Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Robert on wo 30/04/2014 at 12:54:04,27. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robert\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30/04/2014 12:58:03 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Moozy deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Music Toolbar deleted successfully C:\PROGRA~2\Search Results Toolbar deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Browser Manager deleted successfully C:\PROGRA~3\BrowserProtect deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Robert\AppData\Local\PackageAware deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0346D9F3-4314-4982-9279-D78C1AED3C57} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1B75A623-4A35-4FF4-B744-5686FDDB0336} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318 user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.order.1", "Ask.com"); ---- FireFox user.js and prefs.js backups ---- prefs_20143004_1316_.backup ProfilePath: C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\0rf464lu.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20143004_1316_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\searchplugins\Ask.xml [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "DATAMNGR"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Ask.com not found C:\Program Files (x86)\Music Toolbar not found C:\ProgramData\Datamngr not found C:\Program Files (x86)\IncrediMail_MediaBar_Nederlands_2 deleted C:\ProgramData\AskPartnerNetwork deleted C:\PROGRA~2\Conduit deleted C:\Users\Robert\AppData\Roaming\Babylon deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Wincert deleted C:\Users\Robert\AppData\Local\APN deleted C:\Users\Robert\AppData\Local\Babylon deleted C:\Users\Robert\AppData\Local\Conduit deleted C:\Users\Robert\AppData\LocalLow\searchresultstb deleted C:\Users\Robert\AppData\LocalLow\IncrediMail_MediaBar_Nederlands_2 deleted C:\Users\Robert\AppData\LocalLow\imeshtoolbar deleted C:\Users\Robert\AppData\LocalLow\DataMngr deleted C:\Users\Robert\AppData\LocalLow\PriceGong deleted C:\Users\Robert\AppData\LocalLow\Conduit deleted C:\Windows\wininit.ini deleted C:\user.js deleted C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\searchplugins\Ask.xml deleted C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\searchplugins\askcom.xml deleted C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\searchplugins\askcomsearch.xml deleted C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\searchplugins\Search_Results.xml deleted C:\PROGRA~2\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\Ask.xml deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-04-23 17:00:10 0B5A0005C0BDF4A05174576AF80DEA04 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Robert\AppData\Local\Temp ==== 2014-04-30 05:29:29 8938D3D18B09E92EEB9C403593365EB0 553067 ----a-w- C:\Users\Robert\AppData\Local\Temp\{C81956B2-2F83-4448-8FF6-8EA3B917B346}\_isres_0x0409.dll 2014-04-30 05:29:28 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Robert\AppData\Local\Temp\{C81956B2-2F83-4448-8FF6-8EA3B917B346}\ISRT.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-04-30 10:49:29 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-04-30 10:49:20 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe 2014-04-30 10:49:20 3B10B54F50CD362537B9F2186267EDF8 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-30 10:49:20 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-04-30 06:28:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-04-30 06:27:58 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-04-30 06:27:58 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-04-30 06:27:58 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-04-23 17:00:14 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-04-30 05:46:53 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-04-30 10:49:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Robert\AppData\Roaming ====== 2014-04-30 06:27:23 -------- d-----w- C:\Users\Robert\AppData\Local\Programs ====== C:\Users\Robert ====== 2014-04-30 10:49:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-30 10:32:44 A4582C5BD9BD59F4C54F238CCEC68404 921512 ----a-w- C:\Users\Robert\Downloads\jxpiinstall(11).exe 2014-04-30 06:26:59 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Robert\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 05:44:30 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Robert\Downloads\RSITx64.exe 2014-04-29 21:52:06 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-04-21 17:19:01 E3FDB66328FB4A55DEB191934CC3FCA4 148885840 ----a-w- C:\Users\Robert\Downloads\iTunes64Setup(8).exe ====== C: exe-files == 2014-04-30 10:49:29 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-04-30 10:49:20 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe 2014-04-30 10:49:20 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-04-30 10:49:00 FB67D8F555AA8E847DC6D7BFFF69C1C1 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-04-30 10:49:00 E788AC8198E99F9DA268A35719462DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-04-30 10:49:00 CA8C3C3510377A38A0FD0386B1C8700D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-04-30 10:49:00 B863FBED45DA51498B42DEAE76006D94 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-04-30 10:49:00 B1CE4931FCA0E9D6493F18440A492472 49576 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-04-30 10:49:00 829199AE07062FE066CCD037190B4D04 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-04-30 10:49:00 7151FDB921CC188833E69690E969616A 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-04-30 10:49:00 67E721D8CA3F26695C2836870FF395E0 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-04-30 10:49:00 5F32AD07982BE93452A755CE94F130BA 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-04-30 10:49:00 3DAA029309C13F0A8DFB839372A3E8D3 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-04-30 10:49:00 3B8C2991462B84868BB04C67E197CFC1 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-04-30 10:49:00 21190A2C683911E97E6484632F0A11AF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-04-30 10:49:00 0F298580559EE0929C572CFEB99B5AAA 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-04-30 10:48:59 FBC892A1196A03F695F112A5EDE032DC 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-04-30 10:48:59 C38B939945B2357D56B105C8F8FE7C45 52648 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-04-30 