Zoek.exe v5.0.0.0 Updated 26-07-2014 Tool run by User on za 26-07-2014 at 16:38:36,48. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\User\Bureaublad\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 26-7-2014 4:42:22 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Diner Dash C:\Program Files\Foxit Software C:\Program Files\Foxy Games C:\Program Files\MarkAny C:\Program Files\Panda Security C:\Program Files\Common Files\SWF Studio C:\Documents and Settings\All Users\Menu Start\Programma's\Samsung C:\Documents and Settings\Administrator\Application Data\Apple Computer C:\Documents and Settings\LocalService\Application Data\Apple Computer C:\Documents and Settings\User\Application Data\Guyf C:\Documents and Settings\User\Application Data\Media Player Classic C:\Documents and Settings\User\Application Data\Orxow C:\Documents and Settings\User\Application Data\Ugokd C:\Documents and Settings\User\Local Settings\Application Data\DriverToolkit C:\Documents and Settings\User\Local Settings\Application Data\Samsung C:\Documents and Settings\User\Local Settings\Application Data\WMTools Downloaded Files ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} deleted successfully HKEY_USERS\S-1-5-21-1482476501-562591055-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{390C7E87-153C-12DB-2EA6-0BB301EB26E9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Documents and Settings\Gast\Application Data\Mozilla\Firefox\Profiles\zomzkv75.default user.js not found ---- Lines Torntv removed from prefs.js ---- user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.testingGaq.value", "%22http%3A//extclickm user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.name", "Torntv V6.0"); ---- Lines ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960 removed from prefs.js ---- user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.active", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.addressbar", "NA"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.addressbarenhanced", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb.was_copied", "true"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb_dbWasSet", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb.was_copied", "true"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb_dbWasSet", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.asyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.backgroundver", 8); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.certdomaininstaller", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.changeprevious", false); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.au.expiration", "Fri Feb 01 2030 00:00:00 user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.au.value", "%222014-4-29%22"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:0 user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.cnt.value", "%22NL%22"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.first_run.expiration", "Fri Feb 01 2030 0 user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.first_run.value", "%221%22"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.install.expiration", "Fri Feb 01 2030 00: user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.install.value", "%222014-4-24%22"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.InstallationTime.value", "1398342992"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.cookie.testingGaq.expiration", "Fri Feb 01 2030 user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.description", "The must-have App extensions for user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.domain", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.enablesearch", false); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.homepage", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.iframe", false); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.InstallationTime", 1398342992); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParamsCache.expiration", "Fr user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerParamsCache.value", "%7B%22s user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerUserIdentifiersCache.expirat user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.InstallerUserIdentifiersCache.value", user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_bundledUrls.expir user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_bundledUrls.value user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_bundledWithHash.e user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_bundledWithHash.v user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_notBundledArr_.ex user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.monetization_plugin_notBundledArr_.va user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_appVer.value", "102"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_lastVersion.value", "4"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_nextCheck.expiration", "Wed user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_remote_resources.expiration user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.internaldb.Resources_remote_resources.value", "% user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.lastDailyReport", "1398793623825"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.lastUpdate", "1398793625436"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.manifesturl", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.newtab", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.opensearch", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.pluginsurl", "http://js.clientdemostack.com/plug