Zoek.exe v5.0.0.0 Updated 16-November-2014 Tool run by Nele on zo 16/11/2014 at 17:26:32,74. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Nele\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 16/11/2014 17:29:14 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Fotoservice deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\SMP7 deleted successfully C:\Users\Nele\AppData\Roaming\Lite deleted successfully C:\Users\Nele\AppData\Roaming\Opera deleted successfully C:\Users\Nele\AppData\Roaming\U3 deleted successfully C:\Users\Nele\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Nele\AppData\Local\LogMeIn Rescue Applet deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{66E9BC80-FE76-4614-B27F-CF0A66465E00} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141611_1803_.backup ProfilePath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default user.js not found ---- Lines {336D0C35-8A85-403a-B9D2-65C292C39087} removed from prefs.js ---- user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing", "true|||1352131606261"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode", "not set"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam", "UA-25323614-7"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user", "not set"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing", "true|||8641352045206267"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate", "1352045205590|||8641352045205591"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1", "MB131"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2", "MB132"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showDialog", "not set"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status", "active"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toolbar_query", "not set"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6R8uorIScN"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6R8uorIScN_active_MB131_MB132_UA-25323614-7_2012-05-29-18-13-01"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name", "Web Assistant"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version", "2.0.0.485"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6R8uorIScN_active_MB131_MB132_UA-25323614-7_2012-05-29-18-13-01 user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID", "d49cb12423934aa3ab777c33989b6f80"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun", false); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion", "2.0.0.485"); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.485", false); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413", false); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.485", false); user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.485", false); ---- Lines {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} removed from prefs.js ---- user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.extensionFirstRun", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.lastExtensionVersion", "2.0.0.572"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_installer_name", "sg_6R8uorIScN_active_MB131_MB132_UA-25323614-7_2012-05-29-18-13-01"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_product_name", "Web Assistant"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_product_version", "2.0.0.572"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_temp_installer_name", "sg_6R8uorIScN_active_MB131_MB132_UA-25323614-7_2012-05-29-18-13-01 user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_toolbarID", "d49cb12423934aa3ab777c33989b6f80"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_dailyPing", "true|||1363254463829"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_debugMode", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_dialogVersion", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_geoRequest", "BE|||8641361827000824"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_gtQueryParam", "UA-25323614-7"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_inactive_by_user", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_installedPing", "true|||8641361827000114"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_kswitch", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_lastUpdate", "1363168063486|||8641363168063488"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_redirectQueryParam1", "MB131"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_redirectQueryParam2", "MB132"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_showDialog", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_showtoaster", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_status", "active"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_toasterID", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_toolbar_query", "not set"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_upn2", "6R8uorIScN"); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdefaultsearch_2.0.0.572", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdnscatch_2.0.0.413", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.setdnscatch_2.0.0.572", false); user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.sethomepage_2.0.0.572", false); ---- Lines {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ ---- Lines Search modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ ---- Lines 1FD91A9C-410C-4090-BBCC-55D3450EF433 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ ---- Lines mybrowserbar modified from prefs.js ---- user_pref("extensions.enabledAddons", "%7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12,%7BFE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052%7D:2.0.0.572,ytd%40 user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ ---- FireFox user.js and prefs.js backups ---- prefs_20141611_1803_.backup ==== Deleting Files \ Folders ====================== C:\Users\Nele\AppData\LocalLow\uTorrentBar_NL deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\Search_Results.xml