Zoek.exe v5.0.0.0 Updated 04-October-2014 Tool run by Gabri‰l on zo 05/10/2014 at 20:13:38,70. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\GABRIL~1\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 5/10/2014 20:15:57 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\ATI Technologies deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\predm deleted successfully C:\Program Files\WS-Enabler deleted successfully C:\Users\GABRIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Notepad++ deleted successfully C:\Users\GABRIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Zuma Deluxe RA deleted successfully C:\PROGRA~2\ALM deleted successfully C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\WinZip deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} deleted successfully HKEY_CLASSES_ROOT\CLSID\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef} deleted successfully HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_CLASSES_ROOT\CLSID\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780} deleted successfully HKEY_CLASSES_ROOT\CLSID\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted successfully HKEY_CLASSES_ROOT\CLSID\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Boonty Games deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UtilityChest_49Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UtilityChest_49Service deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default user.js not found ---- Lines WebSearch removed from prefs.js ---- user_pref("extensions.mywebsearch.prevDefaultEngine", "Google"); user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevKwdURL", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlu user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.prev", "http://www.gezinsbondharelbeke.be"); user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.homepage.tb", "http://home.tb.ask.com/index.jhtml?ptb=08D90DCB-8B3C-4948-93ED-0480 user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.savedPrev", 1); user_pref("extensions.toolbar.mindspark._49Members_.browser.startup.page.tb", 1); user_pref("extensions.toolbar.mindspark._49Members_.BUTTON_STRUCTURE", "[{\"b\":221352991,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221352992, user_pref("extensions.toolbar.mindspark._49Members_.firstKnownVersion", "5.40.2.40794"); user_pref("extensions.toolbar.mindspark._49Members_.homepage", "http://home.tb.ask.com/index.jhtml?ptb=08D90DCB-8B3C-4948-93ED-048069EFC54A&n=77fd0e7a user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true); user_pref("extensions.toolbar.mindspark._49Members_.hp.guardType", "HPG"); user_pref("extensions.toolbar.mindspark._49Members_.hp.lastGuardTime", 2028087049); user_pref("extensions.toolbar.mindspark._49Members_.hp.numGuards", 1); user_pref("extensions.toolbar.mindspark._49Members_.initialized", true); user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013073018"); user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm043^YYA^be"); user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "PI_UT_FIG_BEL_101"); user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true); user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "08D90DCB-8B3C-4948-93ED-048069EFC54A"); user_pref("extensions.toolbar.mindspark._49Members_.isCompliantUninstallImplementation", true); user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1412531674906"); user_pref("extensions.toolbar.mindspark._49Members_.lastKnownVersion", "6.72.4.54396"); user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true); user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true); user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "passim||restaurant Passim||restaurant Passim Kuurne||De Gastronoom Beveren-Leie| user_pref("extensions.toolbar.mindspark._49Members_.toolbarCollapsed", true); user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001"); user_pref("extensions.toolbar.mindspark.hp.enabled", true); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "utilitychest@mindspark.com"); user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com"); ---- Lines snapdo removed from prefs.js ---- user_pref("extensions.helperbar.downloadprovider", "snapdott"); user_pref("extensions.helperbar.publisher", "snapdott"); ---- Lines ask.com removed from prefs.js ---- user_pref("browser.startup.homepage", "http://home.tb.ask.com/index.jhtml?ptb=08d90dcb-8b3c-4948-93ed-048069efc54a&n=77fd0e7a&p2=^zo^xdm043^yya^be&si= user_pref("keyword.URL", "http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=08D90DCB-8B3C-4948-93ED-048069EFC54A&n=77fd0e7a&ind=2013073018&p2=^Z ---- Lines wajam removed from prefs.js ---- user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledUrls.value ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "146aed4e428f689bd773829d453b78ec"); ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0,49ffxtbr%40UtilityChest_49.com:6.72.4.54396,belgiumeid%40eid.b user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Program Files ---- Lines helperbar removed from prefs.js ---- user_pref("extensions.helperbar.backPageCapacity", 3); user_pref("extensions.helperbar.backPageCounter", 