Ga naar inhoud

Probleem malwarebytes


Aanbevolen berichten

Zo

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Robby on ma 24/02/2014 at 15:00:20,37.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Safe Mode NETWORK Internet Access Detected

Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\PROGRA~2\Babylon deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\OviInstallerCache deleted successfully

C:\Users\Robby\AppData\Roaming\.# deleted successfully

C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully

C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

---- Lines funmoods removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Funmoods");

user_pref("browser.startup.homepage", "Funmoods Search

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.cntry", "BE");

user_pref("extensions.funmoods.cv", "cv5");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "Funmoods Search

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "Funmoods Search

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.sg", "none");

user_pref("extensions.funmoods.smplGrp", "none");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "Funmoods Search

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

---- Lines funmoods modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "Funmoods Search");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "Funmoods Search");

user_pref("extensions.funmoods.tlbrSrchUrl", "Funmoods Search=");

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.asktb.default-channel-url-mask", "{query} - Ask.com Web Search");

user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \

user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines babylon removed from prefs.js ----

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "Babylon Search=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("keyword.URL", "Babylon Search=");

---- Lines babylon removed from user.js ----

user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "Babylon Search=");

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

---- Lines conduit removed from prefs.js ----

user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.abar-war-timeout", "4000");

user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

user_pref("extensions.asktb.cbid", "UG");

user_pref("extensions.asktb.config-updated", true);

user_pref("extensions.asktb.displaybehavior", "");

user_pref("extensions.asktb.displaytext", "");

user_pref("extensions.asktb.dtid", "YYYYYYYYBE");

user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");

user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");

user_pref("extensions.asktb.fresh-install", false);

user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");

user_pref("extensions.asktb.if", "su");

user_pref("extensions.asktb.l", "dis");

user_pref("extensions.asktb.last-config-req", "1349115838565");

user_pref("extensions.asktb.locale", "nl_EU");

user_pref("extensions.asktb.location", "Brussels,Belgium");

user_pref("extensions.asktb.lstation", "");

user_pref("extensions.asktb.news-native-on", true);

user_pref("extensions.asktb.o", "15158");

user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

user_pref("extensions.asktb.pstate", "");

user_pref("extensions.asktb.qsrc", "2871");

user_pref("extensions.asktb.r", "8");

user_pref("extensions.asktb.sa", "NO");

user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");

user_pref("extensions.asktb.search-suggestions-enabled", true);

user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

user_pref("extensions.asktb.silent-upgrade", true);

user_pref("extensions.asktb.socialmini-first", true);

user_pref("extensions.asktb.socialmini-interval", "1200000");

user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

user_pref("extensions.asktb.socialmini-max-items", "30");

user_pref("extensions.asktb.socialmini-native-on", true);

user_pref("extensions.asktb.socialmini-speed", "5000");

user_pref("extensions.asktb.socialmini-transition-first-open", false);

user_pref("extensions.asktb.themeid", "");

user_pref("extensions.asktb.v", "3.14.1.100013");

user_pref("extensions.asktb.volume", "");

---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler

---- Lines Search-Results removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no

---- FireFox user.js and prefs.js backups ----

user_20142402_1513_.backup

prefs_20142402_1513_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

"ApnUpdater"=-

==== Deleting Files \ Folders ======================

C:\Program Files\AVG not found

C:\Program Files\Ask.com deleted

C:\Program Files\MediaMonkey deleted

C:\Program Files\Mozilla Firefox deleted

C:\Users\Robby\AppData\Local\MediaMonkey deleted

C:\Program Files\Conduit deleted

C:\Program Files\Convesoft deleted

C:\Program Files\Yahoo! deleted

C:\Users\Robby\AppData\Roaming\Smiley.ico deleted

C:\Users\Robby\AppData\Roaming\Babylon deleted

C:\Users\Robby\AppData\Roaming\GetRightToGo deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted

C:\Users\Robby\AppData\Roaming\Media Finder deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\StarApp deleted

C:\PROGRA~2\boost_interprocess deleted

C:\PROGRA~2\InstallMate deleted

C:\PROGRA~2\Premium deleted

C:\Users\Robby\AppData\Local\CRE deleted

C:\Users\Robby\AppData\Local\WhiteListing deleted

C:\Users\Robby\AppData\Local\jZip deleted

C:\Users\Robby\AppData\Local\NativeMessaging deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted

C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted

C:\Users\Robby\AppData\LocalLow\Yahoo! deleted

C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted

C:\Users\Robby\AppData\LocalLow\jZip deleted

C:\Users\Robby\AppData\LocalLow\AskToolbar deleted

C:\Users\Robby\AppData\LocalLow\DataMngr deleted

C:\Users\Robby\AppData\LocalLow\Conduit deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted

"C:\Users\Robby\AppData\Roaming\File Templates" deleted

"C:\Users\Robby\AppData\Roaming\Filesystems" deleted

"C:\Users\Robby\AppData\Roaming\Filter" deleted

"C:\ProgramData\Flags" deleted

"C:\ProgramData\Flange Saw" deleted

"C:\ProgramData\Flanger" deleted

"C:\ProgramData\Galaxy Swirl" deleted

"C:\ProgramData\Generic" deleted

"C:\ProgramData\Grapher" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted

"C:\Program Files\jZip\jZipShell.dll" deleted

"C:\Program Files\jZip" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Robby\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\Robby\AppData\Roaming ======

====== C:\Users\Robby ======

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

====== C: exe-files ==

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe

2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe

2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe

2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe

2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe

2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"

"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"

"PLFSetI"="C:\Windows\PLFSetI.exe"

"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"LManager"="C:\Program Files\Launch Manager\LManager.exe"

"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"

"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"

"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"

"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"

"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Malwarebytes' Anti-Malware (reboot)"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Nikon Message Center 2"

"hkey"="HKLM"

"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMServer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMusic FastStart"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaOviSuite2"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PC Suite Tray"

"hkey"="HKCU"

"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"

"hkey"="HKLM"

"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"

"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"

==== Startup Folders ======================

2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]

"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25

73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25

6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17

0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox

5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8

E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8

5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8

C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8

6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8

D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8

1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox

==== Deleted Firefox Extensions ======================

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg

Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade

BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm

Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje

avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

==== Chrome Fix ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

"Default_Page_URL"="iGoogle Redirect"

"Search Page"="Google"

"Search Bar"="Upgrade to Google Chrome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search/?q=%s"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

"Search Bar"="Bing"

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Start Page"="Google"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing="

{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="{searchTerms} - Google Search"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"

{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="{searchTerms} - Google Search"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2738 folders=544 295042543 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Robby\AppData\Local\Temp will be emptied at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Robby\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Program Files\jZip" not found

==== EOF on ma 24/02/2014 at 15:28:36,98 ======================

- - - Updated - - -

Zo

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Robby on ma 24/02/2014 at 15:00:20,37.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Safe Mode NETWORK Internet Access Detected

Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\PROGRA~2\Babylon deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\OviInstallerCache deleted successfully

C:\Users\Robby\AppData\Roaming\.# deleted successfully

C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully

C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

---- Lines funmoods removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Funmoods");

user_pref("browser.startup.homepage", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0C

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.cntry", "BE");

user_pref("extensions.funmoods.cv", "cv5");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tz

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.sg", "none");

user_pref("extensions.funmoods.smplGrp", "none");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

---- Lines funmoods modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463&q=");

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all");

user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \

user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines babylon removed from prefs.js ----

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("keyword.URL", "http://search.babylon.com/?affID=110823&tt=300912_TORP_4012_8&babsrc=KW_ss&mntrId=0c28b3c30000000000000022fa06e594&q=");

