladvisor@anchorfree.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\afurladvisor@anchorfree.com\",\"mtime\":1344969132413},\"{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\",\"mtime\":1356128039270},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1332599254299}}},{\"name\":\"app-profile\",\"addons\":{\"50d621bc931e2@50d621bc9321b.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\50d621bc931e2@50d621bc9321b.com\",\"mtime\":1356630193021},\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\disabled\",\"mtime\":1359230471295},\"m3ffxtbr@mydisabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\m3ffxtbr@mydisabled.com\",\"mtime\":1353875901978},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com\",\"mtime\":1343065003567},\"plugin@disabled.com\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\plugin@disabled.com\",\"mtime\":1343064951790},\"{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}\",\"mtime\":1372794361962},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{disabled}\",\"mtime\":1336128454896},\"{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\",\"mtime\":1336204176094},\"{disabled}\":{\"descriptor\":\"C:\\\\Users\\\\maurice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2bgx3ett.default\\\\extensions\\\\{disabled}.xpi\",\"mtime\":1343065017267}}}]"); ---- Lines OneClickDownload removed from user.js ---- ---- Lines smartbar removed from prefs.js ---- ---- Lines smartbar modified from prefs.js ---- ---- Lines smartbar removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_22-10-2013_1859_.backup prefs_22-10-2013_1859_.backup ==== Deleting Files \ Folders ====================== C:\Users\maurice\cn.exe not found C:\Users\maurice\AppData\Local\Smartbar\Application\SnapDo.exe deleted C:\ProgramData\Application Data deleted C:\ProgramData\Bureaublad deleted C:\ProgramData\Documenten deleted C:\ProgramData\Documents deleted C:\ProgramData\Favorieten deleted C:\ProgramData\Favorites deleted C:\ProgramData\Menu Start deleted C:\ProgramData\Sjablonen deleted C:\ProgramData\Start Menu deleted C:\ProgramData\Templates deleted C:\ProgramData\Zoomex deleted C:\PROGRA~2\FilesFrog Update Checker deleted C:\PROGRA~2\DealBulldog Toolbar deleted C:\PROGRA~2\Babylon deleted C:\PROGRA~2\PrivitizeVPN deleted C:\PROGRA~2\FunWebProducts deleted C:\PROGRA~2\MyWebSearch deleted C:\PROGRA~2\PriceGong deleted C:\PROGRA~2\Hotspot Shield deleted C:\PROGRA~2\SweetIM deleted C:\PROGRA~2\AVG Secure Search deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\Users\maurice\AppData\Roaming\Wondershare deleted C:\Users\maurice\AppData\Roaming\Complitly deleted C:\Users\maurice\AppData\Roaming\OpenCandy deleted C:\ProgramData\hash.dat deleted C:\ProgramData\boost_interprocess deleted C:\ProgramData\SweetIM deleted C:\ProgramData\CloudSoft deleted C:\ProgramData\AVG Secure Search deleted C:\ProgramData\Cloud Software LTD deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Tarma Installer deleted C:\ProgramData\Premium deleted C:\Users\maurice\AppData\Local\APN deleted C:\Users\maurice\AppData\Local\AVG Secure Search deleted C:\Users\maurice\AppData\Local\Wondershare deleted C:\Users\maurice\AppData\Local\Smartbar deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted C:\Users\maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker deleted C:\Users\maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\maurice\Downloads\iLividSetupV1.exe deleted C:\Users\maurice\Downloads\SoftonicDownloader_for_need-for-speed-underground.exe deleted C:\Users\maurice\Downloads\SoftonicDownloader_for_titan-attacks.exe deleted C:\Users\maurice\Downloads\SoftonicDownloader_voor_teamspeak.exe deleted C:\Users\maurice\AppData\LocalLow\Zoomex deleted C:\Users\maurice\AppData\LocalLow\SweetIM deleted C:\Users\maurice\AppData\LocalLow\AVG Secure Search deleted C:\Users\maurice\AppData\LocalLow\mediabarbs deleted C:\Users\maurice\AppData\LocalLow\MyWebSearch deleted C:\Users\maurice\AppData\LocalLow\facemoods.com deleted C:\Users\maurice\AppData\LocalLow\BabylonToolbar deleted C:\Users\maurice\AppData\LocalLow\Smartbar deleted C:\Users\maurice\AppData\LocalLow\DataMngr deleted C:\Users\maurice\AppData\LocalLow\PriceGong deleted C:\Users\maurice\AppData\LocalLow\FunWebProducts deleted C:\Users\maurice\AppData\LocalLow\Toolbar4 deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\user.js deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\searchplugins\Web Search.xml deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\SweetPacksToolbarData deleted C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4} deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\50f31d8a92e30@50f31d8a92e68.com deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\m3ffxtbr@mywebsearch.com deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\plugin@yontoo.com deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\OneClickDownload@OneClickDownload.com deleted C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi deleted "C:\Users\maurice\AppData\Roaming\D2Info0" deleted "C:\Users\maurice\AppData\Roaming\DofusAppId0_1" deleted "C:\Users\maurice\AppData\Roaming\DofusAppId0_2" deleted "C:\ProgramData\33c16ee643a958351fdff3afb6851b26_c" deleted "C:\PROGRA~2\ZoomEx" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\maurice\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-10-10 