Zoek.exe Version 4.0.0.4 Updated 27-September-2013 Tool run by Wim on ma 30/09/2013 at 14:51:00,95. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wim\Downloads\zoek\zoek.com [Script inserted] ==== Older Logs ====================== C:\zoek-results2013-09-30-111753.log 26394 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2960142378-2885515328-2960618351-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} deleted successfully HKEY_USERS\S-1-5-21-2960142378-2885515328-2960618351-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-2960142378-2885515328-2960618351-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_USERS\S-1-5-21-2960142378-2885515328-2960618351-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default ---- Lines Softonic removed from prefs.js ---- user_pref("extensions.Softonic.admin", false); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic.cntry", "IT"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.envrmnt", "production"); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.hdrMd5", "F591607E4F2531794E249615093CF19C"); user_pref("extensions.Softonic.hmpg", false); user_pref("extensions.Softonic.id", "aeb23153000000000000c417fe70f433"); user_pref("extensions.Softonic.instlDay", "15512"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.isdcmntcmplt", true); user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.321:20:23"); user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); user_pref("extensions.Softonic.newTab", false); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.sg", "az"); user_pref("extensions.Softonic.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsnTs", "1.5.24.321:20:23"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.321:20:23"); user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true); ---- Lines Softonic modified from prefs.js ---- user_pref("extensions.enabledAddons", "belgiumeid@eid.belgium.be:1.0.12,nl-NL@dictionaries.addons.mozilla.org:3.1.0,{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.1.0,fmconverter@gmail.com:1.0.0,{9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4,ffxtlbra@softonic.com:1.5.0,{33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1,ytvdw@pgport.com:1.2.12,{1392b8d2-5c05-419f-a8f6-b9f15a596612}:10.10.12.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0.1"); user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"fmconverter@gmail.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Freemake\\\\Freemake Video Converter\\\\BrowserPlugin\\\\Firefox\",\"mtime\":1333387450705},\"{59d42255-7f9c-49e5-8e68-a5fd16d06d76}\":{\"descriptor\":\"C:\\\\Program Files\\\\KeyLemon\\\\extension\\\\{59d42255-7f9c-49e5-8e68-a5fd16d06d76}\",\"mtime\":1337167082881},\"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1340022303533}}},{\"name\":\"app-global\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\belgiumeid@eid.belgium.be\",\"mtime\":1308141271637},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1340020038502},\"{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\",\"mtime\":1309531296783}}},{\"name\":\"app-profile\",\"addons\":{\"belgiumeid@eid.belgium.be\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\belgiumeid@eid.belgium.be.xpi\",\"mtime\":1309529945023},\"ffxtlbra@softonic.com\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\ffxtlbra@softonic.com\",\"mtime\":1340304540114},\"nl-NL@dictionaries.addons.mozilla.org\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\nl-NL@dictionaries.addons.mozilla.org\",\"mtime\":1332331594067},\"ytvdw@pgport.com\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\ytvdw@pgport.com.xpi\",\"mtime\":1340747574432},\"{1392b8d2-5c05-419f-a8f6-b9f15a596612}\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\",\"mtime\":1342115881309},\"{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\",\"mtime\":1333387455026},\"{33e0daa6-3af3-d8b5-6752-10e949c61516}\":{\"descriptor\":\"C:\\\\Users\\\\Wim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\59h8wly8.default\\\\extensions\\\\{33e0daa6-3af3-d8b5-6752-10e949c61516}\",\"mtime\":1340747557601}}}]"); ---- Lines Softonic removed from user.js ---- user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings"); user_pref("extensions.Softonic.autoRvrt", "false"); user_pref("extensions.Softonic_i.newTab", false); user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q="); user_pref("extensions.Softonic.id", "aeb23153000000000000c417fe70f433"); user_pref("extensions.Softonic.instlDay", "15512"); user_pref("extensions.Softonic.vrsn", "1.5.24.3"); user_pref("extensions.Softonic.vrsni", "1.5.24.3"); user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.321:20:23"); user_pref("extensions.Softonic.prtnrId", "softonic"); user_pref("extensions.Softonic.prdct", "Softonic"); user_pref("extensions.Softonic.aflt", "orgnl"); user_pref("extensions.Softonic_i.smplGrp", "none"); user_pref("extensions.Softonic.tlbrId", "base"); user_pref("extensions.Softonic.instlRef", "MON00001"); user_pref("extensions.Softonic.dfltLng", ""); user_pref("extensions.Softonic.excTlbr", false); user_pref("extensions.Softonic.admin", false); ---- Lines CT1060933 removed from prefs.js ---- ---- Lines CT1060933 modified from prefs.js ---- ---- Lines CT1060933 removed from user.js ---- ---- Lines CT3214568 removed from prefs.js ---- ---- Lines CT3214568 modified from prefs.js ---- ---- Lines CT3214568 removed from user.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 removed from prefs.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 modified from prefs.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 removed from user.js ---- ---- Lines conduit removed from prefs.js ---- ---- Lines conduit modified from prefs.js ---- ---- Lines conduit removed from user.js ---- ---- Lines mystart removed from prefs.js ---- ---- Lines mystart modified from prefs.js ---- ---- Lines mystart removed from user.js ---- ---- Lines incredibar removed from prefs.js ---- ---- Lines incredibar modified from prefs.js ---- ---- Lines incredibar removed from user.js ---- ---- Lines Search removed from prefs.js ---- ---- Lines Search modified from prefs.js ---- ---- Lines Search removed from user.