Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Jelle on di 08-04-2014 at 13:22:28,31. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Jelle\Mijn documenten\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-4-2014 13:27:02 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\GUM80.tmp deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\TomTom DesktopSuite deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\EPSON deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\EPSON Utility Suite deleted successfully C:\Documents and Settings\All Users\Menu Start\Programma's\Sid Meier's Civilization II deleted successfully C:\Documents and Settings\Janneke\Application Data\AdobeUM deleted successfully C:\Documents and Settings\Jelle\Application Data\AdobeUM deleted successfully C:\Documents and Settings\Jelle\Application Data\My Games deleted successfully C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully C:\Documents and Settings\Peter&Geke\Application Data\AdobeUM deleted successfully C:\Documents and Settings\Peter&Geke\Application Data\CameraWindowDC deleted successfully C:\Documents and Settings\Peter&Geke\Application Data\Lavasoft deleted successfully C:\Documents and Settings\Peter&Geke\Application Data\ZoomBrowser EX deleted successfully C:\Documents and Settings\Janneke\Local Settings\Application Data\WMTools Downloaded Files deleted successfully C:\Documents and Settings\LocalService\Local Settings\Application Data\Google deleted successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\PackageAware deleted successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} deleted successfully HKEY_CLASSES_ROOT\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Web Assistant Updater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\Janneke\Application Data\Mozilla\Firefox\Profiles\v3vr536p.default user.js not found ---- Lines {8E9E3331-D360-4f87-8803-52DE43566502} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_08-04-2014_1350_.backup ProfilePath: C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\crnje2k0.default user.js not found ---- Lines {8E9E3331-D360-4f87-8803-52DE43566502} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_08-04-2014_1350_.backup ProfilePath: C:\Documents and Settings\PETER&~1\Application Data\Mozilla\Firefox\Profiles\evtb9tae.default ---- Lines incredibar removed from prefs.js ---- user_pref("browser.newtab.url", "http://mystart.incredibar.com/mb174?a=6PQE4clRb5&loc=FF_NT"); user_pref("browser.startup.homepage", "http://mystart.incredibar.com/mb174?a=6PQE4clRb5&i=26"); user_pref("extensions.incredibar.admin", false); user_pref("extensions.incredibar.aflt", "orgnl"); user_pref("extensions.incredibar.cntry", "NL"); user_pref("extensions.incredibar.dfltLng", ""); user_pref("extensions.incredibar.dfltSrch", false); user_pref("extensions.incredibar.did", "10671"); user_pref("extensions.incredibar.envrmnt", "production"); user_pref("extensions.incredibar.excTlbr", false); user_pref("extensions.incredibar.hdrMd5", "558B7242CF03BC5A12983D367483D68E"); user_pref("extensions.incredibar.hmpg", false); user_pref("extensions.incredibar.id", "d86a744200000000000000138fb88315"); user_pref("extensions.incredibar.installerproductid", "26"); user_pref("extensions.incredibar.instlDay", "15541"); user_pref("extensions.incredibar.instlRef", ""); user_pref("extensions.incredibar.isDcmntCmplt", true); user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:41:50"); user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); user_pref("extensions.incredibar.newTab", false); user_pref("extensions.incredibar.noFFXTlbr", false); user_pref("extensions.incredibar.ppd", "7777744"); user_pref("extensions.incredibar.prdct", "incredibar"); user_pref("extensions.incredibar.productid", "26"); user_pref("extensions.incredibar.prtnrId", "Incredibar"); user_pref("extensions.incredibar.sg", "none"); user_pref("extensions.incredibar.smplGrp", "none"); user_pref("extensions.incredibar.tlbrId", "base"); user_pref("extensions.incredibar.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQE4clRb5&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar.upn2", "6PQE4clRb5"); user_pref("extensions.incredibar.upn2n", "92543264478413851"); user_pref("extensions.incredibar.vrsn", "1.5.11.14"); user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:41:50"); user_pref("extensions.incredibar.vrsni", "1.5.11.14"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.did", "10671"); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.id", "d86a744200000000000000138fb88315"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.instlDay", "15541"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.ppd", "7777744"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQE4clRb5&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.upn2", "6PQE4clRb5"); user_pref("extensions.incredibar_i.upn2n", "92543264478413851"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:41:50"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("keyword.URL", "http://mystart.incredibar.com/mb174/?loc=IB_DS&a=6PQE4clRb5&&i=26&search="); ---- Lines