Zoek.exe v5.0.0.0 Updated 13-July-2014 Tool run by B1 on zo 13-07-2014 at 14:08:25,47. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\B1\Desktop\Scan\Zoek\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 13-7-2014 14:12:00 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Aimersoft deleted successfully C:\PROGRA~2\assassins deleted successfully C:\PROGRA~2\Black_Box deleted successfully C:\PROGRA~2\Funmoods deleted successfully C:\PROGRA~2\HyperCam 3 deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\SecretSauce deleted successfully C:\PROGRA~2\SmartTweak deleted successfully C:\PROGRA~2\Whilokii deleted successfully C:\PROGRA~2\WinRAR deleted successfully C:\PROGRA~2\COMMON~1\Solveig Multimedia deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\MAXON deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Browser Manager deleted successfully C:\PROGRA~3\BrowserProtect deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\B1\AppData\Roaming\COWON deleted successfully C:\Users\B1\AppData\Roaming\DMCache deleted successfully C:\Users\B1\AppData\Roaming\Publish Providers deleted successfully C:\Users\B1\AppData\Roaming\TP deleted successfully C:\Users\B1\AppData\Roaming\VST3 Presets deleted successfully C:\Users\B1\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Bela - G\AppData\Roaming\DAEMON Tools Pro deleted successfully C:\Users\Bela - G\AppData\Roaming\Solveig Multimedia deleted successfully C:\Users\Bela - G\AppData\Roaming\Systweak deleted successfully C:\Users\Murselino\AppData\Roaming\DAEMON Tools Pro deleted successfully C:\Users\Test\AppData\Roaming\DAEMON Tools Pro deleted successfully C:\Users\B1\AppData\Local\Downloaded Installations deleted successfully C:\Users\B1\AppData\Local\Lollipop deleted successfully C:\Users\Bela - G\AppData\Local\{01B0123A-F816-460B-BC11-DFABD004733C} deleted successfully C:\Users\Bela - G\AppData\Local\{02CD5BE6-8762-448D-A0A8-F2A3071FAA83} deleted successfully C:\Users\Bela - G\AppData\Local\{032FF0F8-3164-4F29-9C54-5155B6AA1B33} deleted successfully C:\Users\Bela - G\AppData\Local\{03E4AEF6-9560-4B78-802F-97F4B0499FF4} deleted successfully C:\Users\Bela - G\AppData\Local\{07F6B9B2-80B4-4185-A213-450091E04989} deleted successfully C:\Users\Bela - G\AppData\Local\{08739D81-ED91-49A9-8A23-294E6C958318} deleted successfully C:\Users\Bela - G\AppData\Local\{12475627-BB60-408B-84F8-71AC7622FF59} deleted successfully C:\Users\Bela - G\AppData\Local\{15439491-C419-4274-AAD1-234B4B405E91} deleted successfully C:\Users\Bela - G\AppData\Local\{207ECD2C-53F8-4834-96A3-86D7B77B50C4} deleted successfully C:\Users\Bela - G\AppData\Local\{21A8D972-105A-4ED2-B464-AA510765E9F9} deleted successfully C:\Users\Bela - G\AppData\Local\{252454B5-64F3-4223-B416-8E14CA5713F9} deleted successfully C:\Users\Bela - G\AppData\Local\{273A69A9-87F8-4E70-85D2-F5B510B77B22} deleted successfully C:\Users\Bela - G\AppData\Local\{2A387CF9-1891-4FF1-B7D3-B86228E7434F} deleted successfully C:\Users\Bela - G\AppData\Local\{2DF3FBFD-2B90-48A7-9631-58B11F379D58} deleted successfully C:\Users\Bela - G\AppData\Local\{30E5C923-73B3-4ED3-BB21-4E8030EAD2D3} deleted successfully C:\Users\Bela - G\AppData\Local\{323EBB8E-9C06-4D99-93D8-3F1A062F058D} deleted successfully C:\Users\Bela - G\AppData\Local\{344016EE-A0C2-44E2-A3A3-A84E7AA638A8} deleted successfully C:\Users\Bela - G\AppData\Local\{37BA648E-C3C5-4AE6-841F-5B900BA948C8} deleted successfully C:\Users\Bela - G\AppData\Local\{3A57BFBB-0050-442C-B72C-65D3524576FC} deleted successfully C:\Users\Bela - G\AppData\Local\{3FF761B0-F504-4F47-A8C2-A2B620EFFD58} deleted successfully C:\Users\Bela - G\AppData\Local\{405B8BEA-5EF8-40C3-81EC-CDC8ADB3D19B} deleted successfully C:\Users\Bela - G\AppData\Local\{457E41D8-2AB0-4327-AAF4-E414EA175824} deleted successfully C:\Users\Bela - G\AppData\Local\{489496EB-886A-4B6B-BABE-CB07CE349873} deleted successfully C:\Users\Bela - G\AppData\Local\{4A462C20-BC84-421E-AE4F-A02C0D78AFD2} deleted successfully C:\Users\Bela - G\AppData\Local\{4DFCBCC5-25DD-400B-9DD3-39CB1F6E43FD} deleted successfully C:\Users\Bela - G\AppData\Local\{5569CFDB-4A46-4B68-A2A1-5A34A50ADD36} deleted successfully C:\Users\Bela - G\AppData\Local\{55E392C1-F2AF-4596-A72A-B7E51D3909BC} deleted successfully C:\Users\Bela - G\AppData\Local\{56095BA4-3EAC-4606-9B3E-01B05501E983} deleted successfully C:\Users\Bela - G\AppData\Local\{5CD1A5F7-3F09-4E0D-A269-85A0D80D25AB} deleted successfully C:\Users\Bela - G\AppData\Local\{5CD5078F-31BE-43C2-AA8A-EC3C0F78F610} deleted successfully C:\Users\Bela - G\AppData\Local\{5EC1EBAA-08A2-46E7-A3C8-CE513C8C10B1} deleted successfully C:\Users\Bela - G\AppData\Local\{5FE1BA91-245F-470F-814C-2F4B3ECAF8D2} deleted successfully C:\Users\Bela - G\AppData\Local\{6B32370D-8BA3-4116-A493-074BC4484EF2} deleted successfully C:\Users\Bela - G\AppData\Local\{6E13E3D4-7818-4A06-A3CC-A78835EDD0F3} deleted successfully C:\Users\Bela - G\AppData\Local\{6EBE830B-0A88-46FF-B773-BDD182750959} deleted successfully C:\Users\Bela - G\AppData\Local\{746E1E48-84F5-4C13-AAC1-10B9BD3243DF} deleted successfully C:\Users\Bela - G\AppData\Local\{77C59970-DF01-4C3C-A592-34365401727A} deleted successfully C:\Users\Bela - G\AppData\Local\{788E16C1-2DB1-4E8C-AFF9-1E125774AF38} deleted successfully C:\Users\Bela - G\AppData\Local\{7E42D6CD-8616-4137-8995-421BAC9C8D02} deleted successfully C:\Users\Bela - G\AppData\Local\{844BA187-088B-43C9-B2E4-F29CC4910B19} deleted successfully C:\Users\Bela - G\AppData\Local\{84E1119D-A4B4-4D1C-A9CD-0DBBB80B1090} deleted successfully C:\Users\Bela - G\AppData\Local\{86F6D9A1-FC21-4B00-8D58-BDD37AB1D0FC} deleted successfully C:\Users\Bela - G\AppData\Local\{8868BFFD-8184-4933-9AA9-E50DDA3A5B4E} deleted successfully C:\Users\Bela - G\AppData\Local\{8B1C0C3A-8AEB-4464-9FC0-45F9480083A3} deleted successfully C:\Users\Bela - G\AppData\Local\{8BF32165-7F2F-48A3-96A0-B0C6EA1D916A} deleted successfully C:\Users\Bela - G\AppData\Local\{8E56D8A1-4AC5-412D-9D28-DF5F8BF1BC37} deleted successfully C:\Users\Bela - G\AppData\Local\{8EDA8323-69FA-4537-AF5E-DA466BA1F3E4} deleted