user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.pluginsversion", 94); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.publisher", "installdaddy"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.searchstatus", 0); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.setnewtab", false); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.thankyou", ""); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.updateinterval", 360); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.45960.ver", 102); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.apps", "45960"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.bic", "1440350f04f842c75a762d3363d8b8cd"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.cid", 45960); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.FilesValidatorDueTime", "1398793680795"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.firstrun", false); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.hadappinstalled", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.installationdate", 1398342992); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.modetype", "production"); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.reportInstall", true); user_pref("extensions.ae2fd07a6e2824f2e896585565fcb6384b69158e63c3b476c9d98ae5838c5b707com45960.statsDailyCounter", 2); ---- FireFox user.js and prefs.js backups ---- prefs_26-07-2014_1703_.backup ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\avalgpeo.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_26-07-2014_1703_.backup ==== Deleting Files \ Folders ====================== C:\WINDOWS\system32\dxtmsftt.dll deleted C:\Documents and Settings\User\.android deleted C:\Program Files\ComPlus Applications deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\Documents and Settings\User\Application Data\BitLord deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallMate deleted C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote deleted C:\Documents and Settings\User\Local Settings\Application Data\cache deleted "C:\WINDOWS\Installer\2d5cef8.msi" deleted "C:\Documents and Settings\User\Application Data\Avcy\tauf.abk" deleted "C:\Documents and Settings\User\Application Data\Wemo\oldy.tmp" deleted "C:\Documents and Settings\User\Application Data\Wemo\oldy.xui" deleted "C:\Documents and Settings\User\Application Data\Kuuma\myiryc.ywp" deleted "C:\Documents and Settings\User\Application Data\Niuge\hilu.yrw" deleted "C:\Documents and Settings\User\Application Data\Hyynra\duput.fos" deleted "C:\Documents and Settings\User\Application Data\Avcy" deleted "C:\Documents and Settings\User\Application Data\Guyf" deleted "C:\Documents and Settings\User\Application Data\Wemo" deleted "C:\Documents and Settings\User\Application Data\Kuuma" deleted "C:\Documents and Settings\User\Application Data\Niuge" deleted "C:\Documents and Settings\User\Application Data\Orxow" deleted "C:\Documents and Settings\User\Application Data\Ugokd" deleted "C:\Documents and Settings\User\Application Data\Hyynra" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-07-09 16:26:48 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\WINDOWS\avastSS.scr ====== C:\DOCUME~1\User\LOCALS~1\Temp ==== 2014-07-26 12:09:16 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\erunt\ERUNT.EXE 2014-07-22 19:02:05 DC8BC1AFC34BBE9754832042DBA7582F 473696 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\HulaTooSetup.exe 2014-07-22 19:02:05 8EF4A17B9892B0050B340E412B3D2369 776784 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\amt_webssearches.exe ====== Java Cache ===== ====== C:\WINDOWS\system32 ===== 2014-07-24 08:46:28 5CDF5EFE99B0DFB1813CE6396B82019B 310272 ----a-w- C:\WINDOWS\System32\CNMLMAQ.DLL 2014-07-24 08:44:25 CFC7EF91A95CFB3E55B665E47BD25126 114688 ----a-w- C:\WINDOWS\System32\CNC_AQI.dll 2014-07-24 08:44:25 394B4D8622681D86D8224278A2A2E86E 63744 ----a-w- C:\WINDOWS\System32\CNC1751D.TBL 2014-07-24 08:44:25 23588DC94FBBA00CE056FBF349AB2026 323584 ----a-w- C:\WINDOWS\System32\CNC_AQL.dll 2014-07-24 08:44:24 907ABF5B73F1E7BA8D2E3B5358FA15F8 286720 ----a-w- C:\WINDOWS\System32\CNC_AQC.dll 2014-07-24 08:44:23 BA8742F10E0737E814C166FCB1930698 114688 ----a-w- C:\WINDOWS\System32\CNC_AQU.dll 2014-07-24 08:44:19 D16CF34B17899F90A8FCF2A3F77B4A27 15872 ----a-w- C:\WINDOWS\System32\CNHMCA.dll ====== C:\WINDOWS\system32\drivers ===== 2014-07-26 12:26:24 AED25CDB09FB4E56F45DAF6C9A1D3ED3 53208 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys 2014-07-26 12:26:24 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys 2014-07-24 08:45:35 A717C8721046828520C9EDF31288FC00 25856 ----a-w- C:\WINDOWS\System32\drivers\usbprint.