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines ask.com removed from user.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines Web Search removed from user.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines Customized removed from user.js ---- ---- Lines CommunityToolbar removed from prefs.js ---- ---- Lines CommunityToolbar modified from prefs.js ---- ---- Lines CommunityToolbar removed from user.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ---- ---- Lines smartbar removed from prefs.js ---- ---- Lines smartbar modified from prefs.js ---- ---- Lines smartbar removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20133009_1502_.backup prefs_20133009_1502_.backup ProfilePath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321 ---- Lines Softonic removed from prefs.js ---- ---- Lines Softonic modified from prefs.js ---- ---- Lines Softonic removed from user.js ---- ---- Lines CT1060933 removed from prefs.js ---- ---- Lines CT1060933 modified from prefs.js ---- ---- Lines CT1060933 removed from user.js ---- ---- Lines CT3214568 removed from prefs.js ---- ---- Lines CT3214568 modified from prefs.js ---- ---- Lines CT3214568 removed from user.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 removed from prefs.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 modified from prefs.js ---- ---- Lines C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933 removed from user.js ---- ---- Lines conduit removed from prefs.js ---- ---- Lines conduit modified from prefs.js ---- ---- Lines conduit removed from user.js ---- ---- Lines mystart removed from prefs.js ---- ---- Lines mystart modified from prefs.js ---- ---- Lines mystart removed from user.js ---- ---- Lines incredibar removed from prefs.js ---- ---- Lines incredibar modified from prefs.js ---- ---- Lines incredibar removed from user.js ---- ---- Lines Search removed from prefs.js ---- ---- Lines Search modified from prefs.js ---- ---- Lines Search removed from user.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines ask.com removed from user.js ---- ---- Lines Web Search removed from prefs.js ---- ---- Lines Web Search modified from prefs.js ---- ---- Lines Web Search removed from user.js ---- ---- Lines Customized removed from prefs.js ---- ---- Lines Customized modified from prefs.js ---- ---- Lines Customized removed from user.js ---- ---- Lines CommunityToolbar removed from prefs.js ---- ---- Lines CommunityToolbar modified from prefs.js ---- ---- Lines CommunityToolbar removed from user.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ---- ---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ---- ---- Lines smartbar removed from prefs.js ---- ---- Lines smartbar modified from prefs.js ---- ---- Lines smartbar removed from user.js ---- ---- FireFox user.js and prefs.js backups ---- user_20133009_1502_.backup prefs_20133009_1502_.backup ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\searchplugins\conduit.xml" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\searchplugins\MyStart Search.xml" deleted "C:\ProgramData\dsgsdgdsgdsgw.pad" deleted "C:\ProgramData\nud0repor.pad" deleted "C:\Users\Wim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" deleted "C:\Windows\SysNative\roboot64.exe" deleted "C:\Users\Wim\Downloads\iLividSetup.exe" deleted "C:\Users\Wim\Downloads\rcpsetup_3335.exe" deleted "C:\Users\Wim\Downloads\SoftonicDownloader_voor_dvd-decrypter.exe" deleted "C:\Users\Wim\Downloads\SoftonicDownloader_voor_dvd-shrink.exe" deleted "C:\Users\Wim\Downloads\SoftonicDownloader_voor_firefox.exe" deleted "C:\Users\Wim\Downloads\SoftonicDownloader_voor_mpeg-streamclip.exe" deleted "C:\Users\Wim\Downloads\SoftonicDownloader_voor_soluto.exe" deleted "C:\Windows\wininit.ini" deleted "C:\user.js" deleted "C:\END" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\searchplugins\MyStart Search.xml" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\searchplugins\SweetIM Search.xml" deleted "C:\Users\Public\Desktop\Freemake Video Downloader.lnk" deleted "C:\Users\Wim\Desktop\DVDShrink_downloader_by_DVDShrink.exe" deleted "C:\Users\Wim\Desktop\iLivid.lnk" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml" deleted "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted "C:\Program Files (x86)\Freecorder" deleted "C:\Program Files (x86)\Freecorder 6" deleted "C:\Program Files (x86)\Freecorder Toolbar" deleted "C:\Program Files (x86)\Complitly" deleted "C:\Program Files (x86)\Conduit" deleted "C:\found.000" deleted "C:\Users\Wim\AppData\Roaming\simplitec" deleted "C:\Users\Wim\AppData\Roaming\Complitly" deleted "C:\Users\Wim\AppData\Roaming\Babylon" deleted "C:\Users\Wim\AppData\Roaming\Systweak" deleted "C:\Users\Wim\AppData\Roaming\OpenCandy" deleted "C:\ProgramData\simplitec" deleted "C:\ProgramData\Partner" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Wim\AppData\Local\iLivid" deleted "C:\Users\Wim\AppData\Local\PackageAware" deleted "C:\Users\Wim\AppData\Local\Babylon" deleted "C:\Users\Wim\AppData\Local\Conduit" deleted "C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda" deleted "C:\Users\Christine\AppData\LocalLow\SweetIM" deleted "C:\Users\Wim\AppData\LocalLow\Freecorder" deleted "C:\Users\Wim\AppData\LocalLow\searchresultstb" deleted "C:\Users\Wim\AppData\LocalLow\Softonic" deleted "C:\Users\Wim\AppData\LocalLow\PriceGong" deleted "C:\Users\Wim\AppData\LocalLow\Conduit" deleted "C:\Users\Wim\AppData\LocalLow\Toolbar4" deleted "C:\windows\SysNative\ljkb_old" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\CT1060933" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\CT3214568" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\ffxtlbra@softonic.com" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\CT1060933" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\conduit" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\conduitCommon" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\smartbar" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\CT1060933" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\CT3214568" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\smartbar" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\ffxtlbra@softonic.com" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted ==== Folders Found In C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ====================== 2013-09-25 07:54:29 d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64 2013-09-25 07:54:29 d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64 ==== Files Found In C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ====================== 2012-08-21 11:01:20 106928 ----a-w- 498BD12B38B549887D9E856EB734354E C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll 2012-08-21 11:01:20 125872 ----a-w- 5C7B8533FEC9E65368D14965EC4C9D8A C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll 2012-08-21 11:01:20 131544 ----a-w- F6E8C0D5EC7A8D223F3BA3436701DCBD C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe 2012-08-21 11:01:20 2561 ----a-w- 834C766FE011C0090FB4DAF6279A8DF4 C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf 2012-08-21 11:01:20 33240 ----a-w- 8E98D21EE06192492A5671A6144D092F C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys 2012-08-21 11:01:20 519048 ----a-w- 1A2E5109C2BB5C68D499E17B83ACB73A C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll 2012-08-21 11:01:20 7638 ----a-w- C7E5945B9C608A2A23E97425A5B91415 C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat 2012-08-21 11:01:28 1977816 ----a-w- 85E85B5BC75B0D712FEDB5633E1D2AFB C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe 2013-09-25 07:54:29 4842 ----a-w- 5E58F8D47D3921CCAECBBED4DBF12D71 C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default - Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox - G Data WebFilter - C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - Freecorder - %ProfilePath%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Search Results Toolbar - %ProfilePath%\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Freecorder YouTube Download Wizard - %ProfilePath%\extensions\ytvdw@pgport.com.xpi ProfilePath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321 - Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox - Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com - Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com - Freecorder 6 - %ProfilePath%\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} - Freecorder - %ProfilePath%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Search Results Toolbar - %ProfilePath%\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} - FreemakeTB - %ProfilePath%\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe} - Flash Video Downloader - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi - Freecorder YouTube Download Wizard - %ProfilePath%\extensions\ytvdw@pgport.com.xpi - Fast Video Download with SearchMenu - %ProfilePath%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - G Data WebFilter - %AppDir%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} ==== Firefox Plugins ====================== Profilepath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System Profilepath: C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321 E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Wim\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) 0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) 06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) 558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Deleting Files \ Folders ====================== "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\ytvdw@pgport.com.xpi" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\ytvdw@pgport.com.xpi" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\extensions\ytvdw@pgport.com.xpi" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\extensions\ytvdw@pgport.com.xpi" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\59h8wly8.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b}" deleted "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b}" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}" deleted "C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" deleted "C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com" deleted "C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" deleted "C:\Users\Wim\AppData\Roaming\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05/02/2013 03:05] dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[] ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07/05/2013 06:12] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29/11/2012 21:35] jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[24/04/2013 02:37] Google Docs - Wim - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Wim - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Wim - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Freemake Video Downloader - Wim - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf Google Search - Wim - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Freemake Youtube Download Button - Wim - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh RealDownloader - Wim - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Freemake Video Converter - Wim - Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Chrome In-App Payments service - Wim - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Wim - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx deleted successfully C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx deleted successfully C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlfienamagdnkekbbbocojppncdambda_0.localstorage deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT1060933" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_8942g&r=27360410a906l0483z1j5t54i1c96q" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE376BE377" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Christine\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christine\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Wim\AppData\Local\Mozilla\Firefox\Profiles\ck3kv4ph.default-1342116007321\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Wim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wim\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 30/09/2013 at 15:31:33,52 ======================