successfully C:\Users\Bela - G\AppData\Local\{8EE2D99E-1214-4AF7-AE99-B31384D554C3} deleted successfully C:\Users\Bela - G\AppData\Local\{8F32C345-E404-43E0-8F9B-341CCF293D23} deleted successfully C:\Users\Bela - G\AppData\Local\{8F9A1914-2D2F-41BC-8E0E-C12624D5E0E1} deleted successfully C:\Users\Bela - G\AppData\Local\{90825B45-C04D-4C29-94A8-E7D51D98E6A7} deleted successfully C:\Users\Bela - G\AppData\Local\{926B8A7E-1F24-4242-A26A-4B56E38F4F39} deleted successfully C:\Users\Bela - G\AppData\Local\{94A6BC48-CA43-406D-A7F9-B31D440A1908} deleted successfully C:\Users\Bela - G\AppData\Local\{971FF7ED-2895-4C47-825C-502C73DDD6A0} deleted successfully C:\Users\Bela - G\AppData\Local\{9C2995F7-5ADD-4144-9FE6-629CFD4B5E9F} deleted successfully C:\Users\Bela - G\AppData\Local\{A238A5E2-29A9-4DB6-9235-8E60AFE2E292} deleted successfully C:\Users\Bela - G\AppData\Local\{A2F66050-833E-4192-95D0-87EFD2FC1D26} deleted successfully C:\Users\Bela - G\AppData\Local\{A397AA7D-9A90-479B-97D2-61896B4DF051} deleted successfully C:\Users\Bela - G\AppData\Local\{A9E15D9B-ADCA-4411-B469-E4C331A896B7} deleted successfully C:\Users\Bela - G\AppData\Local\{B0E01B58-4826-4D34-A99B-64868D219922} deleted successfully C:\Users\Bela - G\AppData\Local\{B1EAA7D1-8102-400B-B522-EB8D3348CB9D} deleted successfully C:\Users\Bela - G\AppData\Local\{BBE6EF3C-843C-40AA-B730-C203D0855A8B} deleted successfully C:\Users\Bela - G\AppData\Local\{BF30FAEA-763F-4379-BBE4-73A7BC113618} deleted successfully C:\Users\Bela - G\AppData\Local\{C1DECA3D-6612-43BB-A011-50A4E1A940D2} deleted successfully C:\Users\Bela - G\AppData\Local\{C3933690-C765-4A96-B073-8C9AAB41E30A} deleted successfully C:\Users\Bela - G\AppData\Local\{C5609968-21EA-4A16-8F2A-BC2DF8502054} deleted successfully C:\Users\Bela - G\AppData\Local\{C8944DDF-DE49-4985-8D97-0ED69267B513} deleted successfully C:\Users\Bela - G\AppData\Local\{CABDFAB6-F52F-464B-BFA6-F12C19FFA93C} deleted successfully C:\Users\Bela - G\AppData\Local\{CB18D9E8-9340-4A92-A782-B9FE92A7BFEB} deleted successfully C:\Users\Bela - G\AppData\Local\{CB9932D8-4152-42CF-87B9-32047E8274A3} deleted successfully C:\Users\Bela - G\AppData\Local\{CC9740A4-D5D1-4A78-A9B0-65636407A758} deleted successfully C:\Users\Bela - G\AppData\Local\{CDEB5109-B29A-45F7-AD97-6D853625B86C} deleted successfully C:\Users\Bela - G\AppData\Local\{D30E35A0-3911-4EC8-860F-0496F5B807F4} deleted successfully C:\Users\Bela - G\AppData\Local\{D4606E61-1868-4C1D-8476-7C9D8C547A43} deleted successfully C:\Users\Bela - G\AppData\Local\{D48CDC24-90FE-49C2-B3FD-A183CCCC10F4} deleted successfully C:\Users\Bela - G\AppData\Local\{D4BB4B1D-4AB7-4179-8409-28D5F540B96B} deleted successfully C:\Users\Bela - G\AppData\Local\{D6F8D80E-E324-4195-850F-C4FB540D4163} deleted successfully C:\Users\Bela - G\AppData\Local\{DF5B700E-1E61-4069-8E97-161E5C69033C} deleted successfully C:\Users\Bela - G\AppData\Local\{DF85F520-C5ED-49C7-B322-2724DF43228A} deleted successfully C:\Users\Bela - G\AppData\Local\{E00EC6F9-5795-48B5-89CA-EF59845DD23E} deleted successfully C:\Users\Bela - G\AppData\Local\{E2AF812C-191B-4B83-88A6-AC402CDA202A} deleted successfully C:\Users\Bela - G\AppData\Local\{E68CB63B-CF89-4D83-819D-A991C7896DF5} deleted successfully C:\Users\Bela - G\AppData\Local\{E6D39ECA-748E-432B-8525-D782C5D1E5C8} deleted successfully C:\Users\Bela - G\AppData\Local\{EC627FD6-0027-4990-BF93-B675186E5432} deleted successfully C:\Users\Bela - G\AppData\Local\{ED4E1BBE-CBEB-49EC-872D-645E06B0101F} deleted successfully C:\Users\Bela - G\AppData\Local\{F1A7B50C-9057-4168-B5BA-8D62A127C295} deleted successfully C:\Users\Bela - G\AppData\Local\{F1F9AA3C-C49F-43D4-BEC8-FE3C47BCF699} deleted successfully C:\Users\Bela - G\AppData\Local\{F2F3661D-6915-4061-B821-36F3747C4592} deleted successfully C:\Users\Bela - G\AppData\Local\{F4C65170-FFED-4285-A2C8-CC5300FDE0C9} deleted successfully C:\Users\Bela - G\AppData\Local\{F9FE8E35-3D12-4A7A-8920-C045498BA2A8} deleted successfully C:\Users\Bela - G\AppData\Local\{FA850FE5-F396-4B94-8D03-C41CF4D4B925} deleted successfully C:\Users\Bela - G\AppData\Local\{FC981AC8-6A4B-4F5C-87CB-2625A1C759AB} deleted successfully C:\Users\Bela - G\AppData\Local\{FCD31941-E6FF-4B20-90A7-C7E49B1F341E} deleted successfully C:\Users\Bela - G\AppData\Local\{FE7A5E3C-B82E-4FC3-ACAA-A4CE4ED6D6E1} deleted successfully C:\Users\Bela - G\AppData\Local\{FF930371-8A04-463E-AB1E-1A8B3418EC19} deleted successfully C:\Users\Murselino\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{44F60B9A-9CD4-43A1-8859-9914D5B485B9} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F1FAABBD-B752-4AB4-B173-1777286F166D} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F1FAABBD-B752-4AB4-B173-1777286F166D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\searchpredict@speedbit.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.7 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.7 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\vc6fkhqv.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.BabylonToolbar.instlDay", "15675"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.tlbrId", "irhnew"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=c0e49f0600000000000074de2bc01035&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=109220&tt=4812_7&babsrc=NT_ss&mntrId=c0e49f0600000000000074de2bc0 user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.818:16:04"); ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "SD"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.dfltLng", "nl"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.Softonic.instlDay", "15515"); user_pref("extensions.Softonic.instlRef", "MON00086"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.322:23:07"); ---- Lines delta removed from prefs.js ---- user_pref("browser.newtab.url", "http://www2.delta-search.com/?affID=119776&tt=gc_&babsrc=NT_ss&mntrId=C0E474DE2BC01035"); user_pref("browser.search.order.1", "Delta Search"); user_pref("browser.search.selectedEngine", "Delta Search"); ---- Lines ChatZum removed from prefs.js ---- user_pref("id_chatzum.firstlaunch", "0"); user_pref("id_chatzum.guid", "%7BE5C28BA1-2DD3-D5DC-BB92-6042104DA5B7%7D"); user_pref("id_chatzum.hiddenvisual", 0); user_pref("id_chatzum.openSearchEngineName", "Search%20Safer"); user_pref("id_chatzum.searchengine", "Yahoo"); user_pref("id_chatzum.variables.SVar1", "%13"); user_pref("id_chatzum.variables.SVar10", "%13"); user_pref("id_chatzum.variables.SVar2", "%13"); user_pref("id_chatzum.variables.SVar3", "%13"); user_pref("id_chatzum.variables.SVar4", "%13"); user_pref("id_chatzum.variables.SVar5", "%13"); user_pref("id_chatzum.variables.SVar6", "%13"); user_pref("id_chatzum.variables.SVar7", "%13"); user_pref("id_chatzum.variables.SVar8", "%13"); user_pref("id_chatzum.variables.SVar9", "%13"); user_pref("id_chatzum.variables.Var1", "0"); user_pref("id_chatzum.variables.Var10", "0"); user_pref("id_chatzum.variables.Var2", "0"); user_pref("id_chatzum.variables.Var3", "0"); user_pref("id_chatzum.variables.Var4", "0"); user_pref("id_chatzum.variables.Var5", "0"); user_pref("id_chatzum.variables.Var6", "0"); user_pref("id_chatzum.variables.Var7", "0"); user_pref("id_chatzum.variables.Var8", "0"); user_pref("id_chatzum.variables.Var9", "0"); user_pref("id_chatzum_installed_version", "1.0.17"); user_pref("id_chatzum_tabpage", "http%3A//searchsafer.com/"); ---- Lines Torntv removed from prefs.js ---- user_pref("extensions.torntv@torntv.com.install-event-fired", true); ---- Lines isearch removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\. ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "917fc283-e2cb-448a-8590-466b0101ad90"); ---- Lines yontoo removed from prefs.js ---- user_pref("extensions.plugin@yontoo.com.install-event-fired", true); ---- Lines blabbers removed from prefs.js ---- user_pref("extensions.bbrs_002@blabbers.com.install-event-fired", true); ---- FireFox user.js and prefs.js backups ---- user_13-07-2014_1443_.backup prefs_13-07-2014_1443_.backup ProfilePath: C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471 ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.delta.instlDay", "15960"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.619:00:58"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=124687&tsp=5003"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15960"); user_pref("extensions.delta.vrsn", "1.8.24.6"); user_pref("extensions.delta.vrsni", "1.8.24.6"); user_pref("extensions.delta.vrsnTs", "1.8.24.619:00:58"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=124687&tsp=5003"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines searchgol removed from prefs.js ---- user_pref("extensions.ffxtlbr@searchgol.com.install-event-fired", true); user_pref("extensions.searchgol.admin", false); user_pref("extensions.searchgol.aflt", "babsst"); user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}"); user_pref("extensions.searchgol.autoRvrt", "false"); user_pref("extensions.searchgol.dfltLng", "nl"); user_pref("extensions.searchgol.excTlbr", false); user_pref("extensions.searchgol.ffxUnstlRst", false); user_pref("extensions.searchgol.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.searchgol.instlDay", "15987"); user_pref("extensions.searchgol.instlRef", "sst"); user_pref("extensions.searchgol.newTab", false); user_pref("extensions.searchgol.prdct", "searchgol"); user_pref("extensions.searchgol.prtnrId", "searchgol"); user_pref("extensions.searchgol.rvrt", "false"); user_pref("extensions.searchgol.smplGrp", "none"); user_pref("extensions.searchgol.tlbrId", "base"); user_pref("extensions.searchgol.tlbrSrchUrl", ""); user_pref("extensions.searchgol.vrsn", "1.8.16.19"); user_pref("extensions.searchgol.vrsni", "1.8.16.19"); user_pref("extensions.searchgol.vrsnTs", "1.8.16.1922:48:08"); ---- Lines searchgol removed from user.js ---- user_pref("extensions.searchgol.tlbrSrchUrl", ""); user_pref("extensions.searchgol.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}"); user_pref("extensions.searchgol.instlDay", "15987"); user_pref("extensions.searchgol.vrsn", "1.8.16.19"); user_pref("extensions.searchgol.vrsni", "1.8.16.19"); user_pref("extensions.searchgol.vrsnTs", "1.8.16.1922:48:08"); user_pref("extensions.searchgol.prtnrId", "searchgol"); user_pref("extensions.searchgol.prdct", "searchgol"); user_pref("extensions.searchgol.aflt", "babsst"); user_pref("extensions.searchgol.smplGrp", "none"); user_pref("extensions.searchgol.tlbrId", "base"); user_pref("extensions.searchgol.instlRef", "sst"); user_pref("extensions.searchgol.dfltLng", "nl"); user_pref("extensions.searchgol.excTlbr", false); user_pref("extensions.searchgol.ffxUnstlRst", false); user_pref("extensions.searchgol.admin", false); user_pref("extensions.searchgol.autoRvrt", "false"); user_pref("extensions.searchgol.rvrt", "false"); user_pref("extensions.searchgol.newTab", false); ---- Lines CT2851561 removed from prefs.js ---- user_pref("CT2851561.FF19Solved", "true"); user_pref("CT2851561.fullUserID", "UN10794259132359128.IN.20130909175500"); user_pref("CT2851561.installDate", "09/09/2013 17:55:01"); user_pref("CT2851561.installerVersion", "1.6.1.2"); user_pref("CT2851561.installSessionId", "CF935B5F-73CC-4D62-BC15-E6D5556582AA"); user_pref("CT2851561.installSp", "false"); user_pref("CT2851561.keyword", "true"); user_pref("CT2851561.originalSearchAddressUrl", ""); user_pref("CT2851561.searchRevert", "false"); user_pref("CT2851561.searchUserMode", "1"); user_pref("CT2851561.UserID", "UN10794259132359128"); user_pref("CT2851561.versionFromInstaller", "10.20.0.13"); user_pref("CT2851561.xpeMode", "0"); user_pref("smartbar.addressBarOwnerCTID", "CT2851561"); user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851561&SearchSource=2&CUI=UN10794259132359128&UM= ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); ---- Lines speedbit removed from prefs.js ---- user_pref("extensions.searchpredict@speedbit.com.install-event-fired", true); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "143cac988c20ffe1aef65df81eb78b5a"); ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "TVNXEPPQFHQD4OGZC/ZLZVLUR4CWVY4NJHUL7ARO3HY5KXL6YZEDDSR3JIBO2S5BWTJ9G4WEO8QJXOHTIJQQCG"); user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); ---- Lines {0329E7D6-6F54-462D-93F6-F5C3118BADF2} removed from prefs.js ---- user_pref("extensions.