deleted C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted C:\PROGRA~2\uTorrentBar_NL deleted C:\found.000 deleted C:\PROGRA~3\boost_interprocess deleted C:\Users\Nele\AppData\Local\BearShare deleted C:\Users\Nele\Downloads\iLividSetup (1).exe deleted C:\Users\Nele\Downloads\iLividSetup (2).exe deleted C:\Users\Nele\Downloads\iLividSetup (3).exe deleted C:\Users\Nele\Downloads\iLividSetup.exe deleted C:\Users\Nele\AppData\LocalLow\SkwConfig.bin deleted C:\Users\Nele\AppData\LocalLow\bearsharemediabartb deleted C:\Windows\wininit.ini deleted C:\Windows\Syswow64\mjcm deleted C:\windows\SysNative\tprb deleted C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default\ilividtoolbarguid deleted C:\PROGRA~2\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} deleted "C:\Windows\Installer\6b22d80.msi" deleted "C:\Users\Nele\AppData\Local\{785ED2CF-AEBD-497E-9A5A-74CF18B61B44}" deleted "C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ytd@mybrowserbar.com" deleted "C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ytd@mybrowserbar.com" deleted "C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default\extensions\ytd@mybrowserbar.com" deleted "C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default\extensions\ytd@mybrowserbar.com" deleted "C:\Users\Nele\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Nele\AppData\Local\Temp ==== 2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Nele\AppData\Local\Temp\sqlite3.dll 2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Nele\AppData\Local\Temp\Quarantine.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-13 16:12:48 565188FD523603C94FD7619E14FB7E32 421376 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-11-13 16:12:48 0484379BFC58E440EF432D2C80CF0912 1810944 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-11-13 16:12:47 B6260FAA9ACF8AC13312C739B23BD0BE 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-11-13 16:12:47 AB9015D5B288898E7298BE0DC93BFF0E 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-11-13 16:12:47 556F78D100D031073A7A01992B74E98E 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-11-13 16:12:47 4AF7834C2D41512749BE5FB46CF6EF37 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-11-13 16:12:47 348F63C1CD7952B1433691D4F8E8B1A8 353792 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-11-13 16:12:46 BF493C48DF485DF0DE5F10EFA1BAA1D2 223232 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-11-13 16:12:46 9F702DD4CE7AC7C5FD3D8E10D012AC06 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-11-13 16:12:38 5BDCC7129C2F0A25F8A8FF6A3BDD9896 12366848 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-11-13 16:12:33 DE0269B69861CD68EC8D29AD4A01894E 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe 2014-11-13 16:12:33 08E805C724637412C73A57E50212DBEC 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-11-13 16:12:31 27FA9CA22666E0AFB03F4433A4CEA5B7 1139712 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-11-13 16:12:30 ECED64B195BF217D5CFD65698BC9727D 65536 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-11-13 16:12:30 2A60B15FFD6EEDFBA73728593171AA19 41472 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2014-11-13 16:12:29 D07699ACF5301E45006AFD7566769E1B 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-11-13 16:12:29 5C4AE6F46A4307CC5885FF000EEF3A5D 231936 ----a-w- C:\Windows\SysWOW64\url.dll 2014-11-13 16:12:28 BE27559260267DD7431F9E01F0BF87B6 1802752 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-11-13 16:12:26 C94AEBE5CCA3F390E7CBC64D2FF30CDF 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 16:12:26 3A98C11FD14209D9D3A0B4E2943B302C 9739776 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-11-13 16:12:24 F832CFAFA6015E21B33A583C7B2CA19A 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-13 16:12:48 0053EA3A1291B2D91C237AF3BC7F60BC 2339840 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-11-13 16:12:47 3EB858DEABAE01C426ED4202C3424867 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-11-13 16:12:47 2DBFA18FF28839418387519F573CCA6C 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-11-13 16:12:46 DAB06C4B2931783188E045FE723F53C5 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-11-13 16:12:46 79585625DDF8FD8B4EF3289491321A2C 86016 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-11-13 16:12:46 435CD55A531A8CE35F6ABE0E7708530F 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-11-13 16:12:46 189A96C0E45C4A3814C9160EF1F790B5 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-11-13 16:12:43 BE956E1FAF9217F0FAC32E538FB2BE33 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-11-13 16:12:40 6F980F2FF2978D2D4AF9C1B699EB1F68 282112 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-11-13 16:12:39 857D7A99E30C975A8541C2905B9551B8 248320 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-11-13 16:12:36 93690EE6C30DEFC5E07D33B440BCC985 17870336 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-11-13 16:12:31 E8DE90B036D513905C4FFDADAC966F8B 12800 ----a-w- C:\Windows\Sysnative\mshta.exe 2014-11-13 16:12:30 82D4EA3C0103833E38A63964299B1E88 2157056 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-11-13 16:12:30 659B7AA886B669E0F6FAFED8DBDA0814 55296 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2014-11-13 16:12:29 EA68F5EF02B136582E28E62F2F98D1FF 1388032 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-11-13 16:12:29 00A7D6582A860ECE9ACC1A93D79FC60D 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-11-13 16:12:28 EA6E0E20941FEFAB89A617200686817B 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-11-13 16:12:27 B55354B1FFCF46543EEA4AA2510699E6 237056 ----a-w- C:\Windows\Sysnative\url.dll 2014-11-13 16:12:27 A7E9D88EB3026DF3807589F377640D44 1494016 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-11-13 16:12:26 57472704B1786A678359786291E4E9DE 10921472 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-11-13 16:12:24 