13:27:38 5E775F0C365F01A8A7382BBEFC4A53A5 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-10-10 13:27:38 351B1A5B8A02A59DD29D122B0D231FA6 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-10-10 13:27:36 BE8F3297A0BC3D3E3B66D9A45F64F0B9 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-10-10 13:27:36 6E9013E3D112E26A42EC057CAE990649 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-10-10 13:27:36 58A43D9DFFF91C1457EC47BDCF969B59 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-10 13:27:36 556F70EDECE99CCD64C7D8897F3264F4 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-10-10 13:27:35 122B216B091D06F672CC8D331128FB06 2048512 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-10-10 13:27:32 E02C01EB0ED522327AFF3BE5CBCF6017 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-10-10 13:27:32 883C0D3A22CE87A3203CD5518EBB5758 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-10-10 13:27:30 61DC3F2BE3093FE22CD717260946D7AD 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-10-10 13:27:30 5A847E98EAF032928E67EE52DE08952D 2876928 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-10-10 13:27:29 E4FEB264B47360B7296AEA4E052F88D8 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-10-10 13:27:29 DC7DB5BC0E2D135103730E08FE1C540D 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-10-10 13:27:28 8F5EAAF76A6811332A8C67DB0D4C395F 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-10-10 13:27:24 A7221924181C8EB92B64C5A2D888BEA5 14335488 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-10-10 09:19:01 75F5E1FE8D55CF8E577E0EC5F2290D3F 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2013-10-10 09:16:53 CC23295DA8F7B5C53F93804D2F5D30EB 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2013-10-10 09:16:53 8CC4638FA7B5B921B9080CF962582C0B 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2013-10-10 09:16:53 5C6B44F9CAAC475B7B9EBBC29CB7F065 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2013-10-10 09:16:53 2342EC9254F4C60CA98441BD65C89E12 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2013-10-10 09:16:52 7D27E63B54DB093BB0D9E95F81094D75 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2013-10-10 09:07:57 EAF4712B706936C0B10D3B5319B37E81 81920 ----a-w- C:\Windows\SysWOW64\davclnt.dll 2013-10-10 09:07:57 75E8EBD7040CE238684333F97014762A 205824 ----a-w- C:\Windows\SysWOW64\WebClnt.dll 2013-10-10 09:06:37 E94C583CDE2348950155F2AF2876F34D 231424 ----a-w- C:\Windows\SysWOW64\mswsock.dll 2013-10-10 09:06:24 482C8CD985C727C7C78A5E9B320947F0 3969472 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-10 09:06:23 813A7F5A2D6D366EB3FFB643B851BCE5 3914176 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-10 09:06:23 401D25136E26B237D77DA1BF1198B3BD 619520 ----a-w- C:\Windows\SysWOW64\tdh.dll 2013-10-10 09:06:22 D67472125471784DE7147946EDA25FEB 640512 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2013-10-10 09:06:22 A2B0924D50F4435FD389499047CE553A 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2013-10-10 09:06:21 DEE3A05EB88EAFE9C5FF9643676ECC60 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2013-10-10 09:06:21 DA1340AC8B22D0719F47222C8D508393 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-10-10 09:06:21 D37B27C1F5FE8CFFCCA80FFD4F91149B 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2013-10-10 09:06:21 8C3D064E7B7C0F3685A441A37A93C5D1 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-10-10 09:06:21 5244D544B022E70881794563D657B5EF 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-10-10 09:05:44 2A01B40C8334A8124001CFAC256FCA83 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-10-10 13:27:38 990235D752A40F5F8243ED537FAB2035 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-10-10 13:27:37 991A9D6B797B4D7E9EB29BE1FB4B1D28 526336 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-10-10 13:27:36 C4DDAC3F3062739C4C2BB759B36E005D 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-10-10 13:27:36 A80B91A93EDFFDE3DD2646D6E4CDDC44 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-10-10 13:27:36 38CFAC1BAFEBC8B0AF8A22093803D38E 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-10-10 13:27:35 742B2C69643527763E162C0BA923D086 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-10-10 13:27:35 4163195B6D07D3434BDEA78C293B7E0E 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-10-10 13:27:35 199BD40B1890E1EEFF7438B59787534F 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-10-10 13:27:32 7B4E06047031B2AAA4AE10F00C59BFC7 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-10-10 13:27:32 214E39F0A8E382F1889B26B46DE0AF81 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-10-10 13:27:31 D383602755758FA81166B0FD8AFE6D40 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-10-10 13:27:30 882AC0DD997CFC90FBB468D698BD55C6 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-10-10 13:27:29 16A3E229F60FA4B05573A0937AB3C3CB 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-10-10 13:27:28 D28B35DE88D27EFB27DF4B1E8319E3C0 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-10-10 13:27:27 CCDB8FDC289AA9AFA5F8827A2ADB21AD 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-10-10 13:27:26 F026C6F104758D0EB215B017016FAE27 19252224 