Zoek.exe Version 4.0.0.5 Updated 09-November-2013 Tool run by Nele on zo 10/11/2013 at 1:09:23,24. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Nele\Desktop\zoek\zoek.exe [Script inserted] ==== System Restore Info ====================== 10/11/2013 1:11:18 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\G Data C:\Program Files\log C:\ProgramData\Babylon C:\ProgramData\Panda Security C:\Users\Nele\AppData\Roaming\Windows Live Writer ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A3EAAC29-25C0-4A9C-8813-C25CFDABCBAA} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D8D9ACC-F6D7-4362-8876-A275CA929591} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\mozilla\Firefox\Extensions\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\belgiumeid@eid.belgium.be deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ibupdaterservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ibupdaterservice deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BitGuard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.0.12 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.0.12 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\0 user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20131011_0149_.backup ProfilePath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20131011_0149_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Bcool deleted C:\PROGRA~2\GUTB3F5.tmp deleted C:\PROGRA~2\GUMB3D5.tmp deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\BabylonToolbar deleted C:\PROGRA~2\uTorrentBar_NL deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\1ClickDownload deleted C:\PROGRA~2\Conduit deleted C:\Program Files\Web Assistant deleted C:\Users\Nele\AppData\Roaming\Babylon deleted C:\Users\Nele\AppData\Roaming\File Scout deleted C:\ProgramData\BrowserDefender deleted C:\ProgramData\Partner deleted C:\ProgramData\AVG Nation toolbar deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Premium deleted C:\ProgramData\Babylon deleted C:\Users\Nele\AppData\Local\CRE deleted C:\Users\Nele\AppData\Local\APN deleted C:\Users\Nele\AppData\Local\avgchrome deleted C:\Users\Nele\AppData\Local\AVG Nation toolbar deleted C:\Users\Nele\AppData\Local\Conduit deleted C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool deleted C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Nele\AppData\LocalLow\AVG Nation toolbar deleted C:\Users\Nele\AppData\LocalLow\BabylonToolbar deleted C:\Users\Nele\AppData\LocalLow\uTorrentBar_NL deleted C:\Users\Nele\AppData\LocalLow\PriceGong deleted C:\Users\Nele\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted C:\Users\Nele\AppData\LocalLow\Bcool deleted C:\windows\SysNative\tasks\BitGuard deleted C:\user.js deleted C:\prefs.js deleted C:\Windows\Syswow64\ARFC deleted C:\Windows\Syswow64\WNLT deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownload@OneClickDownload.com deleted C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com deleted "C:\windows\SysNative\dmwu.exe" deleted "C:\PROGRA~2\AVG Nation toolbar\vprot.exe" deleted "C:\windows\SysNative\ljkb\lmrn.dll" deleted "C:\windows\SysNative\ljkb\msvcp100.dll" deleted "C:\windows\SysNative\ljkb\msvcr100.dll" not deleted "C:\windows\SysNative\ljkb\stij.exe" deleted "C:\Windows\Syswow64\jmdp\lmrn.dll" deleted "C:\Windows\Syswow64\jmdp\msvcp100.dll" deleted "C:\Windows\Syswow64\jmdp\msvcr100.dll" deleted "C:\Windows\Syswow64\jmdp\stij.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll" deleted "C:\PROGRA~2\AVG Nation toolbar" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\windows\SysNative\ljkb" not deleted "C:\Windows\Syswow64\jmdp" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.0.12" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.0.12" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Nele\AppData\Local\Temp ==== 2013-11-09 13:01:49 C8F3AD4CA2B268C6F939739E7547AD48 46777424 ----a-w- C:\Users\Nele\AppData\Local\Temp\SHSetup.exe 2013-10-28 07:58:34 20F03B1B926F4EA65763E364ACAD7C59 4698984 ----a-w- C:\Users\Nele\AppData\Local\Temp\oi_{9E60E3C2-E31B-4B4E-BCB0-033E10775508}.exe 2013-10-28 07:55:44 3C74C26999F2060BC6302448F173A342 340464 ----a-w- C:\Users\Nele\AppData\Local\Temp\uninst1.