Zoek.exe v5.0.0.0 Updated 14-September-2014 Tool run by Stefan Kruithof on di 16-09-2014 at 11:05:43,46. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: V:\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-16-082811.log 25650 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} deleted successfully HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default user.js not found ---- Lines CT2504091 removed from prefs.js ---- user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2504091.FirstTime", "true"); user_pref("CT2504091.FirstTimeFF3", "true"); user_pref("CT2504091.LoginRevertSettingsEnabled", true); user_pref("CT2504091.PG_ENABLE", "dHJ1ZQ=="); user_pref("CT2504091.PG_ENABLE.enc", "dHJ1ZQ=="); user_pref("CT2504091.RevertSettingsEnabled", true); user_pref("CT2504091.SearchAppState.enc", "Mg=="); user_pref("CT2504091.UserID", "UN22816865247612234"); user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT2504091.addressUrlXPETakeover", "true"); user_pref("CT2504091.autoDisableScopes", 0); user_pref("CT2504091.defaultSearch", "false"); user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"get user_pref("CT2504091.enableAlerts", "always"); user_pref("CT2504091.enableFix404ByUser", "FALSE"); user_pref("CT2504091.enableSearchFromAddressBar", "true"); user_pref("CT2504091.firstTimeDialogOpened", "true"); user_pref("CT2504091.fixPageNotFoundError", "true"); user_pref("CT2504091.fixPageNotFoundErrorByUser", "true"); user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true"); user_pref("CT2504091.fixUrls", true); user_pref("CT2504091.installDate", "11/1/2013 14:21:21"); user_pref("CT2504091.installId", "conduitinstallerstub.exe"); user_pref("CT2504091.installType", "conduitnsisintegration"); user_pref("CT2504091.isCheckedStartAsHidden", true); user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2504091.isFirstTimeToolbarLoading", "false"); user_pref("CT2504091.isPerformedSmartBarTransition", "true"); user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT2504091.keyword", "true"); user_pref("CT2504091.lastVersion", "10.14.40.128"); user_pref("CT2504091.mam_gk_appStateReportTime", "%B7%B9%BF%B6%BB%B7%BB%BD%B9%B6%BC%BC%B6"); user_pref("CT2504091.mam_gk_appStateReportTime.enc", "MTM5MDUxNTczMDY2MA=="); user_pref("CT2504091.mam_gk_appState_CouponBuddy.enc", "b24="); user_pref("CT2504091.mam_gk_appState_PriceGong.enc", "b24="); user_pref("CT2504091.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2"); user_pref("CT2504091.mam_gk_appsDefaultEnabled.enc", "bnVsbA=="); user_pref("CT2504091.mam_gk_calledSetupService.enc", "MQ=="); user_pref("CT2504091.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD"); user_pref("CT2504091.mam_gk_currentVersion.enc", "MS4xMy4wLjE3"); user_pref("CT2504091.mam_gk_existingUsersRecoveryDone.enc", "MQ=="); user_pref("CT2504091.mam_gk_first_time", "%B7"); user_pref("CT2504091.mam_gk_first_time.enc", "MQ=="); user_pref("CT2504091.mam_gk_installer_preapproved.enc", "ZmFsc2U="); user_pref("CT2504091.mam_gk_lastLoginTime", "%B7%B9%BF%B6%BB%B7%BB%BD%B9%B6%BC%BA%B6"); user_pref("CT2504091.mam_gk_lastLoginTime.enc", "MTM5MDUxNTczMDY0MA=="); user_pref("CT2504091.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXG52YW4gZGUgZGFnIn0sImRtYm94MiI6eyJUZX user_pref("CT2504091.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); user_pref("CT2504091.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZS user_pref("CT2504091.mam_gk_settings1.12.0.5", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%EF user_pref("CT2504091.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZS user_pref("CT2504091.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZSw user_pref("CT2504091.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZSw user_pref("CT2504091.mam_gk_showCloseButton.enc", "dHJ1ZQ=="); user_pref("CT2504091.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB"); user_pref("CT2504091.mam_gk_showWelcomeGadget.enc", "ZmFsc2U="); user_pref("CT2504091.mam_gk_userBornDate", "%D4%B5%C7"); user_pref("CT2504091.mam_gk_userBornDate.enc", "Ti9B"); user_pref("CT2504091.mam_gk_userId", "%E7%EA%B8%BA%EC%BA%B8%EA%B3%E8%B9%BC%EC%B3%BA%BF%BA%B8%B3%E7%EC%B6%EA%B3%E8%EA%B7%BA%E7%EB%B8%B6%B9%B7%B6%B9"); user_pref("CT2504091.mam_gk_userId.enc", "YWQyNGY0MmQtYjM2Zi00OTQyLWFmMGQtYmQxNGFlMjAzMTAz"); user_pref("CT2504091.mam_gk_user_approval_interacted", "%B7"); user_pref("CT2504091.mam_gk_user_approval_interacted.enc", "MQ=="); user_pref("CT2504091.mam_gk_welcomeDialogMode", "%B7"); user_pref("CT2504091.mam_gk_welcomeDialogMode.enc", "MQ=="); user_pref("CT2504091.migrateAppsAndComponents", true); user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"https%3A%2F%2Fwww.kombijdepolitie.nl%2FVacatures%2FPage