Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by murat on vr 28/02/2014 at 18:23:39,27.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\murat\AppData\Local\Temp\Rar$EX02.757\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

28/02/2014 18:31:41 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MediaViewV1 deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\murat\AppData\Roaming\Reviversoft deleted successfully
C:\Users\murat\AppData\Roaming\TP deleted successfully
C:\Users\murat\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\murat\AppData\Local\PackageAware deleted successfully
C:\Users\murat\AppData\Local\photoOptimizeHistoryDataBase deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7459F7EC-DE51-4650-AC4A-D63D49309F9F} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Running Processes ======================

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
C:\Program Files (x86)\Launch Manager\OSD.exe
C:\Program Files (x86)\Launch Manager\WButton.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Easy Downloads\easydownloads.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Re-markit\Re-markit_wd.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\ElsaWin\bin\LcSvrAdm.exe
C:\ElsaWin\bin\LcSvrDba.exe
C:\ElsaWin\bin\LcSvrHis.exe
C:\ElsaWin\bin\LcSvrPas.exe
C:\ElsaWin\bin\LcSvrSaz.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Re-markit\Re-markit155.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE
C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\ElsaWin\bin\LcSvrAuf.exe
C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Winrar\WinRAR.exe
C:\Users\murat\AppData\Local\Temp\Rar$EX02.757\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\Rundll32.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.3.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.3.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default

---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar.bbDpng", 10);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar.instlDay", "15412");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastDP", 10);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:46:23");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 122646937);
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:46:23");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar_i.hardId", "d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar_i.id", "d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar_i.instlDay", "15412");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?AF=110000&babsrc=NT_ss&mntrId=d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:46:23");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.id", "d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar_i.hardId", "d2725f84000000000000bc773706d624");
user_pref("extensions.BabylonToolbar_i.instlDay", "15412");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:46:23");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- FireFox user.js and prefs.js backups ---- 