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-07-26 13:27:54 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Documents and Settings\User\Application Data ====== 2014-07-22 19:48:42 -------- d-----w- C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings\Application Data\Microsoft 2014-07-22 19:48:39 -------- d-----w- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft 2014-07-22 19:02:40 -------- d-----w- C:\Documents and Settings\User\Application Data\3283 ====== C:\Documents and Settings\User ====== 2014-07-26 13:24:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\User\Bureaublad\RSIT.exe 2014-07-26 12:24:55 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Documents and Settings\User\Bureaublad\mbam-setup-2.0.2.1012.exe 2014-07-26 12:08:56 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Documents and Settings\User\Bureaublad\JRT.exe 2014-07-26 11:59:21 B653DD91D5D6E519D3357A80A15A5DFB 1354223 ----a-w- C:\Documents and Settings\User\Bureaublad\adwcleaner_3.216.exe 2014-07-25 23:28:38 -------- d--h--r- C:\Documents and Settings\User\Onlangs geopend 2014-07-22 19:48:43 -------- d-----w- C:\Documents and Settings\TEMP.NT AUTHORITY\Cookies 2014-07-22 19:48:42 -------- d-----w- C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings 2014-07-22 19:48:39 -------- d-----w- C:\Documents and Settings\TEMP\Local Settings 2014-07-22 19:48:39 -------- d-----w- C:\Documents and Settings\TEMP\Cookies ====== C: exe-files == 2014-07-26 13:27:58 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\User.exe 2014-07-26 13:24:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Documents and Settings\User\Bureaublad\RSIT.exe 2014-07-26 12:40:48 DF6C85879B26B551DB4C091D5B9E3A8C 9518328 ----a-w- C:\Documents and Settings\User\Mijn documenten\Downloads\tweaking.com_windows_repair_aio_setup.exe 2014-07-26 12:24:55 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Documents and Settings\User\Bureaublad\mbam-setup-2.0.2.1012.exe 2014-07-26 12:24:27 5EAA65AD005F4449CB1B0F048D87DC44 244280 ----a-w- C:\Documents and Settings\User\Mijn documenten\Downloads\Firefox Setup Stub 31.0.exe 2014-07-26 12:09:16 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\erunt\ERUNT.EXE 2014-07-26 12:08:56 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Documents and Settings\User\Bureaublad\JRT.exe 2014-07-26 11:59:21 B653DD91D5D6E519D3357A80A15A5DFB 1354223 ----a-w- C:\Documents and Settings\User\Bureaublad\adwcleaner_3.216.exe 2014-07-24 08:48:41 C943F5B452A35C6EDAA1795098A4FF0F 474528 ----a-w- C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series\DelDrv.exe 2014-07-24 08:46:41 8B836791C8819DF83D8AC39224C087FC 62064 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\canonmg2100_series0424\CNMVSAQ.EXE 2014-07-24 08:46:41 8B836791C8819DF83D8AC39224C087FC 62064 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMVSAQ.EXE 2014-07-24 08:46:33 0CEB5E9A950D950CDCCE44AABA2B8BC8 20592 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\canonmg2100_series0424\CNMSEAQ.EXE 2014-07-24 08:46:33 0CEB5E9A950D950CDCCE44AABA2B8BC8 20592 ----a-w- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSEAQ.EXE 2014-07-23 19:07:12 3A10B03B41FE3390D696B3B9232B4796 418784 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2014-07-23 19:06:56 925835B5C3214AFC87ED577C4FF69DF5 414788 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\DPC\Uninstaller.exe 2014-07-23 19:06:18 9A4B8CFD46D3F8BF58931A2F39EC9B32 414516 ----a-w- C:\Documents and Settings\All Users\Application Data\DivX\AVCCodec\Uninstaller.exe 2014-07-22 19:02:05 DC8BC1AFC34BBE9754832042DBA7582F 473696 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\HulaTooSetup.exe 2014-07-22 19:02:05 8EF4A17B9892B0050B340E412B3D2369 776784 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\amt_webssearches.exe 2014-07-22 18:26:48 78DC6F21D9DB7845CC6E3F844965ECF4 1859152 ----a-w- C:\Documents and Settings\User\Mijn documenten\Downloads\uTorrent.exe === C: other files == 2014-07-26 12:26:24 AED25CDB09FB4E56F45DAF6C9A1D3ED3 53208 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys 2014-07-26 12:26:24 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2014-07-26 12:09:15 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\TDL4.bat 2014-07-26 12:09:15 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\medfos.bat 2014-07-26 12:09:15 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\modules.bat 2014-07-26 12:09:15 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\searchlnk.bat 2014-07-26 12:09:15 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\firefox.bat 2014-07-26 12:09:15 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\ev_clear.bat 2014-07-26 12:09:15 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\runvalues.bat 2014-07-26 12:09:15 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\delorphans.bat 2014-07-26 12:09:15 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\get.bat 2014-07-26 12:09:15 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\prelim.bat 2014-07-26 12:09:15 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\chrome.bat 2014-07-26 12:09:15 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\misc.bat 2014-07-26 12:09:15 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\ask.bat 2014-07-26 12:09:15 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\iexplore.bat 2014-07-26 12:09:15 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\JRT.bat 2014-07-26 12:09:15 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\FWPolicy.bat 2014-07-26 12:09:15 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Documents and Settings\User\Local Settings\Temp\jrt\delfolders.bat 2014-07-24 08:45:35 A717C8721046828520C9EDF31288FC00 25856 -c--a-w- C:\WINDOWS\system32\dllcache\usbprint.sys 2014-07-24 08:45:35 A717C8721046828520C9EDF31288FC00 25856 ----a-w- C:\WINDOWS\system32\drivers\usbprint.sys 2014-07-22 20:34:36 0A1C08C032B0FBBF800122B385A83E68 1262 ----a-w- C:\Documents and Settings\User\Mijn documenten\Downloads\resetdma.