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-10-10 09:19:02 9028D1621C43DF8DFBD1C76860412A11 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2013-10-10 09:16:53 E1BB958681BE311E7CFF06CFEC5F1F2B 368128 ----a-w- C:\Windows\Sysnative\atmfd.dll 2013-10-10 09:16:53 D6BAE9B4B210D71CDDADC224CEFCDB5F 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2013-10-10 09:16:53 A5ED9421B8D09ED4F57CDA386307713E 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2013-10-10 09:16:53 796B47A4B82EF1C39F13435B88834C48 41472 ----a-w- C:\Windows\Sysnative\lpk.dll 2013-10-10 09:16:53 142671F462619CB64BA74F5B70136CB4 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2013-10-10 09:07:58 0EB0E5D22B1760F2DBCE632F2DD7A54D 259584 ----a-w- C:\Windows\Sysnative\WebClnt.dll 2013-10-10 09:07:57 B32AB94A432289AC2DF77A3DCAD32EED 102400 ----a-w- C:\Windows\Sysnative\davclnt.dll 2013-10-10 09:06:37 9A9F9F1A77D6A80EE28B57664F00013E 327168 ----a-w- C:\Windows\Sysnative\mswsock.dll 2013-10-10 09:06:36 19320B121BFE7462EADD50A42C81AFD0 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-10-10 09:06:24 63A580C88CFAF72A92550940054569EF 878080 ----a-w- C:\Windows\Sysnative\advapi32.dll 2013-10-10 09:06:24 5B9A6A310326D9C438F2C19FBBE97C97 5549504 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2013-10-10 09:06:23 A3FCC4F97551087D65F8FEE879FEF736 859648 ----a-w- C:\Windows\Sysnative\tdh.dll 2013-10-10 09:06:22 CAAAC014C5C56A69F710B5F1B836DE22 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll 2013-10-10 09:06:22 70833F5A59F65908698093889C34BCA2 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2013-10-10 09:05:44 764DF431D13537A575752009E7740F18 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 09:05:41 56661BB55AE4633677F846FFCD080ECA 461312 ----a-w- C:\Windows\Sysnative\scavengeui.dll ====== C:\Windows\Sysnative\drivers ===== 2013-10-19 18:05:28 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT 2013-10-19 18:05:27 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF 2013-10-19 18:05:27 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS 2013-10-10 09:19:06 E2C933EDBC389386EBE6D2BA953F43D8 785624 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys 2013-10-10 09:07:59 80B0F7D5CCF86CEB5D402EAAF61FEC31 100864 ----a-w- C:\Windows\Sysnative\drivers\usbcir.sys 2013-10-10 09:07:58 9661DA76B4531B2DA272ECCE25A8AF24 42496 ----a-w- C:\Windows\Sysnative\drivers\usbscan.sys 2013-10-10 09:07:58 856E76B3641746ABBC2946BED1372098 32896 ----a-w- C:\Windows\Sysnative\drivers\hidparse.sys 2013-10-10 09:07:58 597C3699384E53CC59587ED50CCE5CA2 76800 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys 2013-10-10 09:07:57 1A4F75E63C9FB84B85DFFC6B63FD5404 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2013-10-10 09:06:38 40AF23633D197905F03AB5628C558C51 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2013-10-10 09:06:37 314C17917AC8523EC77A710215012A65 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-10-10 09:05:42 88612F1CE3BF42256913BF6E61C70D52 983488 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-10-19 18:36:04 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2013-10-01 14:12:55 -------- d-----w- C:\PROGRA~2\Bandicam 2013-10-01 14:12:52 -------- d-----w- C:\PROGRA~2\BandiMPEG1 ======= C: ===== ====== C:\Users\maurice\AppData\Roaming ====== 2013-10-22 16:57:04 -------- d-----w- C:\Users\maurice\AppData\Local\CrashDumps 2013-10-01 14:17:52 -------- d-----w- C:\Users\maurice\AppData\Roaming\BANDISOFT ====== C:\Users\maurice ====== 2013-10-19 18:35:12 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\maurice\Downloads\RSITx64.exe 2013-10-19 18:00:56 8752035DE049756BF04343595C75C16D 211369816 ------w- C:\Users\maurice\Downloads\N360-ESD-21.1.0-NL.exe 2013-10-05 17:06:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2013-10-01 14:13:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam ====== C: exe-files == 2013-10-19 18:40:15 8F101DD2F46E59469FE0F599DA0530F2 2066272 ----a-w- C:\Users\maurice\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_30.0.1599.69_chrome_updater.exe 2013-10-19 18:40:15 8F101DD2F46E59469FE0F599DA0530F2 2066272 ----a-w- C:\Documents and Settings\maurice\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\30.0.1599.101\30.0.1599.101_30.0.1599.69_chrome_updater.exe 2013-10-19 18:36:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\maurice.exe 2013-10-19 18:35:12 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\maurice\Downloads\RSITx64.exe 2013-10-19 18:35:12 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Documents and Settings\maurice\Downloads\RSITx64.exe 2013-10-19 18:00:56 8752035DE049756BF04343595C75C16D 211369816 ------w- C:\Users\maurice\Downloads\N360-ESD-21.1.0-NL.exe 2013-10-19 18:00:56 8752035DE049756BF04343595C75C16D 211369816 ------w- C:\Documents and Settings\maurice\Downloads\N360-ESD-21.1.0-NL.exe 2013-10-16 10:34:39 48686EB131CBE8E254FF15409EA863BD 626320 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\uninstall.exe 2013-10-16 10:34:38 0396FE5D35238C7424B3F913FD6832BF 232800 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe 2013-10-16 10:34:37 E623B98CC2F6275C027CCBDF13749A77 195936 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe 2013-10-16 10:34:36 F67C21CC4195F6AFC447418FE163E156 5087584 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe 2013-10-16 