user_20142802_1853_.backup
prefs_20142802_1853_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"NextLive"=- 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"Browser companion helper"=- 
"Wondershare Helper Compact.exe"=- 
"mobilegeni daemon"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Mobogenie not found
C:\Program Files (x86)\MediaViewV1 not found
C:\Program Files (x86)\Common Files\Wondershare deleted
C:\Users\murat\AppData\Roaming\newnext.me deleted
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} deleted
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\ffxtlbr@babylon.com deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\bbrs_002@blabbers.com deleted
C:\Program Files (x86)\SearchProtect deleted
C:\Program Files (x86)\MediaPlayerV1 deleted
C:\Users\murat\AppData\Local\genienext deleted
C:\Users\murat\.android deleted
C:\PROGRA~2\GUT902E.tmp deleted
C:\PROGRA~2\GUM902D.tmp deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted
C:\PROGRA~2\FoxTabFLVPlayer deleted
C:\PROGRA~2\DealPly deleted
C:\Users\murat\AppData\Roaming\Babylon deleted
C:\Users\murat\AppData\Roaming\DealPly deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\Users\murat\AppData\Local\Ilivid Player deleted
C:\Users\murat\AppData\Local\SearchProtect deleted
C:\Users\murat\AppData\Local\Wondershare deleted
C:\Users\murat\AppData\Local\Mobogenie deleted
C:\Users\murat\AppData\Local\cache deleted
C:\Users\murat\AppData\Local\SwvUpdater deleted
C:\Users\murat\AppData\Local\Babylon deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\windows\SysNative\Tasks\DealPly deleted
C:\Users\murat\Downloads\FreeYouTubeToMP3Converter (1).exe deleted
C:\Users\murat\Downloads\FreeYouTubeToMP3Converter.exe deleted
C:\Users\murat\AppData\LocalLow\AVG Secure Search deleted
C:\Users\murat\AppData\LocalLow\bbrs_002.tb deleted
C:\Users\murat\AppData\LocalLow\mediabarim deleted
C:\Users\murat\AppData\LocalLow\wincoreimband deleted
C:\Users\murat\AppData\LocalLow\DataMngr deleted
C:\Users\murat\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\AmiUpdXp.job deleted
C:\windows\SysNative\tasks\AmiUpdXp deleted
C:\windows\SysNative\Tasks\Re-markit Update deleted
C:\windows\SysNative\Tasks\Re-markit_wd deleted
C:\Windows\Tasks\Re-markit Update.job deleted
C:\Windows\Tasks\Re-markit_wd.job deleted
C:\user.js deleted
C:\END deleted
C:\Windows\Syswow64\sho9686.tmp deleted
C:\Windows\Syswow64\shoB437.tmp deleted
C:\Users\murat\Documents\Mobogenie deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\askcom.xml deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\Search_Results.xml deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\Web Search.xml deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\CT2269050 deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted
C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\smartbar deleted
"C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll" deleted
"C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\conduit.xml" deleted
"C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\conduit.xml" deleted
"C:\Program Files (x86)\BrowserCompanion\BCHelper.exe" deleted
"C:\Program Files (x86)\BrowserCompanion\sqlite3.dll" deleted
"C:\Program Files (x86)\Re-markit\Re-markit155.exe" deleted
"C:\Program Files (x86)\Re-markit\Re-markit_wd.exe" deleted
"C:\Program Files (x86)\Re-markit\Re-markit155.exe" deleted
"C:\Program Files (x86)\Re-markit\Re-markit_wd.exe" deleted
"C:\PROGRA~2\BrowserCompanion\BCHelper.exe" deleted
"C:\PROGRA~2\BrowserCompanion\sqlite3.dll" deleted
"C:\PROGRA~2\Re-markit\Re-markit155.exe" deleted
"C:\PROGRA~2\Re-markit\Re-markit_wd.exe" deleted
"C:\PROGRA~2\BrowserCompanion\BCHelper.exe" deleted
"C:\PROGRA~2\BrowserCompanion\sqlite3.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe" deleted
"C:\PROGRA~2\AmiExt\flashEnhancer\ie\AmiStorage.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.3.0\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll" deleted
"C:\Program Files (x86)\BrowserCompanion" deleted
"C:\Program Files (x86)\AmiExt" deleted
"C:\Program Files (x86)\vShare.tv plugin" deleted
"C:\Program Files (x86)\DVDVideoSoftTB" deleted
"C:\Program Files (x86)\Common Files\DVDVideoSoft" deleted
"C:\Program Files (x86)\Re-markit" not deleted
"C:\Program Files (x86)\Re-markit" not deleted
"C:\PROGRA~2\BrowserCompanion" deleted
"C:\PROGRA~2\DVDVideoSoftTB" deleted
"C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin" deleted
"C:\PROGRA~2\iMesh Applications" deleted
"C:\PROGRA~2\AmiExt" deleted
"C:\PROGRA~2\Re-markit" not deleted
"C:\PROGRA~2\vShare.tv plugin" deleted
"C:\PROGRA~2\DVDVideoSoftTB" deleted
"C:\PROGRA~2\BrowserCompanion" deleted
"C:\PROGRA~2\Conduit" deleted
"C:\PROGRA~2\AVG Secure Search" deleted
"C:\PROGRA~2\AVG Secure Search" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\Users\murat\AppData\Roaming\OpenCandy" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search" deleted
"C:\Users\murat\AppData\Local\Conduit" deleted
"C:\Users\murat\AppData\LocalLow\DVDVideoSoftTB" deleted
"C:\Users\murat\AppData\LocalLow\DVDVideoSoftTB" deleted
"C:\Users\murat\AppData\LocalLow\PriceGong" deleted
"C:\Program Files (x86)\AmiExt\flashEnhancer" deleted
"C:\Program Files (x86)\AmiExt\flashEnhancer\ie" deleted
"C:\PROGRA~2\AmiExt\flashEnhancer" deleted
"C:\PROGRA~2\AmiExt\flashEnhancer\ie" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\17.3.0" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\17.3.0" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search\Chrome" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search\Chrome\Default" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search\Chrome" deleted
"C:\Users\murat\AppData\Local\AVG Secure Search\Chrome\Default" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4004 MB
CPU Info: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
CPU Speed: 2123.5 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Wireless-N 1030 | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SN-S083F  | F:
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  424.7GB | D:  38.0GB
Hard Disks - Free: C:  320.5GB | D:  19.8GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 03/11/11 | MEDION - 1072009
Time Zone: Romance (standaardtijd)
Motherboard *: MEDION          E6224
Country: Belgi‰ 
Language: NLB 