user_pref("CT2504091.openThankYouPage", "false"); user_pref("CT2504091.openUninstallPage", "false"); user_pref("CT2504091.price-gong.isManagedApp", "true"); user_pref("CT2504091.revertSettingsEnabled", "TRUE"); user_pref("CT2504091.search.searchAppId", "129079840422026594"); user_pref("CT2504091.search.searchCount", "0"); user_pref("CT2504091.searchInNewTabEnabledByUser", "false"); user_pref("CT2504091.searchInNewTabEnabledInHidden", "true"); user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}"); user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://VuzeRemote.OurToolbar.com//x user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}"); user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1396522959408"); user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1396522958928"); user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1396522959136"); user_pref("CT2504091.serviceLayer_services_login_10.14.40.128_lastUpdate", "1396522959035"); user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1396522959191"); user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1396522958514"); user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1396522958445"); user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1396522958945"); user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1396522959241"); user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1396522958994"); user_pref("CT2504091.settingsINI", true); user_pref("CT2504091.shouldFirstTimeDialog", "false"); user_pref("CT2504091.smartbar.CTID", "CT2504091"); user_pref("CT2504091.smartbar.Uninstall", "0"); user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote "); user_pref("CT2504091.startPage", "false"); user_pref("CT2504091.toolbarBornServerTime", "25-2-2013"); user_pref("CT2504091.toolbarCurrentServerTime", "3-4-2014"); user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1410087910117,\"isWithState\":\"\",\"timeFromStar user_pref("ct2504091.UserID", "UN22816865247612234"); user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN22816865247612234&q=" ---- Lines conduit removed from prefs.js ---- user_pref("smartbar.originalSearchAddressUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "13775aefc0fd20d677e4aca045b9d5cd"); ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "MWDONJSXSQJMSTAWEMQSIQUIDKNUMAMJEC3JNLTD1968L6TE94ZS9LXPP8+1W+LATD99YYZM8W2/WV/JTR0UPA"); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- prefs_16-09-2014_1113_.backup ==== Deleting Files \ Folders ====================== C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\toolbar@ask.com.xpi not found C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\crossriderapp3491@crossrider.com not found C:\Program Files\Java deleted C:\Program Files\Vuze_Remote deleted C:\Program Files\Conduit deleted C:\Program Files\MyPC Backup deleted C:\PROGRA~2\Ask deleted C:\PROGRA~2\APN deleted C:\PROGRA~2\Uniblue\DriverScanner deleted C:\PROGRA~2\Uniblue deleted C:\Users\Stefan Kruithof\AppData\Local\CRE deleted C:\Users\Stefan Kruithof\AppData\Local\Conduit deleted C:\Users\Stefan Kruithof\AppData\LocalLow\boost_interprocess deleted C:\Users\Stefan Kruithof\AppData\LocalLow\uTorrentBar_NL deleted C:\Users\Stefan Kruithof\AppData\LocalLow\PriceGong deleted C:\Users\Stefan Kruithof\AppData\LocalLow\Conduit deleted C:\Windows\wininit.ini deleted C:\Windows\system32\tasks\RocketTab deleted C:\Windows\system32\tasks\RocketTab Update Task deleted C:\END deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\tmp6B7E.tmp deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\GoogleToolbarData deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\CT2504091 deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\rapportive@rapportive.com deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\smartbar deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaBrightDemiBold.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaBrightDemiItalic.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaBrightItalic.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaBrightRegular.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaSansDemiBold.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaSansRegular.ttf" not deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaTypewriterBold.ttf" deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaTypewriterRegular.ttf" deleted "C:\Program Files\IBM" not deleted "C:\Program Files\IBM\SPSS" not deleted "C:\Program Files\IBM\SPSS\Statistics" not deleted "C:\Program Files\IBM\SPSS\Statistics\20" not deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE" not deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib" not deleted "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [24-06-2009 13:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default - British English Dictionary - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\en-GB@dictionaries.addons.mozilla.org - ChatZilla - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - DownloadHelper - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Undetermined - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\crossriderapp3491@crossrider.com - ReminderFox - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} - Undetermined - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} - Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - Screengrab - %ProfilePath%\extensions\{02450954-cdd9-410f-b1da-db804e18c671} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} - ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - ReminderFox - %ProfilePath%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - TinEye Reverse Image Search - %ProfilePath%\extensions\tineye@ideeinc.com.