10:48:59 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-04-30 10:48:59 77430E8234A0050ECCC5E2F5B30A7BEF 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-04-30 10:48:59 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-04-30 10:48:59 58B60ED489B1EDFA2BCDCAAF90B5EDD8 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-04-30 10:48:59 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-04-30 10:48:59 00F5108D91D768CA9D4ABC5E5053F50F 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-04-30 10:33:28 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Robert\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe 2014-04-30 10:32:44 A4582C5BD9BD59F4C54F238CCEC68404 921512 ----a-w- C:\Users\Robert\Downloads\jxpiinstall(11).exe 2014-04-30 06:39:57 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files (x86)\Google\Update\Install\{2692EBB4-BF98-4D3B-8908-E14CBF4AC29D}\34.0.1847.131_34.0.1847.116_chrome_updater.exe 2014-04-30 06:39:57 79CACA103DA5AB8EBED082503615CD37 1119448 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.131\34.0.1847.131_34.0.1847.116_chrome_updater.exe 2014-04-30 06:26:59 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Robert\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 05:52:10 F7946F5141ADD0BCB7CDB6B24FB8E7D3 14904 ----a-r- C:\Windows\Help\OEM\Scripts\launchWebChat.exe 2014-04-30 05:52:10 CDBE59E3EC7C53802E610278DC414571 11320 ----a-w- C:\Windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe 2014-04-30 05:52:10 5D8AE0CA92FCFD6A684E2F086EEB06CC 14904 ----a-w- C:\Windows\Help\OEM\Scripts\LaunchHPForums.exe 2014-04-30 05:52:10 53656EE2AA512503F42E5CEE72EA081B 1124104 ----a-w- C:\Windows\Help\OEM\Scripts\HPSAUpgrade.exe 2014-04-30 05:52:10 2347DAF0D4813C5C4CBD9503A1ACF156 58632 ----a-w- C:\Windows\Help\OEM\Scripts\HPSAUpdaterObj.exe 2014-04-30 05:52:10 02301C351BE480C6E3EF06F7C896CE9A 23816 ----a-w- C:\Windows\Help\OEM\Scripts\HPSAScript.exe 2014-04-30 05:46:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Robert.exe 2014-04-30 05:44:30 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Robert\Downloads\RSITx64.exe 2014-04-30 05:28:36 4541335F712FBB52BA6A9FB593F77E76 74808 ----a-w- C:\ProgramData\Hewlett-Packard\HPHelpUpdater.exe 2014-04-30 05:28:35 8725ED11EF032D408C109DF0816D33BA 123192 ----a-w- C:\ProgramData\Hewlett-Packard\UninstallHPSA.exe 2014-04-30 05:28:35 7A79D02EDC9EB290F5BBD681D276A5E0 31616 ----a-w- C:\ProgramData\Hewlett-Packard\Resource.exe === C: other files == 2014-04-30 10:49:00 D95F1D4129F0CB2F7626CDCBAC2F512B 18636 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip 2014-04-30 06:28:25 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-30 06:27:58 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-04-30 06:27:58 C49915271600CFC2305FAA4271D0002F 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-30 06:27:58 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-23 17:00:14 340B0467E98A8C92697D73034DB4BCB7 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1753185352-732092568-4102873375-1000\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "HPCam_Menu"="c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe c:\Program Files (x86)\Hewlett-Packard\Media\Webcam UpdateWithCreateOnce Software\Hewlett-Packard\Media\Webcam" "QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start" "UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "20131224"="C:\Program Files\Alwil Software\Avast5\setup\emupdate\ddb99f21-9122-4037-a8d2-d2cdfaf16c57.exe /check" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Folders ====================== 2009-08-24 23:33:18 892 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [30/04/2014 08:00] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/02/2010 19:44] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/02/2010 19:44] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CapSchedInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe] "C:\Windows\SysNative\tasks\CapSvcInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe] "C:\Windows\SysNative\tasks\CapUninst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe] "C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe] "C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TVAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1BDD1BEB-21B2-4E20-BDA5-E4B5F76E3FCE}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{0B40BEE1-2F9B-4C8B-B16E-945720F0CF70}" [C:\Users\Robert\Downloads\dotnetfx35setup.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [30/04/2014 07:23] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Robert\AppData\Roaming\TomTom\HOME\Profiles\0rf464lu.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[23/04/2014 19:00] YouTube - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Card number - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-393&v=a12281-200&t=4" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cnnb" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {A23A7489-99BB-4119-B2E5-A3A071BA1A0A} Kelkoo Url="http://nb.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913938" {B5E79E8D-94A3-498E-8B5B-0458F4029DCE} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1547&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-be" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Robert\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robert\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\0b6w512a.default\Cache emptied successfully C:\Users\Robert\AppData\Local\Mozilla\Firefox\Profiles\jc7lxv34.default-1354982529318\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=296 folders=102 41612211 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robert\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Robert\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\cdn.zoomin.tv" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\games2.spele.nl" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\nieuws.vtm.be" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\sa.kewego.com" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\static.muzu.tv" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\sysimages.tq.cn" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\www.abcactionnews.com" not found "C:\Users\Robert\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9FKNCZC\www.chanel-latinlover.com" not found ==== EOF on wo 30/04/2014 at 13:32:38,11 ======================