0); user_pref("extensions.helperbar.backPageDay", 18); user_pref("extensions.helperbar.backPageLastEvent", "1402919737649"); user_pref("extensions.helperbar.backPageMinInterval", 15); user_pref("extensions.helperbar.barcodeid", "144083"); user_pref("extensions.helperbar.countryiso", "be"); user_pref("extensions.helperbar.DockingPositionDown", false); user_pref("extensions.helperbar.fromautoupdate", "false"); user_pref("extensions.helperbar.installationid", "70e17ea5-1d19-5b7c-e0e4-7aac4e4fc10d"); user_pref("extensions.helperbar.installdate", "18/06/2014"); user_pref("extensions.helperbar.keepAliveLastevent", "1403092525"); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); user_pref("extensions.helperbar.Visibility", false); ---- Lines aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599 removed from prefs.js ---- user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.active", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.addressbar", "NA"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.addressbarenhanced", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncdb.was_copied", "true"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncdb_dbWasSet", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncinternaldb.was_copied", "true"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncinternaldb_dbWasSet", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.asyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.backgroundver", 1); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.certdomaininstaller", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.changeprevious", false); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.cookie.InstallationTime.value", "%221403092324%2 user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.cookie.InstallerParams.expiration", "Fri Feb 01 user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.cookie.InstallerParams.value", "%7B%22source_id% user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.description", "MediaPlayerEnhance Extension"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.domain", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.enablesearch", false); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.homepage", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.iframe", false); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.InstallationThankYouPage", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.InstallationTime", 1403092324); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.__defualt_browser__.expiration", "Fri user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.__defualt_browser__.value", "%22ff%22 user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb._installer_additional_info.expiration user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb._installer_additional_info.value", "% user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.installer.expiration", "Fri Feb 01 20 user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.installer.value", "%7B%22InstallerIde user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerIdentifiers.expiration", "Fr user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerIdentifiers.value", "%7B%22i user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerParams.expiration", "Fri Feb user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerParams.value", "%7B%22source user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerParamsCache.expiration", "Fr user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerParamsCache.value", "%7B%22s user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerUserIdentifiersCache.expirat user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.InstallerUserIdentifiersCache.value", user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledUrls.expir user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledWithHash.e user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledWithHash.v user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_notBundledArr_.ex user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_notBundledArr_.va user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_appVer.value", "20"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_nextCheck.expiration", "Wed user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_remote_resources.expiration user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.Resources_remote_resources.value", "% user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.lastDailyReport", "1403092527801"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.lastUpdate", "1403092527648"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.manifesturl", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.name", "video MediaPlayer"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.newtab", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.opensearch", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.pluginsurl", "http://js.datagenserv.com/plugin/a user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.pluginsversion", 16); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.publisher", "enter"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.searchstatus", 0); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.setnewtab", false); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.thankyou", ""); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.updateinterval", 360); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.ver", 20); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.apps", "59599"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.bic", "146aed4e428f689bd773829d453b78ec"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.cid", 59599); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.firstrun", false); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.hadappinstalled", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.installationdate", 1403092526); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.installerAdditionalInfo", "{\"asw\":[0, 5, 0]}"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.modetype", "production"); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.reportInstall", true); user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.statsDailyCounter", 1); ---- Lines extensions.Dogqjwn8 removed from prefs.js ---- user_pref("extensions.Dogqjwn8.epoch", "1401213312"); user_pref("extensions.Dogqjwn8.url", "http://foreveryshare.ru/sync2/?q=hfZ9ofbLDGhEAen0rchTB6lKDzt4oktxtNtVh7n0rjnErTs6rTsFpdaFtMFHhd9Fqda8rTgFqHk8rja ---- Lines extensions.H7ofu removed from prefs.js ---- user_pref("extensions.H7ofu.epoch", "1405787488"); user_pref("extensions.H7ofu.url", "http://webdireect.in/sync2/?q=hfZ9oeZJh7YMCyVUojaMg708BNmGWj8cmihGheDUojw9rdCEqdsErjaHrihIC7n0rjnEqHw5rjgHrjs4tNhVC ---- Lines extensions.M_7gYo6Hi removed from prefs.js ---- user_pref("extensions.M_7gYo6Hi.epoch", "1401213312"); user_pref("extensions.M_7gYo6Hi.url", "http://foreveryshare.ru/sync2/?q=hfZ9oemMqchEAen0rchTB6lKDzt4oktxtNtVh7n0rjnErTsFrjs9qTw5tMFHhd9Fqda8rTgFqHk8rj ---- Lines extensions.hHAVw8H removed from prefs.js ---- user_pref("extensions.hHAVw8H.epoch", "1403374319"); user_pref("extensions.hHAVw8H.url", "http://downloadusaweb.us/sync2/?q=hfZ9oet7gMCMCyVUojaMg708BNmGWj8cmihGheDUojw9rdgEqHwEqjs8qGhIC7n0rjnEqTsErjYFrjk ---- Lines extensions.xKh removed from prefs.js ---- user_pref("extensions.xKh.epoch", "1405787488"); user_pref("extensions.xKh.url", "http://starrnice.eu/sync2/?q=hfZ9ofV9CShEAen0pdY6tMqLDe49CNU0nUkMCMlNhd9FqdaGrdYFrdn4rdUMBzqUojw9rdCFpdw7rHa9rih7hfs0 ---- Lines extensions.yv1znDCC removed from prefs.js ---- user_pref("extensions.yv1znDCC.epoch", "1401213311"); user_pref("extensions.yv1znDCC.url", "http://getsyncer5.info/sync2/?q=hfZ9ofDSC6gMCyVUojY5qGhTB6lKDzt4oktxtNtVh7n0rjnErTa5rja9pdk8tMFHhd9Fqda8rTgFqHk9 ---- FireFox user.js and prefs.js backups ---- prefs_20140510_2051_.backup ProfilePath: C:\Users\GABRIL~1\AppData\Roaming\TomTom\HOME\Profiles\w8w003ce.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20140510_2051_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C51072D7-B058-5C73-BA0F-B3B7818C42ED}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fst_be_43] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\t4pc_en_6] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Utility Chest Search Scope Monitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UtilityChest_49 Browser Plugin Loader] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\49ffxtbr@UtilityChest_49.com not found C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com not found C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\oscpaez-yeuo@uuiotzaaiekdgx.edu not found C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} not found C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\49ffxtbr@UtilityChest_49.com not found "C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\searchplugins\Web Search.xml" not found C:\Program Files\greatssaveearr deleted C:\ProgramData\greatssaveearr deleted C:\ProgramData\ChEapMe deleted C:\Program Files\UtilityChest_49 deleted C:\Program Files\video MediaPlayer deleted C:\Program Files\Common Files\BOONTY Shared deleted C:\Program Files\globalUpdate deleted C:\Program Files\Re-markit-soft deleted C:\Users\GABRIL~1\AppData\Local\UtilityChest_49 deleted C:\Users\GABRIL~1\appdata\locallow\UtilityChest_49 deleted C:\Users\GABRIL~1\AppData\LocalLow\{0541FCFA-18F8-2B4A-4190-E12F8A682037} deleted C:\Users\GABRIL~1\AppData\LocalLow\{ACBC81CF-193E-2265-B915-6BB55597B055} deleted C:\Users\GABRIL~1\AppData\LocalLow\{C51072D7-B058-5C73-BA0F-B3B7818C42ED} deleted C:\Users\GABRIL~1\AppData\LocalLow\{DC05856A-7AFC-8C8F-93A6-49DEFB60DAC0} deleted C:\PROGRA~2\23f13a7a01cf57ed deleted C:\PROGRA~2\YOTubErAdseRoemov deleted C:\Program Files\Registry Mechanic deleted C:\found.000 deleted C:\PROGRA~2\SetApp deleted C:\PROGRA~2\50CoupponS deleted C:\PROGRA~2\InstallMate deleted C:\PROGRA~2\Package Cache deleted C:\Users\GABRIL~1\AppData\Local\globalUpdate deleted C:\Users\GABRIL~1\AppData\Local\com deleted C:\Users\GABRIL~1\AppData\Local\LPT deleted C:\Users\GABRIL~1\AppData\Local\jZip deleted C:\Users\GABRIL~1\AppData\Local\Smartbar deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard deleted C:\Users\GABRIL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Search.lnk deleted C:\Users\GABRIL~1\AppData\LocalLow\jZip