Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Hans on di 13/05/2014 at 15:36:25,60. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Hans\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 13/05/2014 15:43:44 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\AGEIA Technologies deleted successfully C:\Program Files\Electronic Arts deleted successfully C:\Program Files\Freemake deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\RAF deleted successfully C:\Program Files\Scriptocean deleted successfully C:\Program Files\StartSearch plugin deleted successfully C:\Program Files\TomTom DesktopSuite deleted successfully C:\Program Files\Wondershare deleted successfully C:\PROGRA~2\Freemake deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\Users\Hans\AppData\Roaming\AdobeUM deleted successfully C:\Users\Hans\AppData\Roaming\Nokia Ovi Suite deleted successfully C:\Users\Hans\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Hans\AppData\Local\NokiaAccount deleted successfully C:\Users\Hans\AppData\Local\PackageAware deleted successfully C:\Users\Tine\AppData\Local\{158EE179-9E8A-4DD2-8EEE-8F9865C5F3E5} deleted successfully C:\Users\Tine\AppData\Local\{299F5317-2768-471F-831E-9315DD22FF7A} deleted successfully C:\Users\Tine\AppData\Local\{2BE233E0-51BD-4992-8637-38400450B89B} deleted successfully C:\Users\Tine\AppData\Local\{6A5EC4E8-B9FE-44B2-A95B-F80E72C9BAFB} deleted successfully C:\Users\Tine\AppData\Local\{80C61410-FBD7-4E8F-886A-B49D1FC9E942} deleted successfully C:\Users\Tine\AppData\Local\{8B89C63A-3794-44C8-B276-147CBC75167A} deleted successfully C:\Users\Tine\AppData\Local\{AC970192-5E89-4F43-825D-B8609C1F1B32} deleted successfully C:\Users\Tine\AppData\Local\{B077560B-6D09-4832-9886-733DAF435E4E} deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4219663350-357179870-1379329519-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully HKEY_USERS\S-1-5-21-4219663350-357179870-1379329519-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully HKEY_USERS\S-1-5-21-4219663350-357179870-1379329519-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully HKEY_CLASSES_ROOT\CLSID\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Ferre\AppData\Roaming\Mozilla\Firefox\Profiles\drje74r6.default user.js not found ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20141305_1606_.backup ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\pqllq1sd.default-1352106638268 ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark.lastInstalled", "mywebface@mindspark.com"); ---- FireFox user.js and prefs.js backups ---- user_20141305_1606_.backup prefs_20141305_1606_.backup ProfilePath: C:\Users\Hans\AppData\Roaming\Thunderbird\Profiles\19pfu1jt.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141305_1606_.backup ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\ii8jd231.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141305_1606_.backup ProfilePath: C:\Users\Tine\AppData\Roaming\Mozilla\Firefox\Profiles\nhwrvrmu.default user.js not found ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20141305_1606_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- "mobilegeni daemon"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Mobogenie not found C:\PROGRA~2\eSellerate deleted C:\Users\Hans\AppData\Local\genienext deleted C:\Program Files\TornTV.com deleted C:\Users\Hans\daemonprocess.txt deleted C:\Users\Hans\.android deleted C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll deleted C:\Program Files\BitLord 2 deleted C:\Program Files\Bandoo deleted C:\Program Files\SopCast deleted C:\Program Files\Freeze.com deleted C:\Program Files\1ClickDownload deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Hans\AppData\Roaming\newnext.me deleted C:\Users\Hans\AppData\Roaming\BitLord deleted C:\Users\Ferre\AppData\Local\Wondershare deleted C:\Users\Hans\AppData\Local\Ilivid Player deleted C:\Users\Hans\AppData\Local\Wondershare deleted C:\Users\Hans\AppData\Local\Mobogenie deleted C:\Users\Hans\AppData\Local\cache deleted C:\Users\Tine\AppData\Local\Wondershare deleted C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Hans\Downloads\iLividSetupV1.exe deleted C:\Users\Hans\Downloads\SopCast-3.3.2.zip deleted C:\Users\Hans\Downloads\SopCast.zip deleted C:\Users\Hans\Downloads\SoftonicDownloader_voor_vlc-media-player.exe deleted C:\Users\Hans\Documents\Mobogenie deleted C:\Users\Hans\Documents\BitLord deleted C:\Users\Ferre\AppData\Roaming\Mozilla\Firefox\Profiles\drje74r6.default\.autoreg deleted C:\Users\Ferre\AppData\Roaming\Mozilla\Firefox\Profiles\drje74r6.default\extensions\5affxtbr@MyWebFace_5a.com deleted C:\Users\Tine\AppData\Roaming\Mozilla\Firefox\Profiles\nhwrvrmu.default\extensions\5affxtbr@MyWebFace_5a.com deleted "C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Program Files\eBay\eBay Toolbar2" deleted "C:\Program Files\Common Files\Wondershare" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-21 18:40:38 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Hans\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-05-02 05:19:18 DCAA40C2C9F8EE14BAEA773576C26766 12347392 ----a-w- C:\Windows\System32\mshtml.dll 2014-05-02 05:19:17 878F0E1D75D45E91B9CC22152DD614FA 