incredibar modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- Lines incredibar removed from user.js ---- user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQE4clRb5&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.id", "d86a744200000000000000138fb88315"); user_pref("extensions.incredibar_i.instlDay", "15541"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:41:50"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.upn2", "6PQE4clRb5"); user_pref("extensions.incredibar_i.upn2n", "92543264478413851"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.did", "10671"); user_pref("extensions.incredibar_i.ppd", "7777744"); ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.defaultenginename", "MyStart Search"); user_pref("browser.search.selectedEngine", "MyStart Search"); ---- Lines babsrc removed from prefs.js ---- user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsofton ---- Lines {8E9E3331-D360-4f87-8803-52DE43566502} removed from prefs.js ---- user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.extensionFirstRun", false); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.lastExtensionVersion", "2.0.0.602"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_installer_name", "sg_6PQE4clRb5_active_MB168_MB169_UA-26924354-2_2012-07-20-21-41-43"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Web Assistant"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_version", "2.0.0.602"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_pxl_wsg_dailyPing", "dailyPing|||1396038232073"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_temp_installer_name", "sg_6PQE4clRb5_active_MB168_MB169_UA-26924354-2_2012-07-20-21-41-43 user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_toolbarID", "bc138eb69b0147518aed4e75cb2029ad"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_dailyPing", "true|||1396038232064"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_debugMode", "not set"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_geoRequest", "not set"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_gtQueryParam", "UA-26924354-2"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_inactive_by_user", "not set"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_installedPing", "true|||8641395951832071"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_kswitch", "active|||8641395952349701"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_lastUpdate", "1395951822466|||8641395951822468"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_redirectQueryParam1", "MB168"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_redirectQueryParam2", "MB169"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_showDialog", "not set"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_ssl", "|||8641395951832011"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_status", "inactive|||8641395952349702"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_toolbar_query", "not set"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_upn2", "6PQE4clRb5"); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.setdefaultsearch_2.0.0.602", false); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.setdnscatch_2.0.0.413", false); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.setdnscatch_2.0.0.602", false); user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.sethomepage_2.0.0.602", false); ---- Lines {8E9E3331-D360-4f87-8803-52DE43566502} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- user_08-04-2014_1350_.backup prefs_08-04-2014_1350_.backup ProfilePath: C:\Documents and Settings\PETER&~1\Application Data\TomTom\HOME\Profiles\b01du60o.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_08-04-2014_1350_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WX5V3JXD3UYY8Y1AZ"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Google\Google Toolbar\Component deleted C:\Program Files\Web Assistant deleted C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\crnje2k0.default\extensions\nostmp deleted C:\Program Files\Viewpoint deleted C:\Program Files\Perion deleted C:\Documents and Settings\Janneke\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk deleted C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted C:\WINDOWS\Wininit.ini deleted C:\user.js deleted C:\WINDOWS\System32\SET14B.tmp deleted C:\WINDOWS\System32\SET1D4.tmp deleted C:\WINDOWS\System32\SET37.tmp deleted C:\WINDOWS\System32\SET39.tmp deleted C:\WINDOWS\System32\SET45.tmp deleted C:\WINDOWS\System32\SET7E.tmp deleted C:\WINDOWS\System32\SETA8.tmp deleted C:\WINDOWS\System32\SETA9.tmp deleted C:\Documents and Settings\PETER&~1\Application Data\Mozilla\Firefox\Profiles\evtb9tae.default\searchplugins\MyStart Search.xml deleted C:\Documents and Settings\PETER&~1\Application Data\Mozilla\Firefox\Profiles\evtb9tae.default\extensions\ffxtlbr@incredibar.com deleted "C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job" deleted "C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\DOCUME~1\Jelle\LOCALS~1\Temp ==== 2014-03-27 21:31:20 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Documents