deleted C:\Users\GABRIL~1\AppData\LocalLow\Smartbar deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\Windows\system32\tasks\globalUpdateUpdateTaskMachineCore deleted C:\Windows\system32\tasks\globalUpdateUpdateTaskMachineUA deleted C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\searchplugins\Web Search.xml deleted C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\49ffxtbr@UtilityChest_49.com deleted C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com deleted C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\oscpaez-yeuo@uuiotzaaiekdgx.edu deleted "C:\Program Files\jZip\jZipShell.dll" deleted "C:\Program Files\Java\jre7\lib\rt.jar" not deleted "C:\Program Files\Java" not deleted "C:\Program Files\jZip" not deleted "C:\Program Files\Java\jre7" not deleted "C:\Program Files\Java\jre7\lib" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GABRIL~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-09-24 15:24:16 F11A14F1472023B429705F16F085F471 2048 ----a-w- C:\Windows\System32\tzres.dll ====== C:\Windows\system32\drivers ===== 2014-09-23 21:03:56 33BC55817D91C409C6BB85C0EA8802AE 63576 ----a-r- C:\Windows\System32\drivers\SymIMV.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-04 17:16:22 -------- d-----w- C:\Program Files\trend micro 2014-09-30 17:40:06 -------- d-----w- C:\Program Files\Notepad++ 2014-09-16 09:59:31 -------- d-----w- C:\Program Files\BeID Minidriver 2014-09-16 09:59:30 -------- d-----w- C:\Program Files\Belgium Identity Card ======= C: ===== ====== C:\Users\GABRIL~1\AppData ====== 2014-09-30 17:40:06 -------- d-----w- C:\Users\GABRIL~1\AppData\Roaming\Notepad++ 2014-09-10 17:47:37 -------- d-----w- C:\Users\GABRIL~1\AppData\Roaming\VASCO 2014-09-10 17:43:11 -------- d-----w- C:\Users\GABRIL~1\AppData\Local\Package Cache ====== C:\Users\GABRIL~1 ====== 2014-10-04 17:15:59 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\GABRIL~1\Downloads\RSIT.exe 2014-09-30 17:40:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2014-09-30 17:38:49 30C9C2B9B5D3714CCAA2B23E23377CF1 7945210 ----a-w- C:\Users\GABRIL~1\Downloads\npp.6.6.9.Installer.exe 2014-09-30 15:52:35 9AE4C48DB6D9EB7D060C71AB1AABF5F0 4965896 ----a-w- C:\Users\GABRIL~1\Downloads\ccsetup418.exe 2014-09-16 10:00:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID ====== C: exe-files == 2014-10-04 17:16:23 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gabriël.exe 2014-10-04 17:15:59 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gabriël\Downloads\RSIT.exe 2014-10-04 10:20:25 EC68F9268208232F3A065D8DB3E48A22 60928 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\php\php.exe 2014-10-04 10:20:25 D584E12BD1C4E4C4EFD925F36B15F25F 22016 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\apache2\bin\httpd_usbwv8.exe 2014-10-04 10:20:25 CBB1CEC990469278A90DBFEE4B305123 416256 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\apache2\bin\openssl.exe 2014-10-04 10:20:25 708B0572742A880B4DCD66C2391201C6 10948096 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\bin\mysqld_usbwv8.exe 2014-10-04 10:20:25 64E369F7714B08D58F23004617D73348 704512 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\usbwebserver.exe 2014-09-30 17:40:13 1102FAA8E8722AED622EDC1F0584B642 278662 ----a-w- C:\Program Files\Notepad++\uninstall.exe 2014-09-30 17:38:49 30C9C2B9B5D3714CCAA2B23E23377CF1 7945210 ----a-w- C:\Users\Gabriël\Downloads\npp.6.6.9.Installer.exe 2014-09-30 15:52:35 9AE4C48DB6D9EB7D060C71AB1AABF5F0 4965896 ----a-w- C:\Users\Gabriël\Downloads\ccsetup418.exe === C: other files == 2014-10-04 10:20:25 FADFF20390F7911155E558489159C23B 61969 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\korean\errmsg.sys 2014-10-04 10:20:25 FA0CAB72A845758E0AB807CEC81B1688 59665 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\czech\errmsg.sys 2014-10-04 10:20:25 DF22279E84FD1CD8BB5C18A62D824852 60622 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\romanian\errmsg.sys 2014-10-04 10:20:25 D781D9CDCC064DE9ACC50114026ED363 66373 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\japanese\errmsg.sys 2014-10-04 10:20:25 D1B6B2B13CF307C7CBED30A173A7DF25 61322 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\serbian\errmsg.sys 2014-10-04 10:20:25 C0D82D349A13843970E5F522D6BC9BDD 59741 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\swedish\errmsg.sys 2014-10-04 10:20:25 BA2C6A630055CF55863CC9D366F15F90 60671 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\dutch\errmsg.sys 2014-10-04 10:20:25 B07CACE51BF5E14C516AC1E23341BEDF 66628 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\german\errmsg.sys 2014-10-04 10:20:25 B031571F1D39037390031AC3F96D04B7 60698 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\italian\errmsg.sys 2014-10-04 10:20:25 AC4F3F6FE4109F3B4C29DBC94B7AC840 60530 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\spanish\errmsg.sys 2014-10-04 10:20:25 AB7D7A73288984EA77F4575FFEDB6C4C 59574 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\polish\errmsg.sys 2014-10-04 10:20:25 A72E271EE7100730AB4065E03065AF38 58989 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\norwegian-ny\errmsg.sys 2014-10-04 10:20:25 9171A4F9AE14C920EBDAFC2DD4929DAE 