0552324DFF49A7137E9B7B33845B77C0 11264 ----a-w- C:\Windows\Sysnative\msfeedssync.exe ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2014-11-12 12:05:34 6D03BA2AE814726DB4905262B8D7D860 3336 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3278934018-1527198301-2483027198-1000 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-16 15:13:31 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Nele\AppData\Roaming ====== ====== C:\Users\Nele ====== 2014-11-16 15:12:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Nele\Downloads\RSITx64.exe 2014-11-13 15:22:00 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Nele\Downloads\mbam-setup-2.0.0.1000.exe 2014-11-13 15:01:03 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Nele\Downloads\adwcleaner_4.101.exe ====== C: exe-files == 2014-11-16 15:13:34 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Nele.exe 2014-11-16 15:12:51 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Nele\Downloads\RSITx64.exe 2014-11-16 09:23:11 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-11-16 09:23:11 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-11-16 09:23:11 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-11-16 09:23:07 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-11-16 09:23:06 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-11-16 09:23:06 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-11-16 09:23:06 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-11-16 09:23:01 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe 2014-11-13 16:12:33 DE0269B69861CD68EC8D29AD4A01894E 11776 ----a-w- C:\Windows\SysWOW64\mshta.exe 2014-11-13 16:12:31 E8DE90B036D513905C4FFDADAC966F8B 12800 ----a-w- C:\Windows\System32\mshta.exe 2014-11-13 16:12:31 06DE47CAE6D862847A4F24753C199394 757968 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-11-13 16:12:29 7BA2683147FD7748A54D2F04306561CB 22528 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2014-11-13 16:12:29 00A7D6582A860ECE9ACC1A93D79FC60D 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-11-13 16:12:27 B1CE75EA01F9562284D711EE7B928548 763600 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-11-13 16:12:26 C94AEBE5CCA3F390E7CBC64D2FF30CDF 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-13 16:12:24 F832CFAFA6015E21B33A583C7B2CA19A 10752 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2014-11-13 16:12:24 4A201AEA90D14809BED083D876A43669 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-11-13 16:12:24 446DA3FA1EB4294A0270B6369FC49C4E 223232 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-11-13 16:12:24 3DF83938DDB281B310D1CA27A08C4411 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-11-13 16:12:24 3AA7BA61D586DF930689BD00611721C3 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-11-13 16:12:24 0552324DFF49A7137E9B7B33845B77C0 11264 ----a-w- C:\Windows\System32\msfeedssync.exe 2014-11-13 15:22:00 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Nele\Downloads\mbam-setup-2.0.0.1000.exe 2014-11-13 15:01:03 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Nele\Downloads\adwcleaner_4.101.exe 2014-11-13 14:56:26 5B4ED5734945619EE3BCDB9825D2F526 51080 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe 2014-11-13 14:56:26 06036279056145E0F08FC095CB789E6A 51080 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateBroker.exe 2014-11-13 14:56:24 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateSetup.exe 2014-11-13 14:56:03 EDD3E562684CB4C50704B471BEAB1F86 114568 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe 2014-11-13 14:56:02 CB8C1CC4F46FBAC78150754D77460C73 230792 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe 2014-11-13 14:56:02 7161E8E31B7FD3B1CE083C2CA5FD5F44 285064 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler64.exe 2014-11-13 14:52:50 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Users\Nele\AppData\Local\Google\Update\1.3.25.11\GoogleUpdate.exe 2014-11-13 14:52:19 87EB5AFD21E52CB08883E04605B55829 880784 ----a-w- C:\Users\Nele\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.11\GoogleUpdateSetup.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe /c" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files (x86)\Ares\Ares.exe -h" "Facebook Update"="C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcadeDeluxeAgent"="C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "PlayMovie"="C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe /c" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files (x86)\Ares\Ares.exe -h" "Facebook Update"="C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED" "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Folders ====================== 2010-09-17 15:53:05 1318 ----a-w- C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2014-06-30 15:17:27 1256 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/11/2014 13:55] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000Core.job --a------ C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe [14/07/2012 11:44] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000UA.job --a------ C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe [14/07/2012 11:44] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/10/2014 15:16] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/10/2014 15:16] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000Core.job --a------ C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe [25/10/2014 14:30] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000UA.job --a------ C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe [25/10/2014 14:30] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000Core" [C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000UA" [C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000Core" [C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3278934018-1527198301-2483027198-1000UA" [C:\Users\Nele\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3278934018-1527198301-2483027198-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1AC80063-0A0E-46FA-939B-C7EFD39F2882}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms" [C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{9D2AA73B-6049-4799-B8AC-925723370070}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [26/09/2014 