Zoek.exe Version 4.0.0.5 Updated 22-October-2013 Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Jurgen & Kim\Bureaublad\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 24/10/2013 13:05:28 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Axis Communications deleted successfully C:\Program Files\Logitech deleted successfully C:\Program Files\MSN Messenger deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\The Weather Channel FW deleted successfully C:\Program Files\Common Files\Logitech deleted successfully C:\Program Files\Common Files\Scanner deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\Trust deleted successfully C:\Documents and Settings\All Users\Application Data\AVAST Software deleted successfully C:\Documents and Settings\All Users\Application Data\DOwnload ekeeepeir deleted successfully C:\Documents and Settings\All Users\Application Data\Prevx deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3306070157-3809988416-1071509390-1007\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-3306070157-3809988416-1071509390-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-3306070157-3809988416-1071509390-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default user.js not found ---- Lines tuvaro removed from prefs.js ---- ---- Lines tuvaro modified from prefs.js ---- ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.relevantsearch.info/?pid=969&r=2013/10/11&hid=4826821701015197462&lg=EN&cc=BE&unqvl=38&l=1&q="); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.startup.homepage", "http://websearch.relevantsearch.info/?pid=969&r=2013/10/11&hid=4826821701015197462&lg=EN&cc=BE&unqvl=38"); user_pref("keyword.URL", "http://websearch.relevantsearch.info/?pid=969&r=2013/10/11&hid=4826821701015197462&lg=EN&cc=BE&unqvl=38&l=1&q="); ---- Lines WebSearch modified from prefs.js ---- ---- Lines imesh removed from prefs.js ---- ---- Lines imesh modified from prefs.js ---- ---- Lines search.info removed from prefs.js ---- ---- Lines search.info modified from prefs.js ---- ---- Lines babylon removed from prefs.js ---- ---- Lines babylon modified from prefs.js ---- ---- Lines searchqu removed from prefs.js ---- ---- Lines searchqu modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jqs@sun.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\",\"mtime\":1270204067625},\"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}\":{\"descriptor\":\"C:\\\\Program Files\\\\Nokia\\\\Nokia Ovi Suite\\\\Connectors\\\\Bookmarks Connector\\\\FirefoxExtension\",\"mtime\":1296847156843}}},{\"name\":\"app-global\",\"addons\":{\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Program Files\\\\Searchqu Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1342769804593}}},{\"name\":\"app-profile\",\"addons\":{\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Program Files\\\\Searchqu Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{87775fdb-6972-41f9-ae51-8326e38cb206}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{87775fdb-6972-41f9-ae51-8326e38cb206}\",\"mtime\":1342520756906},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1344935941640}}}]"); ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jqs@sun.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\",\"mtime\":1270204067625},\"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}\":{\"descriptor\":\"C:\\\\Program Files\\\\Nokia\\\\Nokia Ovi Suite\\\\Connectors\\\\Bookmarks Connector\\\\FirefoxExtension\",\"mtime\":1296847156843}}},{\"name\":\"app-global\",\"addons\":{\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Program Files\\\\disabled Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1342769804593}}},{\"name\":\"app-profile\",\"addons\":{\"{1FD91A9C-410C-4090-BBCC-55D3450EF433}\":{\"descriptor\":\"C:\\\\Program Files\\\\disabled Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{87775fdb-6972-41f9-ae51-8326e38cb206}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{87775fdb-6972-41f9-ae51-8326e38cb206}\",\"mtime\":1342520756906},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1344935941640}}}]"); ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"jqs@sun.com\":{\"descriptor\":\"C:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\",\"mtime\":1270204067625},\"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}\":{\"descriptor\":\"C:\\\\Program Files\\\\Nokia\\\\Nokia Ovi Suite\\\\Connectors\\\\Bookmarks Connector\\\\FirefoxExtension\",\"mtime\":1296847156843}}},{\"name\":\"app-global\",\"addons\":{\"{disabled}\":{\"descriptor\":\"C:\\\\Program Files\\\\disabled Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1342769804593}}},{\"name\":\"app-profile\",\"addons\":{\"{disabled}\":{\"descriptor\":\"C:\\\\Program Files\\\\disabled Toolbar\\\\Datamngr\\\\FirefoxExtension\",\"mtime\":1344935946812},\"{87775fdb-6972-41f9-ae51-8326e38cb206}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{87775fdb-6972-41f9-ae51-8326e38cb206}\",\"mtime\":1342520756906},\"{99079a25-328f-4bd4-be04-00955acaa0a7}\":{\"descriptor\":\"C:\\\\Documents