74536 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\russian\errmsg.sys 2014-10-04 10:20:25 7B9BB1970AA681505A285DB5C11DEAD5 59133 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\bulgarian\errmsg.sys 2014-10-04 10:20:25 5D1416FC0CF2F9BACE6771F936183465 58845 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\english\errmsg.sys 2014-10-04 10:20:25 5787C451429D6FE7B5EE116591DC9589 59148 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\estonian\errmsg.sys 2014-10-04 10:20:25 4F36B5297F92A6E83C43596B13166A1C 59392 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\slovak\errmsg.sys 2014-10-04 10:20:25 45B553FC3982C58FCCB93E0690CA08B1 65657 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\greek\errmsg.sys 2014-10-04 10:20:25 2FF657CC5C171587C9CCB8E77A910036 58936 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\norwegian\errmsg.sys 2014-10-04 10:20:25 2AFCEF234691B9681512EF35E4FFC42E 61901 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\portuguese\errmsg.sys 2014-10-04 10:20:25 21AF2C53EC3E4EEC407EAAD52562BBCB 68935 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\ukrainian\errmsg.sys 2014-10-04 10:20:25 1B24D83B129BA67B935C8793BE4DC4A3 59535 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\hungarian\errmsg.sys 2014-10-04 10:20:25 1636A43612FA3330A764FFF062EB9408 60308 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\french\errmsg.sys 2014-10-04 10:20:25 056ABEF7E6C84FB1F8D436A6EB2AC0ED 59672 ----a-w- C:\Users\Gabriël\Documents\Gezinsbond\Site Gabriel1\www\mysql\share\danish\errmsg.sys 2014-10-03 18:54:50 D3F7FB40012382F7B206200AE794FBD7 384728 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\symtdiv.sys 2014-10-03 18:54:50 CCD9B61DD6AB649B69143523C0D6391B 447704 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\symnets.sys 2014-10-03 18:54:50 B70A98F20B4180F2751CFD7656116342 936152 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\symefa.sys 2014-10-03 18:54:50 02F3073C3933190DFD24BC35800172B4 21520 ----a-r- C:\Windows\System32\drivers\NIS\1506000.020\symelam.sys 2014-10-03 18:54:49 D3EE2801E382ED0B37169B2AF153E3A0 32984 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\srtspx.sys 2014-10-03 18:54:49 7A3F8D98848D08E8C6E2C2BAA0764CBE 664792 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\srtsp.sys 2014-10-03 18:54:49 56C2811FD0D7B727808A69407B5BFAE0 127064 ----a-r- C:\Windows\System32\drivers\NIS\1506000.020\ccsetx86.sys 2014-10-03 18:54:49 4C3DEF736D3857570166DE5C858600F5 367704 ----a-r- C:\Windows\System32\drivers\NIS\1506000.020\symds.sys 2014-10-03 18:54:49 164B4870B45A5BFD9535A62E857F066B 209624 ----a-w- C:\Windows\System32\drivers\NIS\1506000.020\ironx86.sys 2014-09-30 17:40:24 A9D82D1633C78055053EA0B656773C47 46391 ----a-w- C:\Users\Gabriël\AppData\Roaming\Notepad++\plugins\config\PluginManagerPlugins.zip 2014-09-30 12:19:50 D84B2CB4186D27E71C588D8B885F3D9A 23798461 ----a-w- C:\Users\Gabriël\Downloads\USBWebserver v8.6.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe /P Belgacom" "BrStsWnd"="C:\Program Files\Brownie\BrstsWnd.exe Autorun" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Desktop Search" "hkey"="HKLM" "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LanguageShortcut" "hkey"="HKLM" "command"="\"C:\\Program Files\\HomeCinema\\PowerDVD\\Language\\Language.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files\\HomeCinema\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl" "hkey"="HKLM" "command"="\"C:\\Program Files\\HomeCinema\\PowerDVD\\PDVDServ.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSDMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSDMonitor" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\PC Tools\\sMonitor\\SSDMonitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbar_eula_launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="toolbar_eula_launcher" "hkey"="HKLM" "command"="C:\\Program Files\\GoogleEULA\\EULALauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13/02/2010 18:35] C:\Windows\tasks\User_Feed_Synchronization-{C8548E87-DF90-463A-9D66-5CB93C86AB84}.job --ah----- C:\Windows\system32\msfeedssync.exe [15/08/2014 16:34] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\system32\tasks\RMAutoUpdate" [C:\Program Files\PC Tools Registry Mechanic\SULauncher.exe] "C:\Windows\system32\tasks\RMSchedule" [C:\Program Files\PC Tools Registry Mechanic\RegMech.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{C8548E87-DF90-463A-9D66-5CB93C86AB84}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\system32\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [05/10/2014 20:10] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GABRIL~1\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default - Undetermined - C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Undetermined - C:\Users\Gabriël\AppData\Roaming\Mozilla\Firefox\Profiles\4fr64rhb.default\extensions\49ffxtbr@UtilityChest_49.com - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b} - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi ProfilePath: C:\Users\GABRIL~1\AppData\Roaming\TomTom\HOME\Profiles\w8w003ce.default - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20/09/2014 10:52] Design my