---- Lines babylon removed from user.js ----

user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

---- Lines conduit removed from prefs.js ----

user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.abar-war-timeout", "4000");

user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

user_pref("extensions.asktb.cbid", "UG");

user_pref("extensions.asktb.config-updated", true);

user_pref("extensions.asktb.displaybehavior", "");

user_pref("extensions.asktb.displaytext", "");

user_pref("extensions.asktb.dtid", "YYYYYYYYBE");

user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");

user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");

user_pref("extensions.asktb.fresh-install", false);

user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");

user_pref("extensions.asktb.if", "su");

user_pref("extensions.asktb.l", "dis");

user_pref("extensions.asktb.last-config-req", "1349115838565");

user_pref("extensions.asktb.locale", "nl_EU");

user_pref("extensions.asktb.location", "Brussels,Belgium");

user_pref("extensions.asktb.lstation", "");

user_pref("extensions.asktb.news-native-on", true);

user_pref("extensions.asktb.o", "15158");

user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

user_pref("extensions.asktb.pstate", "");

user_pref("extensions.asktb.qsrc", "2871");

user_pref("extensions.asktb.r", "8");

user_pref("extensions.asktb.sa", "NO");

user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");

user_pref("extensions.asktb.search-suggestions-enabled", true);

user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

user_pref("extensions.asktb.silent-upgrade", true);

user_pref("extensions.asktb.socialmini-first", true);

user_pref("extensions.asktb.socialmini-interval", "1200000");

user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

user_pref("extensions.asktb.socialmini-max-items", "30");

user_pref("extensions.asktb.socialmini-native-on", true);

user_pref("extensions.asktb.socialmini-speed", "5000");

user_pref("extensions.asktb.socialmini-transition-first-open", false);

user_pref("extensions.asktb.themeid", "");

user_pref("extensions.asktb.v", "3.14.1.100013");

user_pref("extensions.asktb.volume", "");

---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler

---- Lines Search-Results removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no

---- FireFox user.js and prefs.js backups ----

user_20142402_1513_.backup

prefs_20142402_1513_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

"ApnUpdater"=-

==== Deleting Files \ Folders ======================

C:\Program Files\AVG not found

C:\Program Files\Ask.com deleted

C:\Program Files\MediaMonkey deleted

C:\Program Files\Mozilla Firefox deleted

C:\Users\Robby\AppData\Local\MediaMonkey deleted

C:\Program Files\Conduit deleted

C:\Program Files\Convesoft deleted

C:\Program Files\Yahoo! deleted

C:\Users\Robby\AppData\Roaming\Smiley.ico deleted

C:\Users\Robby\AppData\Roaming\Babylon deleted

C:\Users\Robby\AppData\Roaming\GetRightToGo deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted

C:\Users\Robby\AppData\Roaming\Media Finder deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\StarApp deleted

C:\PROGRA~2\boost_interprocess deleted

C:\PROGRA~2\InstallMate deleted

C:\PROGRA~2\Premium deleted

C:\Users\Robby\AppData\Local\CRE deleted

C:\Users\Robby\AppData\Local\WhiteListing deleted

C:\Users\Robby\AppData\Local\jZip deleted

C:\Users\Robby\AppData\Local\NativeMessaging deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted

C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted

C:\Users\Robby\AppData\LocalLow\Yahoo! deleted

C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted

C:\Users\Robby\AppData\LocalLow\jZip deleted

C:\Users\Robby\AppData\LocalLow\AskToolbar deleted

C:\Users\Robby\AppData\LocalLow\DataMngr deleted

C:\Users\Robby\AppData\LocalLow\Conduit deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted

"C:\Users\Robby\AppData\Roaming\File Templates" deleted

"C:\Users\Robby\AppData\Roaming\Filesystems" deleted

"C:\Users\Robby\AppData\Roaming\Filter" deleted

"C:\ProgramData\Flags" deleted

"C:\ProgramData\Flange Saw" deleted

"C:\ProgramData\Flanger" deleted

"C:\ProgramData\Galaxy Swirl" deleted

"C:\ProgramData\Generic" deleted

"C:\ProgramData\Grapher" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted

"C:\Program Files\jZip\jZipShell.dll" deleted

"C:\Program Files\jZip" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Robby\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\Robby\AppData\Roaming ======

====== C:\Users\Robby ======

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

====== C: exe-files ==

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe

2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe

2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe

2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe

2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe

2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"

"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"

"PLFSetI"="C:\Windows\PLFSetI.exe"

"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"LManager"="C:\Program Files\Launch Manager\LManager.exe"

"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"

"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"

"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"

"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"

"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Malwarebytes' Anti-Malware (reboot)"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Nikon Message Center 2"

"hkey"="HKLM"

"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMServer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMusic FastStart"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaOviSuite2"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PC Suite Tray"

"hkey"="HKCU"

"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"

"hkey"="HKLM"

"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"

"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"

==== Startup Folders ======================

2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]

"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25

73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25

6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17

0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox

5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8

E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8

5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8

C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8

6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8

D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8

1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox

==== Deleted Firefox Extensions ======================

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg

Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade

BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm

Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje

avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

==== Chrome Fix ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0509&m=aspire_7738"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search/?q=%s"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.be/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="

{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE328"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"

{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nlBE328"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2738 folders=544 295042543 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Robby\AppData\Local\Temp will be emptied at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Robby\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Program Files\jZip" not found

==== EOF on ma 24/02/2014 at 15:28:36,98 ======================

- - - Updated - - -

Zo

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Robby on ma 24/02/2014 at 15:00:20,37.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Safe Mode NETWORK Internet Access Detected

Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\PROGRA~2\Babylon deleted successfully

C:\PROGRA~2\Oracle deleted successfully

C:\PROGRA~2\OviInstallerCache deleted successfully

C:\Users\Robby\AppData\Roaming\.# deleted successfully

C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully

C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

---- Lines funmoods removed from prefs.js ----

user_pref("browser.search.defaultenginename", "Funmoods");

user_pref("browser.startup.homepage", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0C

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.cntry", "BE");

user_pref("extensions.funmoods.cv", "cv5");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tz

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

user_pref("extensions.funmoods.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.sg", "none");

user_pref("extensions.funmoods.smplGrp", "none");

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

---- Lines funmoods modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);

user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");

user_pref("extensions.funmoods.dfltSrch", true);

user_pref("extensions.funmoods.srchPrvdr", "Search");

user_pref("extensions.funmoods.dnsErr", true);

user_pref("extensions.funmoods_i.newTab", true);

user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");

user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463&q=");

user_pref("extensions.funmoods.id", "0022FA06E594B3C3");

user_pref("extensions.funmoods.instlDay", "15614");

user_pref("extensions.funmoods.vrsn", "1.5.23.22");

user_pref("extensions.funmoods.vrsni", "1.5.23.22");

user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");

user_pref("extensions.funmoods.prtnrId", "funmoods");

user_pref("extensions.funmoods.prdct", "funmoods");

user_pref("extensions.funmoods.aflt", "iron2");

user_pref("extensions.funmoods_i.smplGrp", "none");

user_pref("extensions.funmoods.tlbrId", "base");

user_pref("extensions.funmoods.instlRef", "iron2");

user_pref("extensions.funmoods.dfltLng", "");

user_pref("extensions.funmoods.excTlbr", false);

user_pref("extensions.funmoods.autoRvrt", false);

user_pref("extensions.funmoods.envrmnt", "production");

user_pref("extensions.funmoods.isdcmntcmplt", true);

user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all");

user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \

user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@

---- Lines babylon removed from prefs.js ----

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("keyword.URL", "http://search.babylon.com/?affID=110823&tt=300912_TORP_4012_8&babsrc=KW_ss&mntrId=0c28b3c30000000000000022fa06e594&q=");