{0329E7D6-6F54-462D-93F6-F5C3118BADF2}.install-event-fired", true); ---- FireFox user.js and prefs.js backups ---- user_13-07-2014_1443_.backup prefs_13-07-2014_1443_.backup ProfilePath: C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default ---- Lines delta removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Delta Search"); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.bbDpng", "2"); user_pref("extensions.delta.cntry", "BE"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.hdrMd5", "8652FAA910B8E755F5A933F4EBC2E773"); user_pref("extensions.delta.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.delta.instlDay", "15832"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.lastVrsnTs", "1.8.16.1619:40:41"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.sg", "czb"); user_pref("extensions.delta.smplGrp", "czb"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.16.16"); user_pref("extensions.delta.vrsni", "1.8.16.16"); user_pref("extensions.delta.vrsnTs", "1.8.16.1619:40:41"); ---- Lines delta modified from prefs.js ---- user_pref("extensions.enabledAddons", "ffxtlbr%40delta.com:1.5.0,plugin%40yontoo.com:1.20.02,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure S ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "c0e49f0600000000000074de2bc01035"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15832"); user_pref("extensions.delta.vrsn", "1.8.16.16"); user_pref("extensions.delta.vrsni", "1.8.16.16"); user_pref("extensions.delta.vrsnTs", "1.8.16.1619:40:41"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines searchgol removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.searchgol.com/?babsrc=NT_ss&mntrId=C0E474DE2BC01035&affID=125035&tsp=5030"); ---- Lines Torntv modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure S ---- Lines iminent removed from prefs.js ---- user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1361794894350"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1361794894368"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1361794895528"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1361794894371"); ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "917fc283-e2cb-448a-8590-466b0101ad90"); ---- Lines y2layers removed from user.js ---- user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref("extentions.y2layers.installId", "917fc283-e2cb-448a-8590-466b0101ad90"); user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledAddons", "ffxtlbr%40disabled.com:1.5.0,plugin%40yontoo.com:1.20.02,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure S ---- Lines gophoto.it removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"en-US@dictionaries.addons.mozilla.org\":{\"version\":\"7.0.1\",\"type\":\"dictionary\",\"descriptor\":\ ---- Lines gophoto.it modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure S ---- FireFox user.js and prefs.js backups ---- user_13-07-2014_1443_.backup prefs_13-07-2014_1443_.backup ProfilePath: C:\Users\MURSEL~1\AppData\Roaming\Mozilla\Firefox\Profiles\lyfxfeq3.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_13-07-2014_1443_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Browser companion helper"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found "C:\ProgramData\lsass.exe" not found C:\Users\B1\AppData\Roaming\OneTab deleted C:\Program Files (x86)\AskBarDis deleted C:\Program Files (x86)\SweetIM deleted C:\Program Files (x86)\BrowserCompanion deleted C:\Users\B1\AppData\Roaming\newnext.me deleted C:\PROGRA~2\SearchProtect deleted C:\Users\B1\daemonprocess.txt deleted C:\Users\B1\.android deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Mozilla Firefox\extensions\ffxtlbr@babylon.com deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\ChatZum Toolbar deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\Gophoto.it deleted C:\PROGRA~2\Microsoft Research deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\found.003 deleted C:\Users\B1\AppData\Roaming\simplitec deleted C:\Users\B1\AppData\Roaming\SkypEmoticons deleted C:\Users\B1\AppData\Roaming\Thinstall deleted C:\Users\B1\AppData\Roaming\Babylon deleted C:\Users\B1\AppData\Roaming\YoudaGames deleted C:\Users\B1\AppData\Roaming\Oxy deleted C:\Users\B1\AppData\Roaming\Systweak deleted C:\Users\B1\AppData\Roaming\OpenCandy deleted C:\Users\Bela - G\AppData\Roaming\Thinstall deleted C:\Users\Bela - G\AppData\Roaming\BabSolution deleted C:\Users\Bela - G\AppData\Roaming\Babylon deleted C:\Users\Bela - G\AppData\Roaming\Yontoo deleted C:\Users\Bela - G\AppData\Roaming\Delta deleted C:\PROGRA~3\win_mpwd_sys.dat deleted C:\PROGRA~3\simplitec deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\DSearchLink deleted C:\PROGRA~3\SweetIM deleted C:\PROGRA~3\SpeedBit deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Premium deleted C:\PROGRA~3\Package Cache deleted C:\PROGRA~3\SummerSoft deleted C:\Users\B1\AppData\Local\SearchProtect deleted C:\Users\B1\AppData\Local\AVG Secure Search deleted C:\Users\B1\AppData\Local\Oxy deleted C:\Users\B1\AppData\Local\Thinstall deleted C:\Users\B1\AppData\Local\avgchrome deleted C:\Users\B1\AppData\Local\Mobogenie deleted C:\Users\Bela - G\AppData\Local\AVG Secure Search deleted C:\Users\Bela - G\AppData\Local\Thinstall deleted C:\Users\Bela - G\AppData\Local\avgchrome deleted C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\Users\Murselino\AppData\Local\AVG Secure Search deleted C:\Users\Test\AppData\Local\AVG Secure Search deleted C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\bprotector web data deleted C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons deleted C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard deleted C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk deleted C:\Users\B1\Downloads\iLividSetupV1.exe deleted C:\Users\B1\Searches deleted