eMail - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Administrator\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Administrator\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - Gast\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - Gast\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - Gast\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb Does Amazon Ship to - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnamfpkffldfnlkofbbebcndfdkclpc 50CoupponS - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgnklckaainffijokjaldlemdfcpnano YoutubeAdblocker - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja ExSTraCoupon - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggiifopckkkpfglbaalimakmapgbgca Norton Security Toolbar - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk EXIF Viewer - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm Google Wallet - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda video MediaPlayer - GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooljnboifbodgifngpppfklhifechoe Design my eMail - GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja Design my eMail - GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie YTBOokMMark - GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb weBosaavve - GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb YoutubeAdblocker - GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja ==== Chromium Startpages ====================== C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSaL1PU6cFAAyaUc2FztHyAOz1Sp8QhRLgSJrvTtwenxeo04Idm6qssR4h56Iv6op", "startup_urls": [ "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSaL1PU6cFAAyaUc2FztHyAOz1Sp8QhRLgSJrvTtwenxeo04Idm6qssR4h56Iv6op" ], ==== Chromium Fix ====================== C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgnklckaainffijokjaldlemdfcpnano deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggiifopckkkpfglbaalimakmapgbgca deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\ipinfpmgemhinicojifflkiigoblmpja deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adnkagodbfngmdajbbocegjnllfmdaie_0.localstorage deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adnkagodbfngmdajbbocegjnllfmdaie_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\dfidjimeokhgphdnjlofemmepafjcamb deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\GABRIL~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\GABRIL~1\AppData\Local\Torch\User Data\Default\Extensions\fcenaicmhmndniimfbmjgfhpjkalapnb deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpnamfpkffldfnlkofbbebcndfdkclpc deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pooljnboifbodgifngpppfklhifechoe deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pooljnboifbodgifngpppfklhifechoe_0.localstorage deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pooljnboifbodgifngpppfklhifechoe_0.localstorage-journal deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pooljnboifbodgifngpppfklhifechoe_0 deleted successfully C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pooljnboifbodgifngpppfklhifechoe deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.4.0.13" "Search Page"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhD&q={searchTerms}" "Default_Page_URL"="http://www.aldi.com/" "Search Bar"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhD&q={searchTerms}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.4.0.13" "Default_Page_URL"="http://www.aldi.com/" "Default_Search_URL"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA" "Search Page"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhE&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhD&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhD&q={searchTerms}" "SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_gBTMti9ujU-zgp9pQpg3vEnNyzlusDZWoxIY87tAzoDlZX4Oz5_7L8HL2OT4lR1Hd8P6RG-sbrrTSa4AK7Of-3UG_KHQNuWSLbBCnk9UwvkIj16GCGYuQEF2vKphthqXMQXbqt-DPGhD&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.4.0.13" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_USERS\S-1-5-21-3040186828-3637368907-1252053241-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A5E785-5197-4EAD-8EE3-D660271E49BC} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90024193-9F13-4877-89D5-A1CDF0CBBF28} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NBRTWizard deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d926dfd5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\587E5A317915DAE4E83E6D0672E194CB deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\3914200931F97784985D1ADC0FBCFB82 deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\GABRIL~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\GABRIL~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2774 folders=321 392251745 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\GABRIL~1\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GABRIL~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Java\jre7\lib\rt.jar" not found "C:\Users\GABRIL~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\Java" not found "C:\Program Files\jZip" not found ==== EOF on zo 05/10/2014 at 21:29:14,76 ======================