2382848 ----a-w- C:\Windows\System32\mshtml.tlb ====== C:\Windows\system32\drivers ===== 2014-05-12 18:51:23 661B911FA04E73FB073FF9B1C9BD2E05 107736 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-05-12 18:51:06 351E390DD5D257EAFF6E74A3C7239A5D 51416 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-05-12 18:51:06 2BB23932978D623D3D395AEAB1825BF1 73432 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-05-12 18:51:06 0C6EA0109CFEDF441F06D031E9A8D1A9 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-21 18:40:44 4D6C6E0505A8E5A0656DCB223497D37C 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-05-12 18:45:08 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Hans\AppData\Roaming ====== 2014-04-26 10:10:29 -------- d-----w- C:\Users\Tine\AppData\Roaming\IrfanView 2014-04-26 10:01:27 -------- d-----w- C:\Users\Tine\AppData\Local\NVIDIA 2014-04-18 18:57:53 -------- d-----w- C:\Users\Hans\AppData\Local\NVIDIA Corporation ====== C:\Users\Hans ====== 2014-05-12 18:49:16 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Hans\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-12 18:43:54 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Hans\Desktop\RSIT.exe 2014-05-09 20:29:21 29CA0BEB873B25DCBBB2A61B2152EACF 276555368 ----a-w- C:\Users\Hans\Desktop\Perfect_Effects_8.1.0_PE.exe ====== C: exe-files == 2014-05-09 20:14:17 EADEB528BF662F1891DC6FA0069EA240 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$I4UB4KI.exe 2014-05-09 20:10:08 7595EB5DD7CA8F789CD9FFFC704F9E33 431352 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$R4UB4KI.exe === C: other files == 2014-05-07 15:51:08 01F55F22FFD3ED0981407778A4683343 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$IWIPQFH.zip 2014-05-07 15:51:03 C5C8ABBD25EFB0A95FBC2B2AD73F8CAB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$IBNG62H.zip 2014-05-07 15:45:50 556230B75B61AE0DEAD113625D10C16A 281962230 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$RBNG62H.zip 2014-05-07 15:04:06 28DB6F8072CE0FDF3CB06C382346D7B8 185449306 ----a-w- C:\$Recycle.Bin\S-1-5-21-4219663350-357179870-1379329519-1000\$RWIPQFH.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-4219663350-357179870-1379329519-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe -min" "Facebook Update"="C:\Users\Hans\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" "Spotify Web Helper"="C:\Users\Hans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DT HPW"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW" "hpsysdrv"="c:\hp\support\hpsysdrv.exe" "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "RtHDVCpl"="RtHDVCpl.exe" "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "UpdatePPShortCut"="C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerProducer UpdateWithCreateOnce Software\CyberLink\PowerProducer\5.0" "StartupDelayer"="C:\Program Files\Startup Delayer\Startup Launcher.exe" "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "CommonToolkitTray"="C:\Program Files\Fighters\Tray\FightersTray.exe" "sfagent"="C:\Program Files\Fighters\SPAMfighter\sfagent.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" "Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "BrowserPlugInHelper"="C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe -min" "Facebook Update"="C:\Users\Hans\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" "Spotify Web Helper"="C:\Users\Hans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft MediaImpression Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft MediaImpression Monitor" "hkey"="HKLM" "command"="C:\\Program Files\\Kodak\\MediaImpression\\ArcMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NitroShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NitroShare" "hkey"="HKCU" "command"="C:/Program Files/NitroShare/nitroshare.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM.EXE" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Hans\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk] "item"="HP SimpleSave Monitor" "path"="C:\\Users\\Hans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP SimpleSave Monitor.lnk" "backup"="C:\\Windows\\pss\\HP SimpleSave Monitor.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Hans\\AppData\\Roaming\\HPSIMP~1\\STARTH~1.EXE" ==== Startup Folders ====================== 2013-04-30 11:21:51 1013 ----a-w- C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk 2010-05-07 21:02:58 1770 ----a-w- C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Calendar.lnk 2010-10-20 21:28:56 1039 ----a-w- C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk 2014-04-26 10:11:54 1111 ----a-w- C:\Users\Tine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2009-05-19 17:41:14 2455 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Snelle start.lnk 2009-05-19 17:32:53 1154 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk 2008-04-14 20:13:34 2008 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk 2011-06-17 08:31:27 607 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\monitorpad.