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - 4chan - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - Download Statusbar - %ProfilePath%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default FB5621842FDABF9F8359775573498FBC - C:\Users\Stefan Kruithof\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 6E594B2243C3F218A51234F18E7F36C1 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player 79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.1.0.30401.0.dll - Silverlight Plug-In 5596E40701BE8A4AEC399F57DBCE289E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 87FCE1D38F135B923EEC502825B5C7F6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 5A2AF08FEF626D3825AA7923B0A9DFF5 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 B033D1486EAD65BE7857114DFAFD8429 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 DA632EC5CCC16F0B0FAC9BB21C10B2C3 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 49DA696E73BC2CB49C0E374C7885F7AD - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat 0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery AE9C7C99459764D840E276DAFB65678E - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin E93467C5327C2760FCAB2B4670847496 - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll - DivX Player Netscape Plugin AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 9A6101F29E2E9D41B99CBCC8F106E8FE - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system 5596E40701BE8A4AEC399F57DBCE289E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 87FCE1D38F135B923EEC502825B5C7F6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 5A2AF08FEF626D3825AA7923B0A9DFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 B033D1486EAD65BE7857114DFAFD8429 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 DA632EC5CCC16F0B0FAC9BB21C10B2C3 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 49DA696E73BC2CB49C0E374C7885F7AD - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Stefan Kruithof\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17-01-2012 11:45] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Stefan Kruithof\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] AdBlock Premium - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj Reddit Enhancement Suite - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb ==== Chromium Startpages ====================== C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", ==== Chromium Fix ====================== C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Stefan Kruithof\Desktop\Aanpassen Fences.lnk - C:\Program Files\Stardock\Fences\Fences.exe /FromDesktop C:\Users\Stefan Kruithof\Desktop\Computer.lnk - V:\ C:\Users\Stefan Kruithof\Desktop\Dropbox.lnk - C:\Users\Stefan Kruithof\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Stefan Kruithof\Desktop\lol.launcher - Snelkoppeling.lnk - V:\Games\Riot Games\League of Legends\lol.launcher.exe C:\Users\Stefan Kruithof\Desktop\Photoshop CS3.lnk - C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop (2).exe C:\Users\Stefan Kruithof\Desktop\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files\Steam\Steam.exe C:\Users\Public\Desktop\TeamViewer 7.lnk - C:\Program Files\TeamViewer\Version7\TeamViewer.exe C:\Users\Public\Desktop\The Elder Scrolls V Skyrim.lnk - C:\Games\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Stefan Kruithof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Stefan Kruithof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Stefan Kruithof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Stefan Kruithof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files\Vuze\Azureus.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stefan Kruithof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Stefan Kruithof\AppData\Local\Mozilla\Firefox\Profiles\x6mfw68k.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6580 folders=708 973114465 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Stefan Kruithof\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\STEFAN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\IBM\SPSS\Statistics\20\JRE\lib\fonts\LucidaSansRegular.ttf" not found "C:\Users\Stefan Kruithof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Program Files\IBM" not found ==== EOF on di 16-09-2014 at 11:20:49,43 ======================