C:\Users\B1\Downloads\SoftonicDownloader_for_directx.exe deleted C:\Users\B1\Downloads\SoftonicDownloader_for_microsoft-powerpoint-viewer.exe deleted C:\Users\B1\Downloads\SoftonicDownloader_voor_minecraft.exe deleted C:\Users\B1\AppData\LocalLow\AVG Secure Search deleted C:\Users\B1\AppData\LocalLow\Toolbar4 deleted C:\Users\Bela - G\AppData\LocalLow\SweetIM deleted C:\Users\Bela - G\AppData\LocalLow\AVG Secure Search deleted C:\Users\Bela - G\AppData\LocalLow\bbrs_002.tb deleted C:\Users\Bela - G\AppData\LocalLow\Delta deleted C:\Users\Murselino\AppData\LocalLow\AVG Secure Search deleted C:\Users\Test\AppData\LocalLow\SweetIM deleted C:\Users\Test\AppData\LocalLow\AVG Secure Search deleted C:\Users\Test\AppData\LocalLow\bbrs_002.tb deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\RunAsStdUser Task deleted C:\user.js deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\B1\Documents\Mobogenie deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\searchplugins\Ask.xml deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\searchplugins\avg-secure-search.xml deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\searchplugins\searchgol.xml deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\Invalidprefs.js deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\bProtector_extensions.sqlite deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\bprotector_prefs.js deleted C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\CT2851561 deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\searchplugins\babylon.xml deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\searchplugins\avg-secure-search.xml deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\bProtector_extensions.sqlite deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\bprotector_prefs.js deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\jetpack deleted C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\Ask.xml deleted C:\Users\B1\gacutil.exe deleted C:\Users\B1\LeagueofLegends_EUW_Installer_06_12_13.exe deleted C:\Users\B1\Napoleon_Total_War_Razor1911.exe deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\gophoto@gophoto.it deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\ffxtlbr@delta.com deleted C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\plugin@yontoo.com deleted "C:\Windows\Installer\ed4aca.msi" deleted "C:\ProgramData\owerscwmdlexeyp" deleted "C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\searchplugins\delta.xml" deleted "C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\torntv2@torntv.com.xpi" deleted "C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\gophoto@gophoto.it.xpi" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted "C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.7\SiteSafety.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll" deleted "C:\Users\B1\AppData\Local\genienext" deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\AVG Secure Search" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Users\B1\AppData\Local\Bundled software uninstaller" deleted "C:\Users\B1\AppData\Local\cache" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.7" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.7" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\B1\AppData\Local\Temp ==== 2014-07-06 12:13:59 819EBF584E85585015AC3CE4E1DEEBB0 155195931 ----a-w- C:\Users\B1\AppData\Local\Temp\ubiE5DF.tmp.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-09 10:29:36 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-09 10:29:34 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2014-07-09 10:29:26 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-07-09 10:29:25 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-07-09 10:29:25 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 10:29:24 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 10:29:23 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-07-09 10:29:23 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 10:29:22 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-07-09 10:29:06 87061403346685B82D9E1300EBD0D84C 73728 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 10:29:06 6D85994A1B5B811E19CF761AF42B3453 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-07-09 10:29:06 61D9AD9E55D7A1E10C0EF701ADE1C486 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-07-09 10:29:06 50A9D2A6D74339C927B73F1DEA396380 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 10:29:06 47297C4CA64236DA125951A8879D512B 223232 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 10:29:05 A4636CC74620EC3EE05131655E36FBFB 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-07-09 10:29:05 07AA09C276D0A9AAF215C5831FC5A068 1810432 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-07-09 10:29:04 BEFE2A3B0FD950E895A623DF4238247E 12353024 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-07-09 10:29:03 7C5308EF989ED1D58FF104D6685EC19F 421376 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-07-09 10:29:03 3529CC014F68A6807599B0B4E4D79879 353792 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 10:28:58 520F221209823156E53F5022C7106BC9 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe 2014-07-09 10:28:57 ACFC12807A5EA0771EE5A602CCDE7E64 1106432 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-07-09 10:28:56 1FC96DDA638BD3BEFD8065515F2AF4C4 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 10:28:55 CF17BB569F00CBFB31ADD37E6D0CE49F 231936 ----a-w- C:\Windows\SysWOW64\url.dll 2014-07-09 10:28:55 01DF51C566DBD1FD2EB71FC1F7ED0163 41472 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2014-07-09 10:28:54 9CE5BD4C26F8DE6FB34AF91F9A5EF30F 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 10:28:54 83048D7A0993EF8D45D1CACA205F8C5E 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-07-09 10:28:54 1194A8254BCB718632C9FD59B536E59D 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 10:28:50 2A88BA359F10E9957EE08BC01C1DD764 9711616 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-07-09 10:28:50 0510617D8970EFFEAF0925CC578E8A6C 