==== System Specs (Software) ======================

Anti-Virus: avast! antivirus On-access scanning disabled (Outdated)
Anti-Spyware: avast! antivirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.16518 
Mozilla Firefox version: 11.0 (x86 nl)
Google Chrome version: 33.0.1750.117
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_45 (32-bit) 
Sun Java version: 1.6.0_24 (64-bit) 
Flash Player version: 12.0.0.70

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-14 19:06:59	FF7B4832653F6191926BA2BAD97C52A1	56	----a-w-	C:\Windows\Acroread.ini
====== C:\Users\murat\AppData\Local\Temp ====
2014-02-27 21:05:14	54A127C33ED258E922A22143A24942A0	6169040	----a-w-	C:\Users\murat\AppData\Local\Temp\nsbFF86\SpSetup.exe
2014-02-27 21:02:45	D62F752E0BCA9C104D6793CB0286B2B8	647904	----a-w-	C:\Users\murat\AppData\Local\Temp\setapp.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nsr9F73.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nsr3602.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nsr316F.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nshA770.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nscACCE.exe
2014-02-24 15:29:46	C67BCF6441E378371F0D6EEFB7EF0861	167812	----a-w-	C:\Users\murat\AppData\Local\Temp\nsc394E.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2023-04-03 13:06:00	000F66BEA6070A8B6C84AE6810D61D96	135168	----a-w-	C:\Windows\SysWOW64\vbSendMail.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-23 21:29:00	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_WinUsb_01009.Wdf
====== C:\Windows\Tasks ======
2014-02-28 17:51:53	84DE319CC0969482A580F867604ED3B7	3370	----a-w-	C:\Windows\Sysnative\Tasks\BackgroundContainer Startup Task
2014-02-23 22:12:00	688A28A260143F6736D5642B27EC0800	3122	----a-w-	C:\Windows\Sysnative\Tasks\{6D410195-1EA5-4586-939C-6B58F783AEB1}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-28 10:28:44	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-02-27 22:35:53	--------	d-----w-	C:\PROGRA~2\Secunia
2014-02-18 22:39:12	--------	d-----w-	C:\PROGRA~2\Re-markit
======= C: =====
====== C:\Users\murat\AppData\Roaming ======
====== C:\Users\murat ======
2014-02-27 21:18:06	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-02-23 22:25:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-02-23 22:15:20	657FD8BA7A019FFEAAC2514D668A93AE	91191776	----a-w-	C:\Users\murat\Downloads\FreeStudio (1).exe
2014-02-23 21:51:18	657FD8BA7A019FFEAAC2514D668A93AE	91191776	----a-w-	C:\Users\murat\Downloads\FreeStudio.exe
2014-01-31 15:51:31	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\ProgramData\ntuser.pol

====== C: exe-files ==
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"BackgroundContainer"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\murat\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD"="C:\Program Files (x86)\Launch Manager\OSD.exe"
"LMgrOSD"="C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
"Wbutton"="C:\Program Files (x86)\Launch Manager\Wbutton.exe"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe /s"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avast\Program Files\Alwil Software\Avast4\ashDisp.exe"
"EasyDownloads"="C:\Program Files (x86)\Easy Downloads\easydownloads.exe -tray"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"BackgroundContainer"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\murat\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll         "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2014-02-14 18:33:49	1304	----a-w-	C:\Users\murat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2014-02-27 22:36:00	1114	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2011 15:05]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2011 15:05]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\BackgroundContainer Startup Task" ["C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\murat\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{530CCF4D-68F8-43A3-B3F5-FA83748EB4CE}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ext@MediaPlayerV1alpha7486.net"="C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha7486\ff" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default
- Undetermined - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha7486\ff
- Undetermined - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
- Undetermined - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3540\ff
- Undetermined - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3540\ff