---- Lines babylon removed from user.js ----

user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");

user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15614");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

---- Lines conduit removed from prefs.js ----

user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.abar-war-timeout", "4000");

user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

user_pref("extensions.asktb.cbid", "UG");

user_pref("extensions.asktb.config-updated", true);

user_pref("extensions.asktb.displaybehavior", "");

user_pref("extensions.asktb.displaytext", "");

user_pref("extensions.asktb.dtid", "YYYYYYYYBE");

user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");

user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");

user_pref("extensions.asktb.fresh-install", false);

user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");

user_pref("extensions.asktb.if", "su");

user_pref("extensions.asktb.l", "dis");

user_pref("extensions.asktb.last-config-req", "1349115838565");

user_pref("extensions.asktb.locale", "nl_EU");

user_pref("extensions.asktb.location", "Brussels,Belgium");

user_pref("extensions.asktb.lstation", "");

user_pref("extensions.asktb.news-native-on", true);

user_pref("extensions.asktb.o", "15158");

user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

user_pref("extensions.asktb.pstate", "");

user_pref("extensions.asktb.qsrc", "2871");

user_pref("extensions.asktb.r", "8");

user_pref("extensions.asktb.sa", "NO");

user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");

user_pref("extensions.asktb.search-suggestions-enabled", true);

user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

user_pref("extensions.asktb.silent-upgrade", true);

user_pref("extensions.asktb.socialmini-first", true);

user_pref("extensions.asktb.socialmini-interval", "1200000");

user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

user_pref("extensions.asktb.socialmini-max-items", "30");

user_pref("extensions.asktb.socialmini-native-on", true);

user_pref("extensions.asktb.socialmini-speed", "5000");

user_pref("extensions.asktb.socialmini-transition-first-open", false);

user_pref("extensions.asktb.themeid", "");

user_pref("extensions.asktb.v", "3.14.1.100013");

user_pref("extensions.asktb.volume", "");

---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----

user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler

---- Lines Search-Results removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no

---- FireFox user.js and prefs.js backups ----

user_20142402_1513_.backup

prefs_20142402_1513_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

""=-

"ApnUpdater"=-

==== Deleting Files \ Folders ======================

C:\Program Files\AVG not found

C:\Program Files\Ask.com deleted

C:\Program Files\MediaMonkey deleted

C:\Program Files\Mozilla Firefox deleted

C:\Users\Robby\AppData\Local\MediaMonkey deleted

C:\Program Files\Conduit deleted

C:\Program Files\Convesoft deleted

C:\Program Files\Yahoo! deleted

C:\Users\Robby\AppData\Roaming\Smiley.ico deleted

C:\Users\Robby\AppData\Roaming\Babylon deleted

C:\Users\Robby\AppData\Roaming\GetRightToGo deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted

C:\Users\Robby\AppData\Roaming\Media Finder deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\StarApp deleted

C:\PROGRA~2\boost_interprocess deleted

C:\PROGRA~2\InstallMate deleted

C:\PROGRA~2\Premium deleted

C:\Users\Robby\AppData\Local\CRE deleted

C:\Users\Robby\AppData\Local\WhiteListing deleted

C:\Users\Robby\AppData\Local\jZip deleted

C:\Users\Robby\AppData\Local\NativeMessaging deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted

C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted

C:\Users\Robby\AppData\LocalLow\Yahoo! deleted

C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted

C:\Users\Robby\AppData\LocalLow\jZip deleted

C:\Users\Robby\AppData\LocalLow\AskToolbar deleted

C:\Users\Robby\AppData\LocalLow\DataMngr deleted

C:\Users\Robby\AppData\LocalLow\Conduit deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted

"C:\Users\Robby\AppData\Roaming\File Templates" deleted

"C:\Users\Robby\AppData\Roaming\Filesystems" deleted

"C:\Users\Robby\AppData\Roaming\Filter" deleted

"C:\ProgramData\Flags" deleted

"C:\ProgramData\Flange Saw" deleted

"C:\ProgramData\Flanger" deleted

"C:\ProgramData\Galaxy Swirl" deleted

"C:\ProgramData\Generic" deleted

"C:\ProgramData\Grapher" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted

"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted

"C:\Program Files\jZip\jZipShell.dll" deleted

"C:\Program Files\jZip" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Robby\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Users\Robby\AppData\Roaming ======

====== C:\Users\Robby ======

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

====== C: exe-files ==

2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe

2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe

2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe

2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe

2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe

2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe

2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe

2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"

"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"

"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"

"PLFSetI"="C:\Windows\PLFSetI.exe"

"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"LManager"="C:\Program Files\Launch Manager\LManager.exe"

"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"

"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"

"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"

"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"

"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"

"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Malwarebytes' Anti-Malware (reboot)"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Nikon Message Center 2"

"hkey"="HKLM"

"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMServer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMusic FastStart"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaOviSuite2"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PC Suite Tray"

"hkey"="HKCU"

"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"

"hkey"="HKLM"

"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"

"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "

"item"="WinZip Quick Pick"

==== Startup Folders ======================

2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]

"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]

"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com

- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default

87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25

73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25

6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17

0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox

5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8

E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8

5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8

C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8

6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8

D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8

1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat

ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox

==== Deleted Firefox Extensions ======================

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted

C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg

Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade

BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm

Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc

20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake

General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje

avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

==== Chrome Fix ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.be/"

"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0509&m=aspire_7738"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search/?q=%s"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.be/"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="

{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE328"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"

{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nlBE328"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2738 folders=544 295042543 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Robby\AppData\Local\Temp will be emptied at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Robby\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Program Files\jZip" not found

==== EOF on ma 24/02/2014 at 15:28:36,98 ======================

Link naar reactie
Delen op andere sites

  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Download 52147fb3b2536-AdwCleaner_99_3_16x16x32.pngAdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren


  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op de knop Scan.
  • Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  • Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  • Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  • Plaats dit logbestand in het volgende bericht.

Link naar reactie
Delen op andere sites

Daar zit ik met een probleem. Hij start wel terug op, maar niet automatisch in veilige modus.

Dan blijft hij terug hangen en kan ik het logje niet lezen. Er zit wel verbetering in, ik krijg nu onderaan al een werkbalk, maar het scherm blijft nog zwart en is nog aan het laden.

Link naar reactie
Delen op andere sites

Dan doen we nog even verder in veilige modus.

Kijk daar alvast eens of je het AdwCleaner log terugvindt op je C-schijf (adwcleaner.txt)

Download 51a5bf3d99e8a-ComboFixlogo16.pngComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.


  • Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  • Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  • Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  • Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  • Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  • Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  • Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  • Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  • Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.


  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Illegal operation attempted on a registry key that has been marked for deletion.

Link naar reactie
Delen op andere sites

Is het dat?

ComboFix 14-02-24.02 - Robby 25/02/2014 12:04:39.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.2358 [GMT 1:00]

Gestart vanuit: C:\Users\Robby\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\INSTALL.LOG

C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7EB3FB6A-5634-4BCF-819F-7D7DD8384D45}.xps

C:\Windows\iun6002.exe

Link naar reactie
Delen op andere sites

Ik zal Avast effe verwijderen want ik krijg de schilden niet afgezet. Als ik in mijn menu op het icoontje ga staan en ik druk op de rechter muisknop en neem dan "schilden uitschakelen" krijg ik een mekding of ik dit wel zeker wil doen.

Klik ik op "ja" dan doet hij het niet.

Ik zal Combofix nogmaals uitvoeren.

Komt de log er automatisch op? Of moet ik hem ergens gaan zoeken?

Bedankt

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.