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 10:28:49 6B65935D3CC6067A21CF2A546FF0E860 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2014-07-09 10:28:43 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-07-09 10:28:43 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-09 10:29:59 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-07-09 10:29:56 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-07-09 10:29:37 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-07-09 10:29:36 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe 2014-07-09 10:29:35 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2014-07-09 10:29:26 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-07-09 10:29:25 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-07-09 10:29:25 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-07-09 10:29:25 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-07-09 10:29:24 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-07-09 10:29:24 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-07-09 10:29:23 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-07-09 10:29:07 8E6746AF9EA920E39C9D1C663DB567A6 2339328 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-07-09 10:29:07 5B3B793F3C6163940E8BA8DBA56AEBF1 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-07-09 10:29:05 7B3C76AA54331CBF7FFCDBEC1D83C097 282112 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-07-09 10:29:04 5550345E6C4130091C1E4C5F3EF5CF3A 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-07-09 10:29:04 09674197E0428B8ABE3E3B56500537EC 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-07-09 10:29:01 E42B1DB1860F846AF063970207EF1976 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-07-09 10:29:01 CFD0B099FD637C3AA47066D9084A3E2B 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-07-09 10:29:01 62EF2C9D76C636BC68BE059F147A5A1A 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-07-09 10:29:01 38E9DA3044665E03577A8849F22352D6 248320 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-07-09 10:29:00 FDC9B927AD2FF9291BE3516A4505297C 17854464 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-07-09 10:29:00 9AED9B0B7B3A76A97F91769A5AD5CCFD 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-07-09 10:28:58 E740D21714AF588B2C8175122D392E68 12800 ----a-w- C:\Windows\Sysnative\mshta.exe 2014-07-09 10:28:57 6F53954FD61CFA5515BF3F5530879163 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-07-09 10:28:56 C5DAF0B1681C46957844BA8481E1712D 1348608 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-07-09 10:28:56 5D17B006EDAA6FF525796C149D637E51 55296 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2014-07-09 10:28:55 A485866D8C54D6DD28B5134360361296 2148352 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-07-09 10:28:55 7103F5DF856606DF6F91D696B7BF9E1C 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-07-09 10:28:54 9BF4F4E5D4FD07FD920E225E6623AAFF 1494016 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-07-09 10:28:54 8DBEBABC764D0A370E01C617EA283C9D 237056 ----a-w- C:\Windows\Sysnative\url.dll 2014-07-09 10:28:51 BD40F44B809BFEEE353D0F1F2CEF47F4 10890752 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-07-09 10:28:49 FF322703CC4F1DA5F18898A7D4BD7FF6 11264 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2014-07-09 10:28:44 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-06-29 23:00:32 CD421DDB5C6E5458CE52EDC36DE7DC5B 76152 ----a-w- C:\Windows\Sysnative\PnkBstrA.exe ====== C:\Windows\Sysnative\drivers ===== 2014-07-12 10:47:40 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-07-12 10:47:28 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-07-12 10:47:28 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-07-12 10:47:28 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-07-09 10:29:34 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2014-06-17 20:34:01 344604E6913BD6E4EAEC34AF2E0943D7 44544 ----a-w- C:\Windows\Sysnative\drivers\RimSerial_AMD64.sys 2014-06-17 14:21:34 5D115BF49AE159D4D7D1EBC640CB138F 235800 ----a-w- C:\Windows\Sysnative\drivers\avgldx64.sys 2014-06-17 14:06:58 0971913995F5FAFD711B0B2426A175E9 269080 ----a-w- C:\Windows\Sysnative\drivers\avgtdia.sys 2014-06-17 14:06:24 B0E4A1F342A3F8B75C4A4ADB044761C9 190744 ----a-w- C:\Windows\Sysnative\drivers\avgidsha.sys 2014-06-17 14:06:22 946C038A7274D689A004785E581FAD5F 153368 ----a-w- C:\Windows\Sysnative\drivers\avgdiska.sys 2014-06-17 14:06:22 50E7E80BB5F3E2BB0B48F3F7E17ED6B1 242968 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys 2014-06-17 14:06:20 D9CED15E158573DE1BB67330C4206763 123672 ----a-w- C:\Windows\Sysnative\drivers\avgmfx64.sys 2014-06-17 14:06:06 C4F9056928B26BCAF15872E46B29184F 31512 ----a-w- C:\Windows\Sysnative\drivers\avgrkx64.sys ====== C:\Windows\Tasks ====== 2014-06-23 20:58:02 7E44B0583A6AEFEC7C06A46D2EB09001 3674 ----a-w- C:\Windows\Sysnative\Tasks\{B39BE3A1-C652-46C9-827F-DD8EDDD7E7A8} 2014-06-21 16:38:02 F17C609E35912AC896CD9B202B43C3C8 3542 ----a-w- C:\Windows\Sysnative\Tasks\{E3B93338-6D18-41A7-AFA6-1F6AF186C269} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-12 20:09:32 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-06-17 20:33:20 -------- d-----w- C:\PROGRA~2\COMMON~1\XCPCSync.OEM 2014-06-17 20:33:20 -------- d-----w- C:\PROGRA~2\COMMON~1\Research In Motion 2014-06-17 20:09:48 -------- d-----w- C:\PROGRA~2\NuGet 2014-06-17 19:43:22 -------- d-----w- C:\PROGRA~2\Microsoft Web Tools 2014-06-15 14:48:14 -------- d-----w- C:\PROGRA~2\B-C ======= C: ===== ====== C:\Users\B1\AppData\Roaming ====== 2014-07-11 21:08:34 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\B1\AppData\Local\recently-used.xbel 2014-07-01 20:00:05 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prijsberekening 2014 (Versie 1.0.0) 2014-07-01 17:25:53 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Falck-Prijsberekening 2014 2014-06-30 08:57:42 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prijsberekening 2014 - Falck 2014-06-23 18:27:45 