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/04/2014 07:06] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4219663350-357179870-1379329519-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4219663350-357179870-1379329519-1000UA.job --a------ C:\Users\Hans\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 10:27] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/08/2010 19:41] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16/08/2010 19:41] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-4219663350-357179870-1379329519-1000Core" [C:\Users\Hans\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-4219663350-357179870-1379329519-1000UA" [C:\Users\Hans\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\JavaUpdateAdministrator" [C:\Windows\system32\jusched.exe] "C:\Windows\system32\tasks\JavaUpdateFerre" [C:\Windows\system32\jusched.exe] "C:\Windows\system32\tasks\JavaUpdateHans" [C:\Windows\system32\jusched.exe] "C:\Windows\system32\tasks\JavaUpdateTine" [C:\Windows\system32\jusched.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{1AFE7314-C939-4653-877D-7FAE0DB90CFC}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{D439A5E6-2C88-4101-9416-3BA727B05089}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\PC-Doctor\Scheduled Maintanence" [C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [21/04/2014 20:40] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [14/05/2011 11:59] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ferre\AppData\Roaming\Mozilla\Firefox\Profiles\drje74r6.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\pqllq1sd.default-1352106638268 - Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - eSnipe.com SnipeIt - %ProfilePath%\extensions\esnipesnipeit@esnipe.com.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi ProfilePath: C:\Users\Hans\AppData\Roaming\Thunderbird\Profiles\19pfu1jt.default - Undetermined - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\ii8jd231.default - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.7.903.9183@tomtom.com ProfilePath: C:\Users\Tine\AppData\Roaming\Mozilla\Firefox\Profiles\nhwrvrmu.default - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi AppDir: C:\Program Files\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\pqllq1sd.default-1352106638268 785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash 025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55 290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.1.0.30716.0.dll - Silverlight Plug-In 01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In 0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 86FD0445C7A92516FC0BA201C79B8E9E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4 9FDABAD05A9623988750CCC10223BDB0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4 5E1D0432C765884434A7CCD4DBDC80AA - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4 3B293C235A80E7A5369E6AA28FEA50B1 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4 A80BCBED52F7DD5FDBF346A985A4E4D5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4 3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Hans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 5CB2C74F632F47F39071AD7487B0F825 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 8DA7593DFD8FCA8AEA95C6ED1586478F - C:\Users\Hans\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll - Cooliris embedded in a tab AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 8FDF6459DC93F093C6F4ADAA89102EB8 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll - RealArcade Mozilla Plugin 28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[] pbiamblgmkgbcgbcgejjgebalncpmhnp - C:\Program Files\StartSearch plugin\vshareplg.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.bing.com" "Search Bar"="http://www.bing.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://startsear.ch/?aff=2&cf=360d0629-1d29-11e1-9096-001e8c6e09a1" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=desktop" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.bing.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {03E44766-33BB-4F3D-BC47-E28838CC8737} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {B92ADCDE-6652-43FD-8DF5-736180121632} Kelkoo Url="http://nb.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913938" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroShare deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ferre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ferre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Tine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Tine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Tine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Ferre\AppData\Local\Mozilla\Firefox\Profiles\drje74r6.default\Cache emptied successfully C:\Users\Hans\AppData\Local\Mozilla\Firefox\Profiles\pqllq1sd.default-1352106638268\Cache emptied successfully C:\Users\Tine\AppData\Local\Mozilla\Firefox\Profiles\nhwrvrmu.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1828 folders=398 10151587141 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Ferre\AppData\Local\Temp emptied successfully C:\Users\Hans\AppData\Local\Temp will be emptied at reboot C:\Users\Tine\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Hans\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not deleted ==== EOF on di 13/05/2014 at 18:21:52,56 ======================