and Settings\\\\Jurgen & Kim\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\03m92ztn.default\\\\extensions\\\\{99079a25-328f-4bd4-be04-00955acaa0a7}\",\"mtime\":1344935941640}}}]"); ---- Lines ilivid removed from prefs.js ---- ---- Lines ilivid modified from prefs.js ---- ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- Lines browser.startup.page modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132410_1312_.backup ProfilePath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390 user.js not found ---- Lines tuvaro removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Tuvaro"); user_pref("browser.search.selectedEngine", "Tuvaro"); user_pref("extensions.tuvaro.admin", false); user_pref("extensions.tuvaro.aflt", "orgnl"); user_pref("extensions.tuvaro.appId", "{2768469C-717B-401F-8532-C6D88BAE0339}"); user_pref("extensions.tuvaro.autoRvrt", "false"); user_pref("extensions.tuvaro.cam", ""); user_pref("extensions.tuvaro.dfltLng", ""); user_pref("extensions.tuvaro.dfltSrch", true); user_pref("extensions.tuvaro.dnsErr", true); user_pref("extensions.tuvaro.excTlbr", false); user_pref("extensions.tuvaro.ffxUnstlRst", false); user_pref("extensions.tuvaro.hmpg", true); user_pref("extensions.tuvaro.hmpgUrl", "http://tuvaro.com/ws/?source=99ec39d5&tbp=homepage&toolbarid=base&u=b0c6dca4000000000000001109f1aeec"); user_pref("extensions.tuvaro.hpOld0", "http://www.hln.be/"); user_pref("extensions.tuvaro.id", "b0c6dca4000000000000001109f1aeec"); user_pref("extensions.tuvaro.instlDay", "15827"); user_pref("extensions.tuvaro.instlRef", "99ec39d5"); user_pref("extensions.tuvaro.kw_url", "http://tuvaro.com/ws/?source=99ec39d5&tbp=url&toolbarid=base&u=b0c6dca4000000000000001109f1aeec&q="); user_pref("extensions.tuvaro.newTab", true); user_pref("extensions.tuvaro.newTabUrl", "chrome://tuvaro/content/new browser tab.html?source=99ec39d5&tbp=tab&u=b0c6dca4000000000000001109f1aeec"); user_pref("extensions.tuvaro.prdct", "tuvaro"); user_pref("extensions.tuvaro.prtnrId", "tuvaro"); user_pref("extensions.tuvaro.rvrt", "false"); user_pref("extensions.tuvaro.smplGrp", "none"); user_pref("extensions.tuvaro.srchPrvdr", "Tuvaro"); user_pref("extensions.tuvaro.tlbrId", "base"); user_pref("extensions.tuvaro.tlbrSrchUrl", "http://tuvaro.com/ws/?source=99ec39d5&tbp=main&toolbarid=base&u=b0c6dca4000000000000001109f1aeec&q="); user_pref("extensions.tuvaro.vrsn", "1.8.17.1"); user_pref("extensions.tuvaro.vrsnTs", "1.8.17.115:45:09"); user_pref("extensions.tuvaro.vrsni", "1.8.17.1"); ---- Lines tuvaro modified from prefs.js ---- ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines imesh removed from prefs.js ---- ---- Lines imesh modified from prefs.js ---- ---- Lines search.info removed from prefs.js ---- ---- Lines search.info modified from prefs.js ---- ---- Lines babylon removed from prefs.js ---- ---- Lines babylon modified from prefs.js ---- ---- Lines searchqu removed from prefs.js ---- ---- Lines searchqu modified from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 removed from prefs.js ---- ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ---- ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- ---- Lines ilivid removed from prefs.js ---- ---- Lines ilivid modified from prefs.js ---- ---- Lines browser.startup.page removed from prefs.js ---- ---- Lines browser.startup.page modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_20132410_1312_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml deleted C:\Program Files\Ss-Helper deleted C:\Program Files\BearShare Applications\MediaBar deleted C:\Program Files\WebSearch deleted C:\found.000 deleted C:\Documents and Settings\All Users\Application Data\SearchNewTab deleted C:\Documents and Settings\All Users\Application Data\InstallMate deleted C:\Documents and Settings\All Users\Application Data\SummerSoft deleted C:\WINDOWS\002847_.tmp deleted C:\WINDOWS\WININIT.INI deleted C:\WINDOWS\tasks\At1.job deleted C:\WINDOWS\tasks\At2.job deleted C:\WINDOWS\tasks\At3.job deleted C:\WINDOWS\tasks\At4.job deleted C:\WINDOWS\system32\roboot.exe deleted C:\Documents and Settings\Jurgen & Kim\AppData\LocalLow\DataMngr deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\searchplugins\BearShareWebSearch.xml deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\searchplugins\WebSearch.xml deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\extensions\staged deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\imeshmediabartb deleted "C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\searchplugins\tuvaro.xml" deleted "C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390\searchplugins\tuvaro.xml" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\JURGEN~1\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C: ===== 2013-10-13 07:56:30 -------- dc----w- C:\Documents and Settings\Jurgen & Kim\Application Data\Systweak ====== C: exe-files == 2013-10-21 18:42:26 9A2347903D6EDB84C10F288BC0578C1C 388608 -c--a-w- C:\Program Files\Trend Micro\Jurgen & Kim.exe 2013-10-21 18:42:01 69CA82A7482A00D8EE063D2B97FC4338 781383 -c--a-w- C:\Documents and Settings\Jurgen & Kim\Mijn documenten\Downloads\RSIT.exe === C: other files == 2013-10-24 10:38:41 028893BEB7CC927649403D6CD97B1AE0 108 -c-ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [12/09/2013 08:31] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default - FT Downloader - %ProfilePath%\extensions\ftd@ftd.com.xpi ProfilePath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390 - SearchNewTab - %ProfilePath%\extensions\mja90oe@booytg.edu - DOwnload ekeeepeir - %ProfilePath%\extensions\oyysxgmidh@vduxq.org AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 15A40ADA2CFCC400348E37A40237337E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector ACEF2CBC1032BC14D112EB4494537DA5 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library 3A9E1940B4459CC97FDCBB24FCB69004 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system 4356F21FB6D547F22BFBC91164A597A6 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll - RealNetworks Rhapsody Player Engine A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 Profilepath: C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash 3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin 148727EBD947CBC168C42A227D56DAB0 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 9B4D431459A9B935FB117F4EDDA236E8 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat BE126CB7049E89ED6F3038016668B502 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) EAC427FEF96A13058C1ACD17C38966CF - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 96B3689320E9B16EDF38B7A5001C35F0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25 D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 31490EDE1F8E56BDFBEC93CFA7AE6761 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer A5C14075B571AF1C9592595BE724D9D2 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In 1BFD18699636B8F1AA26675BA43D2F8F - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director 2934F340FCE63D0E60353A73B4202BDC - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin 15A40ADA2CFCC400348E37A40237337E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector ACEF2CBC1032BC14D112EB4494537DA5 - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 4356F21FB6D547F22BFBC91164A597A6 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll - RealNetworks Rhapsody Player Engine 3CB231F12674D3CB0AC1F5EDE9578E85 - C:\WINDOWS\system32\npwmsdrm.dll - Microsoft® Windows Media Services 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\WINDOWS\system32\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® 2AA3703D87E1327A2290C9D416D89A28 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight ==== Deleted Firefox Extensions ====================== C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\03m92ztn.default\extensions\ftd@ftd.com.xpi deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390\extensions\oyysxgmidh@vduxq.org deleted C:\Documents and Settings\Jurgen & Kim\Application Data\Mozilla\Firefox\Profiles\f7vm3v4v.default-1344962203390\extensions\mja90oe@booytg.edu deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.relevantsearch.info/?pid=969&r=2013/10/11&hid=4826821701015197462&lg=EN&cc=BE&unqvl=38" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Start Page"="http://websearch.relevantsearch.info/?pid=969&r=2013/10/11&hid=4826821701015197462&lg=EN&cc=BE&unqvl=38" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://www.google.com" "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {105E99FF-8B9A-4492-B155-06194B9056D2} Bing Url="http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox" {129731CC-8C3C-4673-B334-79FB01279EF5} Google Url="http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3306070157-3809988416-1071509390-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1A040C1-F5FE-58B2-6F46-5A69F86F0EBC} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B1A040C1-F5FE-58B2-6F46-5A69F86F0EBC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B1A040C1-F5FE-58B2-6F46-5A69F86F0EBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1A040C1-F5FE-58B2-6F46-5A69F86F0EBC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DBF5B923-018B-C2C4-C26A-9CF44FDB01F5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Jurgen & Kim\Local Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Jurgen & Kim\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\JURGEN~1\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Jurgen & Kim\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on do 24/10/2013 at 13:25:15,79 ======================