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default
D133DC1D1AB138903809DA328D00AF3E	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
1E6C511897343C92B8F6412BBA296813	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -	RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
AD2CD67BCF3E4475563D25C075C55DC5	- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -	RealDownloader Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cgbealecnakbhfoeeipcnoboempfkbjd - C:\Program Files (x86)\AmiExt\flashEnhancer\ch\flashEnhancer.crx[]
clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[09/08/2012 13:06]
kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

YouTube - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
flash-Enhancer - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd
Browser Companion Helper - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Google Search - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Downloader - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
vshare plugin - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Google Wallet - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Gmail - murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Ask Toolbar - murat\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
Docs - murat\AppData\Local\Torch\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - murat\AppData\Local\Torch\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - murat\AppData\Local\Torch\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
DropToS - murat\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
Browser Companion Helper - murat\AppData\Local\Torch\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Koyote New Tabs - murat\AppData\Local\Torch\User Data\Default\Extensions\ddjobbmbkpnhmiloopddfpnedcmhcdpg
Torch Music - murat\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad
Torch Helper - murat\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg
DVDVideoSoft Browser Extension - murat\AppData\Local\Torch\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Torch Music - murat\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed
Gmail - murat\AppData\Local\Torch\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd deleted successfully
C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgbealecnakbhfoeeipcnoboempfkbjd_0.localstorage deleted successfully
C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully
C:\Users\murat\AppData\Local\Torch\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully
C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_clbfjfbnelcflpgpklppgplejolacbej_0.localstorage deleted successfully
C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully
C:\Users\murat\AppData\Local\Torch\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
C:\Users\murat\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP2074331D-6F44-4F82-AA09-29641C2C73CE&SSPV="
"Search Page"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
"Default_Page_URL"="http://www.aldi.com"
"Search Bar"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
"SearchAssistant"="http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=288bdf66-34e4-40cf-a1ab-65ad9856d9b8&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2074331D-6F44-4F82-AA09-29641C2C73CE&q={searchTerms}&SSPV="
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{264BE1EB-4AAF-49F9-868E-C7F1E6D8A7EF} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393"
{5A648C62-1BD7-464D-A7BD-43CC146543CC} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5e9b02b0-304b-4050-b930-056377a4fe98} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5e9b02b0-304b-4050-b930-056377a4fe98} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8244639d-d199-45ad-a315-2929bdbba34d} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5e9b02b0-304b-4050-b930-056377a4fe98} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8244639d-d199-45ad-a315-2929bdbba34d} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Mozilla\Firefox\Extensions\{13b2a6cd-c8be-4191-a05b-b843a6b780cb} deleted successfully
HKEY_USERS\S-1-5-21-3998879849-3691024730-1580810151-1000\Software\Mozilla\Firefox\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\KavAntiBanner@Kaspersky.ru deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\linkfilter@kaspersky.ru deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@flashenhancer.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha7486.net deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgbealecnakbhfoeeipcnoboempfkbjd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\flash-Enhancer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d3d35679-b737-410b-b7b7-f11c6d1a8fe8 deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [EasyDownloads] "C:\Program Files (x86)\Easy Downloads\easydownloads.exe" -tray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\murat\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (file missing)
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll         
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Re-markit - Unknown owner - C:\Program Files (x86)\Re-markit\Re-markit155.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WorkshopDBService - Acresso - C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\murat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\murat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNT1NDZ3 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\murat\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\murat\AppData\Local\Torch\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3400 folders=707 608973704 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\murat\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\murat\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Re-markit"  not found
"C:\Program Files (x86)\Re-markit"  not found
"C:\PROGRA~2\Re-markit"  not found
"C:\Users\murat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNT1NDZ3" not found

==== EOF on vr 28/02/2014 at 19:13:24,90 ======================