16:03] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default - Undetermined - C:\Program Files\Web Assistant\Firefox - Undetermined - C:\Program Files (x86)\YTD Toolbar\FF - Address Bar Search - %ProfilePath%\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Nele\AppData\Roaming\Mozilla\Firefox\Profiles\ixlobxvm.default 20AF900395CA5AD66A9134CF032B0435 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Nele\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 3170FDFA0CCE1D9133B6546315D11983 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) 76C5ADFE97A6960D0851522EA7AA5AF4 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Nele\AppData\Local\Temp\ccex.crx[] iikflkcanblccfahdhdonehdalibjnif - No path found[] AdBlock - Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Norton Identity Safe - Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif ==== Chromium Fix ====================== C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5532&r=27360810e125l0304z125t4842x13p" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5532&r=27360810e125l0304z125t4842x13p" "Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5532&r=27360810e125l0304z125t4842x13p" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5532&r=27360810e125l0304z125t4842x13p" "Start Page"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5532&r=27360810e125l0304z125t4842x13p" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{66E9BC80-FE76-4614-B27F-CF0A66465E00}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66E9BC80-FE76-4614-B27F-CF0A66465E00}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE394" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3278934018-1527198301-2483027198-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Nele\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe C:\Users\Nele\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Nele\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0018-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Nele\Desktop\Norton-installatiebestanden.lnk - C:\Users\Public\Downloads\Norton\{NIS201102-SHPD-FSD31014} C:\Users\Nele\Desktop\RollerCoaster Tycoon 3.lnk - C:\Program Files (x86)\Portable\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Canon Solution Menu EX.lnk - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\uistub.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\PlayMemories Home Help.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe /Help C:\Users\Public\Desktop\PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\RealPlayer Cloud.lnk - C:\program files (x86)\real\realplayer\RealPlay.exe /launch:desktop ==== shortcuts in Users Start Menu ====================== C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Nele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\Nele\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe C:\Users\Nele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\Nele\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Agenda.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe calendar C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contactgegevens.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\E-mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Herinneringen.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud-foto's.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notities.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Zoek mijn iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\LiveUpdate.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\uistub.exe /lu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\NBRT.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\uistub.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Support.lnk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\symerr.exe /support C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Uninstall Norton Internet Security.lnk - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\21.6.0.32\inststub.exe /X /shortcut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk - C:\Windows\Installer\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}\recordingmanager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Crystal Eye webcam.lnk - C:\Program Files (x86)\Acer\Acer Crystal Eye webcam\CrystalEye.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Store.lnk - C:\Program Files (x86)\Acer Accessory Store\StartUrl.exe http://store.acer-euro.com/be?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\De Sims 2™ Je Eigen Winkel Collectie.lnk - C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Users\Nele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes' Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Nele\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== shortcuts After Repair ====================== C:\Users\Nele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Store.lnk - C:\Program Files (x86)\Acer Accessory Store\StartUrl.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FC2E07A-482B-4BA5-B5E4-9286260585B1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Nele\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Nele\AppData\Local\Mozilla\Firefox\Profiles\ixlobxvm.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Nele\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=389 folders=75 99243090 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Nele\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Nele\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Nele\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted ==== EOF on zo 16/11/2014 at 18:27:45,13 ======================