10:34:36 AB055E4E8A49E06469B137C93C8E11C6 12631904 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe 2013-10-16 10:34:36 A09E329D8351719A5B17080304DF3C6D 4536672 ----a-w- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe === C: other files == 2013-10-22 16:58:28 820E4DA613D414EA19EAF6A678C7932E 506 ----a-w- C:\Users\Public\Desktop\sample_22-10-2013_1814.zip 2013-10-22 16:58:28 820E4DA613D414EA19EAF6A678C7932E 506 ----a-w- C:\Documents and Settings\Public\Desktop\sample_22-10-2013_1814.zip 2013-10-19 18:05:27 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-10-19 18:04:14 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys 2013-10-19 18:04:14 8BFD1752AAA15BF47D668E9AC5AF96FB 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys 2013-10-19 18:04:14 78A2F073AD9EA5EBC04A70931EA36C9A 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys 2013-10-19 18:04:14 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys 2013-10-19 18:04:14 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys 2013-10-19 18:04:14 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys 2013-10-19 18:04:14 08AF51153E441687130B759A8F6892ED 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys 2013-10-19 18:04:13 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [22-10-2013 09:45] ==== Firefox Extensions ====================== ProfilePath: C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default - Zoomex - %ProfilePath%\extensions\50d621bc931e2@50d621bc9321b.com - Snap.Do - %ProfilePath%\extensions\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd} - PriceGong - %ProfilePath%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} AppDir: C:\Program Files (x86)\Mozilla Firefox - Hotspot Shield Helper Please allow this installation - %AppDir%\extensions\afurladvisor@anchorfree.com - BasicScan - %AppDir%\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default 4AE054AAF74F93566720766CBC9A0E64 - C:\Users\maurice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2 78B8643467B68FCAD26C4D9E4A77EDB5 - C:\Users\maurice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator FE66393FF0F0A1CAF53FA54EFBBA5533 - C:\Users\maurice\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 416DE10C59706B4AB7F90CCD04C1EFB0 - C:\Users\maurice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin D02ED3C972BBF10890CA2A586F2C0762 - C:\Users\maurice\AppData\LocalLow\Sony Online Entertainment\npsoe.dll - SOE Web Installer E66945F023FC0B42DDCC81A37ED7E28F - C:\Users\maurice\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll - Game Face Plugin 79BB0C72FD89D855561838E895EDCFFE - C:\Users\maurice\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll - SOE Web Installer 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com deleted "C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\50d621bc931e2@50d621bc9321b.com" deleted "C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\{5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd}" deleted "C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}" deleted "C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\2bgx3ett.default\extensions\50d621bc931e2@50d621bc9321b.com" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx[] dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[] ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx[] jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] jhcelpaeieflmnpekkkjabghfiahkmpg - C:\ProgramData\Zoomex\jhcelpaeieflmnpekkkjabghfiahkmpg.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[06-10-2013 05:26] niapdbllcanepiiimjjndipklodoedlc - C:\Users\maurice\AppData\Local\Temp\YontooLayers.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions amfclgbdpgndipgoegfpkkgobahigbcl - C:\Users\maurice\AppData\Local\Smartbar/Application\1Extension.crx[] Zoomex - maurice - Default\Extensions\jlfkpmdkedjojmiopcenhffbbfgackff YouTube - maurice - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - maurice - Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - maurice - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Chrome In-App Payments service - maurice - Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Evernote Web Clipper - maurice - Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - maurice - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia http //www.planetminecraft.com/mod/132-forge- - maurice - Profile 1\Extensions\poaocfakkhhjhjpmjpiggdpgipkhboea Google Drive - maurice - Profile 17\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - maurice - Profile 17\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - maurice - Profile 17\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - maurice - Profile 17\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AVG Secure Search - maurice - Profile 17\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Gmail - maurice - Profile 17\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Gmail - maurice - Profile 26\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Docs - maurice - Profile 27\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - maurice - Profile 27\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - maurice - Profile 27\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - maurice - Profile 27\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - maurice - Profile 27\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Zoomex - maurice - Profile 27\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg AVG Secure Search - maurice - Profile 27\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Gmail - maurice - Profile 27\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Drive - maurice - Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - maurice - Profile 7\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - maurice - Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - maurice - Profile 7\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AVG Secure Search - maurice - Profile 7\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Gmail - maurice - Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Docs - maurice - Profile 77\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - maurice - Profile 77\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - maurice - Profile 77\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - maurice - Profile 77\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - maurice - Profile 77\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Zoomex - maurice - Profile 77\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg Gmail - maurice - Profile 77\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Docs - maurice - Profile 87\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - maurice - Profile 87\Extensions\apdfllckaahabafndbhieahigkjlhalf PriceGong - maurice - Profile 87\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok YouTube - maurice - Profile 87\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - maurice - Profile 87\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Zoomex - maurice - Profile 87\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg Gmail - maurice - Profile 87\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_continuetosave.info_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfkpmdkedjojmiopcenhffbbfgackff deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 17\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 77\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 87\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 17\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 17\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 77\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 87\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Local Storage\chrome-extension_jhcelpaeieflmnpekkkjabghfiahkmpg_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Local Storage\chrome-extension_jhcelpaeieflmnpekkkjabghfiahkmpg_0.localstorage-journal deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Local Storage\chrome-extension_jhcelpaeieflmnpekkkjabghfiahkmpg_0.localstorage deleted successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Local Storage\chrome-extension_jhcelpaeieflmnpekkkjabghfiahkmpg_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?pc=UP97&ocid=UP97DHP&dt=070213" "Search Page"="http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" "Search Bar"="http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" "SearchAssistant"="http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=NL&userid=5c9bb4ce-89d3-41ba-bccd-89a7e144e9dd&searchtype=ds&q={searchTerms}&installDate=15/05/2013" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://nl.msn.com/?pc=UP97&ocid=UP97DHP&dt=070213" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=070213&q={searchTerms}&src=IE-SearchBox" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 17\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 87\Preferences was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 17\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 26\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 77\Web Data was reset successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 87\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_USERS\S-1-5-21-1772938436-1021992400-9328813-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomEx deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{043A5D08-CD9B-74E0-960B-85B9DFD97FFE} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD560109-64B1-4899-AA72-2C9316B523FF} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6317AE00-BD02-E793-9A83-88B1BDC14E0F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2ABE2B7-BF2A-D60A-AED0-E6C337059A51} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jhcelpaeieflmnpekkkjabghfiahkmpg deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDT PC audio deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivitizeVPN deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\streamer_server.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\maurice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\maurice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\maurice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\maurice\AppData\Local\Mozilla\Firefox\Profiles\2bgx3ett.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 27\Cache emptied successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Profile 87\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\maurice\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 22-10-2013 at 19:34:16,54 ======================