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-10-28 07:59:04 A1F53D2A00E64679A1D81B61D2333D06 46368 ----a-w- C:\Windows\Sysnative\drivers\avgtpx64.sys ====== C:\Windows\Tasks ====== 2013-10-13 12:41:38 BB494181D59846759FB22B13B9F471B8 3800 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2013-10-13 12:41:38 B6BD2849E75372AD71359A8E675DA0FF 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-13 12:41:38 7D3B7BF19460093BE7DFF27E4352862B 1056 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-13 12:41:38 47FA6A0D67ECD891A9E1E7D7C1052B35 4052 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-09 13:03:10 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2013-11-09 14:26:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Common Toolkit Suite 2013-11-09 14:26:28 -------- d-----w- C:\PROGRA~2\Fighters 2013-11-09 13:02:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard ======= C: ===== 2013-11-09 13:04:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Nele\AppData\Roaming ====== 2013-11-09 14:26:54 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Fighters 2013-11-09 14:26:44 -------- d-----w- C:\Users\Nele\AppData\Roaming\Fighters 2013-10-28 08:01:54 -------- d-----w- C:\Users\Nele\AppData\Roaming\AVG2014 2013-10-28 08:01:06 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014 2013-10-28 07:59:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014 2013-10-28 07:53:53 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014 2013-10-28 07:48:59 -------- d-----w- C:\Users\Nele\AppData\Local\Avg2014 ====== C:\Users\Nele ====== 2013-11-09 14:26:57 -------- d-----w- C:\ProgramData\clp 2013-11-09 14:26:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters 2013-11-09 14:26:28 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-11-09 14:25:37 -------- d-----w- C:\ProgramData\Fighters 2013-10-28 07:54:05 -------- d-----w- C:\ProgramData\AVG2014 ====== C: exe-files == === C: other files == 2013-11-09 13:04:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-09-17 18:18:03 -------- d-----w- C:\ProgramData\hps 2013-09-17 18:18:03 -------- d-----w- C:\ProgramData\tmp 2013-10-28 07:54:05 -------- d-----w- C:\ProgramData\AVG2014 2013-11-09 14:25:37 -------- d-----w- C:\ProgramData\Fighters 2013-11-09 14:26:28 -------- d-----w- C:\ProgramData\Common Toolkit Suite 2013-11-09 14:26:57 -------- d-----w- C:\ProgramData\clp ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension" [28/03/2012 19:06] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - DealPly - %AppDir%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Nele\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 12:14] mdkiengpgcleppebgmldmndipppioejf - C:\ProgramData\Bcool\mdkiengpgcleppebgmldmndipppioejf.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Nele\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Windows\SysWOW64\jmdp\SweetNT.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Nele\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Nele\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] Ask Toolbar - Nele - Default\Extensions\aaaancpgahgbfdfppkbiflhbfhfbeoeh uTorrentBar_NL - Nele - Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb DealPly - Nele - Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje Skype Click to Call - Nele - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Bcool - Nele - Default\Extensions\mdkiengpgcleppebgmldmndipppioejf BittorrentBar_NL - Nele - Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn AVG Security Toolbar - Nele - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof OneClickDownload - Nele - Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ==== Chrome Fix ====================== C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkiengpgcleppebgmldmndipppioejf deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mdkiengpgcleppebgmldmndipppioejf_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmlghpafmmnmmkjdhacccolfgnkiboco_0.localstorage deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaancpgahgbfdfppkbiflhbfhfbeoeh deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Panda Safe Search Url="http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully HKEY_USERS\S-1-5-21-3662098678-3338745049-2830163876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E931A51-A183-4E66-8562-D82896E74C67} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{59131167-CB39-64A5-9D34-1909E6BF552F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mdkiengpgcleppebgmldmndipppioejf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Nele\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\SysNative\ljkb\msvcr100.dll" deleted "C:\windows\SysNative\dmwu.exesearch" deleted "C:\windows\SysNative\ljkb" deleted ==== EOF on zo 10/11/2013 at 9:41:12,75 ======================