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Falck - Prijsberekening - Setup 2014-06-17 21:45:16 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Test Zonder Code 2014-06-17 21:26:32 -------- d-----w- C:\Users\B1\AppData\Local\Research In Motion 2014-06-17 21:26:30 -------- d-----w- C:\Users\B1\AppData\Roaming\Research In Motion 2014-06-16 17:04:45 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Falck - Prijsberekening 2014 - 2014-06-15 11:57:20 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Falck Prijsberekening 2014 2014-06-15 11:50:39 -------- d-----w- C:\Users\B1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FALCK 2014 ====== C:\Users\B1 ====== 2014-06-30 08:58:00 C43613F3AB42D3A73B07B48D053FEDCF 779264 ----a-w- C:\Users\B1\Desktop\Prijsberekening 2014 - Falck.exe 2014-06-17 20:33:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry 2014-06-17 20:33:36 -------- d-----w- C:\ProgramData\Research In Motion 2014-06-17 20:09:48 -------- d-----w- C:\ProgramData\NuGet 2014-06-15 14:48:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-C ====== C: exe-files == 2014-07-12 20:09:32 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\B1.exe 2014-07-09 10:29:37 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe 2014-07-09 10:29:36 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 2014-07-09 10:28:56 08ED70F000508724BAF881AA07C21BE1 758000 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-07-09 10:28:55 0F83DDFD1AD9716304BD998CAABB5933 763632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-07-09 10:28:49 211D047E6CBE134ABF6B02319C9FF063 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-07-09 10:28:48 F1D33F2C0AEDE67F85D9578BA49010DA 223232 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-07-09 10:28:48 AA9B90593C22088BF7B5F729031A1C26 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-07-09 10:28:48 8319DBE0C358D9330DB92AD41CD2C469 22528 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2014-07-09 10:28:48 82E7252FFD91D7ED5E07B17DAEF08F9A 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2014-07-12 10:47:40 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-07-12 10:47:28 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-07-12 10:47:28 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-07-12 10:47:28 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-07-09 10:29:37 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys 2014-07-09 10:29:34 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "msnmsgr (1)"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "Clownfish"="C:\Program Files (x86)\Clownfish\Clownfish.exe" "DAEMON Tools Pro Agent (1)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "DAEMON Tools Pro Agent (2)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "Facebook Update"="C:\Users\B1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Steam"="C:\Program Files (x86)\Steamm\Steam.exe -silent" "DAEMON Tools Pro Agent (3)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" "PivotSoftware"="C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe -delay=10" "DT ACR"="C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe " "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "IsaKbcCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe" "RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" "SweetIM"="C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Aeria Ignite"="C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe silent" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "Lexmark X5400 Series (1)"="C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe /s" "Lexmark X5400 Series"="C:\Program Files (x86) (x86)\Lexmark X5400 Series\fm3032.exe /s" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "lxdvamon"="C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe" "lxdvmon.exe"="C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe" "Sweetpacks Communicator"="C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" "UpdateSwi"="C:\Windows\kernels\ProcessSwi.exe" "VM_STI"="C:\Windows\VM_STI.exe Philips SPC315NC Webcam" "iTunesHelper (1)"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "msnmsgr (1)"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "Clownfish"="C:\Program Files (x86)\Clownfish\Clownfish.exe" "DAEMON Tools Pro Agent (1)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "DAEMON Tools Pro Agent (2)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "Facebook Update"="C:\Users\B1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Steam"="C:\Program Files (x86)\Steamm\Steam.exe -silent" "DAEMON Tools Pro Agent (3)"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll C:\\PROGRA~2\\MOVIES~1\\SAFETY~1\\SAFETY~2.DLL " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "lxdvamon"="C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe" "lxdvmon.exe"="C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "command"="C:\\Program Files (x86)\\PowerISO\\PWRISOVM.EXE -startup " "hkey"="HKLM" "item"="PWRISOVM.EXE" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Start WingMan Profiler] "command"="C:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe /noui" "hkey"="HKLM" "item"="Start WingMan Profiler" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TouchPortal] "command"="C:\\Program Files (x86)\\Acer\\Acer TouchPortal Express\\TouchPortalLauncher.exe na " "hkey"="HKLM" "item"="TouchPortal" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Folders ====================== 2014-02-20 19:27:59 2653 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-07-2014 00:10] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3664099744-2502927570-689082685-1015Core.job --a------ C:\Users\Bela - G\AppData\Local\Facebook\Update\FacebookUpdate.exe [11-12-2012 13:35] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3664099744-2502927570-689082685-1015UA.job --a------ C:\Users\Bela - G\AppData\Local\Facebook\Update\FacebookUpdate.exe [11-12-2012 13:35] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-03-2012 20:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-03-2012 