and Settings\Peter&Geke\Local Settings\Temp\3032_23699\GoogleUpdateSetup.exe 2014-03-27 21:31:20 4C8C0B0340C6234649C7F91FB5E89A54 571272 ----a-w- C:\Documents and Settings\Peter&Geke\Local Settings\Temp\3032_23699\ChromeRecovery.exe ====== Java Cache ===== 2014-04-08 11:19:23 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\12\eef218c-2fb5faa3 2014-04-08 11:19:06 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\49a00451-38914d2a 2014-04-08 11:19:06 62702DB186FE20E56071DB9F595D9CC4 100 ----a-w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap 2014-04-08 11:19:05 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\18\3cb32f52-3a0d3e51 2014-04-08 11:19:07 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5d6ea6fe ====== C:\WINDOWS\system32 ===== 2014-04-08 11:16:56 C94EC0201AD94C0A25461F1073F60493 145408 ----a-w- C:\WINDOWS\System32\javacpl.cpl 2014-04-08 11:16:56 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\WINDOWS\System32\javaws.exe 2014-04-08 11:16:33 FD80D0AE205EC54D1A204DDBD6B766DA 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll 2014-04-08 11:16:33 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\WINDOWS\System32\javaw.exe 2014-04-08 11:16:33 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\WINDOWS\System32\java.exe ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-04-08 11:17:05 -------- d-----w- C:\Program Files\Common Files\Java 2014-04-05 08:14:25 -------- d-----w- C:\Program Files\trend micro 2014-03-27 21:29:18 -------- d-----w- C:\Program Files\Common Files\Citrix ======= C: ===== ====== C:\Documents and Settings\Jelle\Application Data ====== 2014-04-08 11:19:01 -------- d-----w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Sun 2014-03-28 13:57:40 -------- d-----w- C:\Documents and Settings\Jelle\Local Settings\Application Data\Citrix 2014-03-27 20:47:58 -------- d-----w- C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Citrix ====== C:\Documents and Settings\Jelle ====== 2014-04-08 10:55:46 -------- d--h--r- C:\Documents and Settings\Jelle\Onlangs geopend ====== C: exe-files == 2014-04-08 11:15:30 EBAB810C999D8C31F0D5D8B28B3EEDD1 15784 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-04-08 11:15:30 C422AF851B98378A39B51D99FE707E64 146344 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-04-08 11:15:30 ACA236A716C2291E40ED069F2CBB3D35 49064 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-04-08 11:15:30 6E2BECF6E17FF8DC850C058A38A50C4F 15784 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-04-08 11:15:30 6E1B0EEBF3D1CC7ECF4104E1473900FF 15784 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-04-08 11:15:30 0E37C7C174521E16CEA0A6BC46F03BCD 16296 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-04-08 11:15:29 F4BA3A5D5FDE0A321CD7C4A74749CE5B 15784 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-04-08 11:15:29 397A6EA17BB97800939DE44D7BFEEC04 15784 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-04-08 11:15:29 18BC25C50200C3DD4E67611D2467DAA2 15784 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-04-08 11:15:28 ED1F5F1906F8D963612A4831CDB331D6 15784 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-04-08 11:15:28 762E372DCFDAE32FAE52C1A50A0029C2 15784 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-04-08 11:15:28 6EEAD2C8A5CAC1F0F2066ABD77BA9092 15784 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-04-08 11:15:28 49A5F3169A23C00F9F2023DFE04D7AF6 15784 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-04-08 11:15:27 B9436A665A8621073A12338B16D7BFD4 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-04-08 11:15:27 A8F2A6D5782AA0166D8367FF674DDF77 52648 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-04-08 11:15:20 FBC27FD8E76C53E6E8066944BBE2BF73 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-04-08 11:15:20 E9BFEA5B2F3F7598DA990F9728768790 66984 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-04-08 11:15:20 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-04-08 11:15:20 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-04-08 11:15:20 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-04-08 11:15:20 5877E6618DA03EE8E7A869F57EE6ACE5 15784 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-04-08 11:12:35 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Documents and Settings\Jelle\Application Data\Sun\Java\jre1.7.0_51\lzma.exe 2014-04-08 10:28:07 D6A3D61864E8F9565550548865D7522C 921000 ----a-w- C:\Documents and Settings\Jelle\Mijn documenten\Downloads\jxpiinstall.exe 2014-04-05 08:13:37 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Jelle\Mijn documenten\Downloads\RSIT.exe 2014-04-04 10:14:58 B3E2F3C3E6A9373DA238922662B7B59C 36838104 ----a-w- C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\33.0.1750.154\33.0.1750.154_chrome_installer.exe 2014-04-04 10:13:32 565592D342E241EB6FCA351F9C810AE3 4787368 ----a-w- C:\Documents and Settings\Jelle\Mijn documenten\Downloads\ccsetup412.exe === C: other files == 2014-04-08 11:15:32 863EB6802B1C3B7630290871599BE0BD 18636 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe /background" "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe /AUTO" "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe -lang 1033" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe /background" "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe /AUTO" "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe -lang 1033" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14-03-2014 11:50] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\Google Software Updater.job --a------ [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [21-09-2010 21:28] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1060284298-725345543-1004Core.job --a------ C:\Documents and Settings\PeterGeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1060284298-725345543-1004UA.job --a------ C:\Documents and Settings\PeterGeke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [14-11-2010 23:52] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\Web Assistant\Firefox" [] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\Janneke\Application Data\Mozilla\Firefox\Profiles\v3vr536p.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi ProfilePath: C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\crnje2k0.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi ProfilePath: C:\Documents and Settings\PETER&~1\Application Data\Mozilla\Firefox\Profiles\evtb9tae.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi ProfilePath: C:\Documents and Settings\PETER&~1\Application Data\TomTom\HOME\Profiles\b01du60o.default - Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.400.851694@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\Jelle\Application Data\Mozilla\Firefox\Profiles\crnje2k0.default A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51 9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13 E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update 95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner + AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat FD3F83A4EC716F5F95C036EE051F3D25 - C:\Program Files\Citrix\ICA Client\npURLInterceptorPlugin.dll - Citrix URL-Redirection Helper Plugin 10909A59F2A52E95FC6C8E731BBE3E87 - C:\Program Files\Citrix\ICA Client\npicaN.dll - Citrix ICA Client 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 270EE43CC00609B9937AAF94E1E970D4 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 358878E398AB0FB8B1EE176C2E3EDF48 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll - Google Updater 6C403C77C8657F7F6A4F88106BCD5440 - C:\Program Files\NOS\bin\np_gp.dll - getPlusPlus for Adobe 16291 1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery EDBA797E78300759A09AF77C77F5D9E7 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Web Player AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[] jifflliplgeajjdhmkcfnngfpgbjonjg - C:\Program Files\Perion\NewTab\newTab.crx[] Google Docs - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo MSS+ Extension - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Google Search - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf New tab for Chromeâ„¢ - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Google Wallet - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia New tab for Chrome\u2122 - Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Google Wallet - Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chrome Fix ====================== C:\Documents and Settings\Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal deleted successfully C:\Documents and Settings\Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.vi.nl/" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.vi.nl/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{02293208-1DC6-402F-839E-E6FC40C3F98A}" {02293208-1DC6-402F-839E-E6FC40C3F98A} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIH_nlNL202" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1085031214-1060284298-725345543-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Janneke\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Peter&Geke\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Peter&Geke\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Jelle\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Janneke\Local Settings\Application Data\Mozilla\Firefox\Profiles\v3vr536p.default\Cache emptied successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Mozilla\Firefox\Profiles\evtb9tae.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\Jelle\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully C:\Documents and Settings\Peter&Geke\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=142 folders=40 26941183 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\Janneke\Local Settings\Temp emptied successfully C:\Documents and Settings\Jelle\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\Documents and Settings\Peter&Geke\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Jelle\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Jelle\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on di 08-04-2014 at 14:44:56,28 ======================