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1482476501-562591055-1644491937-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe /background" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="regsvr32 /s /n /i:U shell32" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="regsvr32 /s /n /i:U shell32" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="regsvr32 /s /n /i:U shell32" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="regsvr32 /s /n /i:U shell32" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="C:\\Program Files\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FacebookUpdate" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleUpdate" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxtray" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxtray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMJPMIG" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="igfxpers" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\igfxpers.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TINTSETP" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSUAMain] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSUAMain" "hkey"="HKLM" "command"="\"C:\\Program Files\\Panda Security\\Panda Cloud Antivirus\\PSUAMain.exe\" /LaunchSysTray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDCPL" "hkey"="HKLM" "command"="RTHDCPL.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xyutakif] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Xyutakif" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\User\\Application Data\\Guyf\\egyqi.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{9DDDD23D-EC1A-80A8-4188-2038B16F5F62}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="{9DDDD23D-EC1A-80A8-4188-2038B16F5F62}" "hkey"="HKCU" "command"="\"C:\\Documents and Settings\\User\\Application Data\\Orxow\\ynengoo.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^User^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2 .lnk] "path"="C:\\Documents and Settings\\User\\Menu Start\\Programma's\\Opstarten\\OpenOffice.org 3.2 .lnk" "backup"="C:\\WINDOWS\\pss\\OpenOffice.org 3.2 .lnkStartup" "command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE " "item"="OpenOffice.org 3.2 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\WINDOWS\tasks\avast\Undetermined Task.exe [] C:\WINDOWS\tasks\Microsoft Windows XP - aanmelding voor kennisgeving over einde van service.job --a------ [Undetermined Task] C:\WINDOWS\tasks\Microsoft Windows XP - maandelijkse kennisgeving over einde van service.job --a------ [Undetermined Task] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22-06-2014 00:11] ==== Firefox Extensions ====================== ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\avalgpeo.default - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\avalgpeo.default 0E6777D3B8354A87A237F1924D76C8C7 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player 738C29EAC995029E13333034C1402F56 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash 79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 8F24103AB984847AA2939F58F19CCC98 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U21 ADC539F67D3198679F480974EE203678 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09-07-2014 18:26] Select City - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Torntv V9.0 - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn Google Wallet - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Extended Protection - NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo ==== Chrome Fix ====================== C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0.localstorage deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0.localstorage-journal deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_lmnbobhffedhdhfpcjkjphcfpeeiocdn_0 deleted successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\lmnbobhffedhdhfpcjkjphcfpeeiocdn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Default_Search_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.google.com" "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUAMain deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xyutakif deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9DDDD23D-EC1A-80A8-4188-2038B16F5F62} deleted successfully ==== Empty IE Cache ====================== C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Gast\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\TEMP.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Documents and Settings\Gast\Local Settings\Application Data\Mozilla\Firefox\Profiles\zomzkv75.default\Cache emptied successfully C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\avalgpeo.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=426 folders=104 43623583 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Administrator\Local Settings\Temp emptied successfully C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\Gast\Local Settings\Temp emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully C:\Documents and Settings\User\Local Settings\Temp will be emptied at reboot C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\User\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted ==== EOF on za 26-07-2014 at 17:24:50,14 ======================