20:49] C:\Windows\tasks\updater.job --a------ C:\Windows\SysWOW64\rundll32EC:\Users\B1\AppData\Roaming\Updater\updater_task.dll [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3664099744-2502927570-689082685-1015Core" [C:\Users\Bela - G\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3664099744-2502927570-689082685-1015UA" [C:\Users\Bela - G\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe] "C:\Windows\SysNative\tasks\updater" [C:\Windows\SysWOW64\rundll32.exe "C:\Users\B1\AppData\Roaming\Updater\updater_task.dll",schedule_task] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{30A5A454-1612-4272-9B67-18A2F2285434}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{01FB41FE-605C-4E69-9B79-805CDEC31883}" [C:\Games\League Of Legends\lol.launcher.exe] "C:\Windows\SysNative\tasks\{32E75F30-48A8-4D63-99F4-F0A55D036DDA}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{4CEC353F-9964-46B8-87CF-65F357ED1F88}" [C:\Program Files (x86)\THQ\Darksiders II\Darksiders2.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "avg@toolbar"="C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.7.644" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471 - Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com - Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\BELA-G~1\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default - Undetermined - C:\Users\Bela - G\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\ffxtlbr@delta.com - Undetermined - C:\Users\Bela - G\AppData\Roaming\Mozilla\Firefox\Profiles\egp8d5jc.default\extensions\plugin@yontoo.com - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash 045DCEC5BBF3C9F4A0788FDF90B1DEDE - C:\Users\B1\AppData\Roaming\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater CD375F6297DFD24BAA250C7E62FA1216 - C:\Users\B1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 4902717499A5AE1D3FB4FECAC376D8A7 - C:\Users\B1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll - Kalydo Player Plugin for Mozilla 81D388824634378A37765FD943FB3144 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cbnocfnjkmlljbfgpkbhefnlpbiemhif - C:\Users\B1\AppData\Roaming\OneTab\OneTab.crx[] clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[] jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn11.crx[] jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\BELA-G\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx[] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[] OneTab - B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif AdBlock - B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom ChatZum.com - Easy Pictures zoom - B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb GoPhoto.it - B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Browser Companion Helper - Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej AVG Safe Search - Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla AVG Secure Search - Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof GoPhoto.it - Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Browser Companion Helper - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej GoPhoto.it - Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk ==== Chrome Fix ====================== C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_clbfjfbnelcflpgpklppgplejolacbej_0.localstorage deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_clbfjfbnelcflpgpklppgplejolacbej_0.localstorage-journal deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_clbfjfbnelcflpgpklppgplejolacbej_0.localstorage deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_clbfjfbnelcflpgpklppgplejolacbej_0.localstorage-journal deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.chatzum.com/" "Search Page"="http://search.toggle.com/?lang=en&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://search.chatzum.com/" "Search Page"="http://search.toggle.com/?lang=en&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3664099744-2502927570-689082685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gputweak.exe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\touchportallauncher.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19D8A978-910D-32A6-1ED2-C7422B4CD0D3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\B1\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\B1\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\B1\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bela - G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bela - G\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Bela - G\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bela - G\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Murselino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\ShqiptaRacist\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\B1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5T28WTGA will be deleted at reboot C:\Users\B1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\781QIQZB will be deleted at reboot C:\Users\B1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Users\B1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat will be deleted at reboot C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\B1\AppData\Local\Mozilla\Firefox\Profiles\xte7hsmw.default-1371659222471\Cache emptied successfully C:\Users\Bela - G\AppData\Local\Mozilla\Firefox\Profiles\egp8d5jc.default\Cache emptied successfully C:\Users\Murselino\AppData\Local\Mozilla\Firefox\Profiles\lyfxfeq3.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\B1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Bela - G\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3146 folders=1648 2776579086 bytes) ==== Empty Temp Folders ====================== C:\Users\B1\AppData\Local\Temp will be emptied at reboot C:\Users\Bela - G\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Murselino\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\Test\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\B1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied