Zo
Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Robby on ma 24/02/2014 at 15:00:20,37.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\Babylon deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\OviInstallerCache deleted successfully
C:\Users\Robby\AppData\Roaming\.# deleted successfully
C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully
C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
---- Lines funmoods removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Funmoods");
user_pref("browser.startup.homepage", "Funmoods Search
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "BE");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "Funmoods Search
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "Funmoods Search
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "Funmoods Search
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
---- Lines funmoods modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "Funmoods Search");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "Funmoods Search");
user_pref("extensions.funmoods.tlbrSrchUrl", "Funmoods Search=");
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "{query} - Ask.com Web Search");
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines babylon removed from prefs.js ----
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "Babylon Search=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("keyword.URL", "Babylon Search=");
---- Lines babylon removed from user.js ----
user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "Babylon Search=");
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
---- Lines conduit removed from prefs.js ----
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "UG");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYBE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1349115838565");
user_pref("extensions.asktb.locale", "nl_EU");
user_pref("extensions.asktb.location", "Brussels,Belgium");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "15158");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "8");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.volume", "");
---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----
user_20142402_1513_.backup
prefs_20142402_1513_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"ApnUpdater"=-
==== Deleting Files \ Folders ======================
C:\Program Files\AVG not found
C:\Program Files\Ask.com deleted
C:\Program Files\MediaMonkey deleted
C:\Program Files\Mozilla Firefox deleted
C:\Users\Robby\AppData\Local\MediaMonkey deleted
C:\Program Files\Conduit deleted
C:\Program Files\Convesoft deleted
C:\Program Files\Yahoo! deleted
C:\Users\Robby\AppData\Roaming\Smiley.ico deleted
C:\Users\Robby\AppData\Roaming\Babylon deleted
C:\Users\Robby\AppData\Roaming\GetRightToGo deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted
C:\Users\Robby\AppData\Roaming\Media Finder deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\StarApp deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Premium deleted
C:\Users\Robby\AppData\Local\CRE deleted
C:\Users\Robby\AppData\Local\WhiteListing deleted
C:\Users\Robby\AppData\Local\jZip deleted
C:\Users\Robby\AppData\Local\NativeMessaging deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted
C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Robby\AppData\LocalLow\Yahoo! deleted
C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Robby\AppData\LocalLow\jZip deleted
C:\Users\Robby\AppData\LocalLow\AskToolbar deleted
C:\Users\Robby\AppData\LocalLow\DataMngr deleted
C:\Users\Robby\AppData\LocalLow\Conduit deleted
C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted
"C:\Users\Robby\AppData\Roaming\File Templates" deleted
"C:\Users\Robby\AppData\Roaming\Filesystems" deleted
"C:\Users\Robby\AppData\Roaming\Filter" deleted
"C:\ProgramData\Flags" deleted
"C:\ProgramData\Flange Saw" deleted
"C:\ProgramData\Flanger" deleted
"C:\ProgramData\Galaxy Swirl" deleted
"C:\ProgramData\Generic" deleted
"C:\ProgramData\Grapher" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Program Files\jZip\jZipShell.dll" deleted
"C:\Program Files\jZip" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Robby\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Robby\AppData\Roaming ======
====== C:\Users\Robby ======
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
====== C: exe-files ==
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe
2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"
"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nikon Message Center 2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMServer"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMusic FastStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaOviSuite2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Suite Tray"
"hkey"="HKCU"
"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
==== Startup Folders ======================
2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]
"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
==== Firefox Plugins ======================
Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25
73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25
6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox
5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8
E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8
5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8
C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8
6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8
D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8
1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
==== Deleted Firefox Extensions ======================
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg
Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade
BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm
Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp
Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje
avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
==== Chrome Fix ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
"Default_Page_URL"="iGoogle Redirect"
"Search Page"="Google"
"Search Bar"="Upgrade to Google Chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="Bing"
"Search Bar"="Bing"
"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"
"Start Page"="Google"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="%s - Bing"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing="
{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="{searchTerms} - Google Search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"
{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="{searchTerms} - Google Search"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2738 folders=544 295042543 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Robby\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Robby\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\jZip" not found
==== EOF on ma 24/02/2014 at 15:28:36,98 ======================
- - - Updated - - -
Zo
Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Robby on ma 24/02/2014 at 15:00:20,37.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\Babylon deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\OviInstallerCache deleted successfully
C:\Users\Robby\AppData\Roaming\.# deleted successfully
C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully
C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
---- Lines funmoods removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Funmoods");
user_pref("browser.startup.homepage", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0C
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "BE");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tz
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
---- Lines funmoods modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463&q=");
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all");
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines babylon removed from prefs.js ----
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("keyword.URL", "http://search.babylon.com/?affID=110823&tt=300912_TORP_4012_8&babsrc=KW_ss&mntrId=0c28b3c30000000000000022fa06e594&q=");
---- Lines babylon removed from user.js ----
user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
---- Lines conduit removed from prefs.js ----
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "UG");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYBE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1349115838565");
user_pref("extensions.asktb.locale", "nl_EU");
user_pref("extensions.asktb.location", "Brussels,Belgium");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "15158");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "8");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.volume", "");
---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----
user_20142402_1513_.backup
prefs_20142402_1513_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"ApnUpdater"=-
==== Deleting Files \ Folders ======================
C:\Program Files\AVG not found
C:\Program Files\Ask.com deleted
C:\Program Files\MediaMonkey deleted
C:\Program Files\Mozilla Firefox deleted
C:\Users\Robby\AppData\Local\MediaMonkey deleted
C:\Program Files\Conduit deleted
C:\Program Files\Convesoft deleted
C:\Program Files\Yahoo! deleted
C:\Users\Robby\AppData\Roaming\Smiley.ico deleted
C:\Users\Robby\AppData\Roaming\Babylon deleted
C:\Users\Robby\AppData\Roaming\GetRightToGo deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted
C:\Users\Robby\AppData\Roaming\Media Finder deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\StarApp deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Premium deleted
C:\Users\Robby\AppData\Local\CRE deleted
C:\Users\Robby\AppData\Local\WhiteListing deleted
C:\Users\Robby\AppData\Local\jZip deleted
C:\Users\Robby\AppData\Local\NativeMessaging deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted
C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Robby\AppData\LocalLow\Yahoo! deleted
C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Robby\AppData\LocalLow\jZip deleted
C:\Users\Robby\AppData\LocalLow\AskToolbar deleted
C:\Users\Robby\AppData\LocalLow\DataMngr deleted
C:\Users\Robby\AppData\LocalLow\Conduit deleted
C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted
"C:\Users\Robby\AppData\Roaming\File Templates" deleted
"C:\Users\Robby\AppData\Roaming\Filesystems" deleted
"C:\Users\Robby\AppData\Roaming\Filter" deleted
"C:\ProgramData\Flags" deleted
"C:\ProgramData\Flange Saw" deleted
"C:\ProgramData\Flanger" deleted
"C:\ProgramData\Galaxy Swirl" deleted
"C:\ProgramData\Generic" deleted
"C:\ProgramData\Grapher" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Program Files\jZip\jZipShell.dll" deleted
"C:\Program Files\jZip" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Robby\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Robby\AppData\Roaming ======
====== C:\Users\Robby ======
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
====== C: exe-files ==
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe
2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"
"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nikon Message Center 2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMServer"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMusic FastStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaOviSuite2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Suite Tray"
"hkey"="HKCU"
"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
==== Startup Folders ======================
2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]
"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
==== Firefox Plugins ======================
Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25
73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25
6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox
5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8
E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8
5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8
C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8
6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8
D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8
1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
==== Deleted Firefox Extensions ======================
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg
Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade
BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm
Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp
Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje
avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
==== Chrome Fix ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0509&m=aspire_7738"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.be/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE328"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"
{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nlBE328"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2738 folders=544 295042543 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Robby\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Robby\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\jZip" not found
==== EOF on ma 24/02/2014 at 15:28:36,98 ======================
- - - Updated - - -
Zo
Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Robby on ma 24/02/2014 at 15:00:20,37.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Robby\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
==== Empty Folders Check ======================
C:\Program Files\MSXML 4.0 deleted successfully
C:\PROGRA~2\Babylon deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\OviInstallerCache deleted successfully
C:\Users\Robby\AppData\Roaming\.# deleted successfully
C:\Users\Robby\AppData\Roaming\Sony Setup deleted successfully
C:\Users\Robby\AppData\Roaming\WinRAR deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\bkmrksync@nokia.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
---- Lines funmoods removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Funmoods");
user_pref("browser.startup.homepage", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0C
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "BE");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "3F1EBB0B0FDAE24CB97397C8A1FA4077");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tz
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
---- Lines funmoods modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtBtB0F0AtDyC0EyDzyyE0BtA0CtAtN0D0Tzu0CtByByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=780983463&q=");
user_pref("extensions.funmoods.id", "0022FA06E594B3C3");
user_pref("extensions.funmoods.instlDay", "15614");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:16:38");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all");
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WR
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
---- Lines ask.com modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@ask.com:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler@
---- Lines babylon removed from prefs.js ----
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("keyword.URL", "http://search.babylon.com/?affID=110823&tt=300912_TORP_4012_8&babsrc=KW_ss&mntrId=0c28b3c30000000000000022fa06e594&q=");
---- Lines babylon removed from user.js ----
user_pref("yahoo.ytff.general.dontshowhpoffer", true);user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=0c28b3c30000000000000022fa06e594&q=");
user_pref("extensions.BabylonToolbar.id", "0c28b3c30000000000000022fa06e594");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15614");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.720:12:27");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=300912_TORP_4012_8");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
---- Lines conduit removed from prefs.js ----
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "UG");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYBE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BEXX0005");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.first-launch-url", "http://www.drivernavigator.com/buy.php?pmtid=3&affid=us2008&srcid=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "07B53C07-38FC-485B-9DC3-6F2A6B648D6B");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1349115838565");
user_pref("extensions.asktb.locale", "nl_EU");
user_pref("extensions.asktb.location", "Brussels,Belgium");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "15158");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "8");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-history-queries", "dikke schijven||retro hous");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.volume", "");
---- Lines 99079a25-328f-4bd4-be04-00955acaa0a7 modified from prefs.js ----
user_pref("extensions.enabledItems", "toolbar@disabled:3.14.1.100013,wrc@avast.com:8.0.1489,{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48,gencrawler
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----
user_20142402_1513_.backup
prefs_20142402_1513_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"ApnUpdater"=-
==== Deleting Files \ Folders ======================
C:\Program Files\AVG not found
C:\Program Files\Ask.com deleted
C:\Program Files\MediaMonkey deleted
C:\Program Files\Mozilla Firefox deleted
C:\Users\Robby\AppData\Local\MediaMonkey deleted
C:\Program Files\Conduit deleted
C:\Program Files\Convesoft deleted
C:\Program Files\Yahoo! deleted
C:\Users\Robby\AppData\Roaming\Smiley.ico deleted
C:\Users\Robby\AppData\Roaming\Babylon deleted
C:\Users\Robby\AppData\Roaming\GetRightToGo deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com deleted
C:\Users\Robby\AppData\Roaming\Media Finder deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\StarApp deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Premium deleted
C:\Users\Robby\AppData\Local\CRE deleted
C:\Users\Robby\AppData\Local\WhiteListing deleted
C:\Users\Robby\AppData\Local\jZip deleted
C:\Users\Robby\AppData\Local\NativeMessaging deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder deleted
C:\Users\Robby\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Robby\AppData\LocalLow\Yahoo! deleted
C:\Users\Robby\AppData\LocalLow\searchqutoolbar deleted
C:\Users\Robby\AppData\LocalLow\jZip deleted
C:\Users\Robby\AppData\LocalLow\AskToolbar deleted
C:\Users\Robby\AppData\LocalLow\DataMngr deleted
C:\Users\Robby\AppData\LocalLow\Conduit deleted
C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Search_Results.xml deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchqutoolbar deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\ffxtlbr@funmoods.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\toolbar@ask.com deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted
"C:\Users\Robby\AppData\Roaming\File Templates" deleted
"C:\Users\Robby\AppData\Roaming\Filesystems" deleted
"C:\Users\Robby\AppData\Roaming\Filter" deleted
"C:\ProgramData\Flags" deleted
"C:\ProgramData\Flange Saw" deleted
"C:\ProgramData\Flanger" deleted
"C:\ProgramData\Galaxy Swirl" deleted
"C:\ProgramData\Generic" deleted
"C:\ProgramData\Grapher" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\searchplugins\Funmoods.xml" deleted
"C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" deleted
"C:\Program Files\jZip\jZipShell.dll" deleted
"C:\Program Files\jZip" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Robby\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Robby\AppData\Roaming ======
====== C:\Users\Robby ======
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
====== C: exe-files ==
2014-02-24 13:15:15 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Users\Robby\Downloads\RSIT.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Install\{5ED071C8-60B3-4CAB-A7D9-1B88AA2A83C8}\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-22 18:05:51 A4F0C36642681927FA53CD6A90CA2975 7620312 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.117\33.0.1750.117_32.0.1700.107_chrome_updater.exe
2014-02-20 15:19:14 0FB86683779E34A7A9739E11E5CB62A1 1043232 ----a-w- C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe
2014-02-20 14:59:07 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe
2014-02-20 14:59:07 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateBroker.exe
2014-02-20 14:59:06 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdateSetup.exe
2014-02-20 14:57:55 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
2014-02-20 14:57:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
2014-02-20 14:57:41 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files\Google\Update\1.3.22.5\GoogleUpdate.exe
2014-02-20 14:56:56 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe
=== C: other files ==
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-4138485238-1851768418-1376420245-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup"
"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"PLFSetI"="C:\Windows\PLFSetI.exe"
"VitaKeyPdtWzd"="c:\Program Files\Acer Bio Protection\PdtWzd.exe"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -k"
"Acer ePower Management"="C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe"
"EgisTecLiveUpdate"="C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"mwlDaemon"="C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe /hide"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent"
"Malwarebytes Anti-Malware (cleanup)"="rundll32.exe C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll,ProcessCleanupScript"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
"Media Finder"="C:\Program Files\Media Finder\Media Finder.exe /opentotray"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"GoogleChromeAutoLaunch_39E54563CBD9FF53F840E2F8C1B32B12"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware (reboot)"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nikon Message Center 2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMServer"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMusic FastStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaMusic FastStart"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe\" /command:faststart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaOviSuite2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Suite Tray"
"hkey"="HKCU"
"command"="\"C:\\Users\\Robby\\Desktop\\Snelkoppelingen Bureaublad\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"
"hkey"="HKLM"
"command"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
==== Startup Folders ======================
2011-08-08 19:28:39 1105 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
2009-09-10 16:24:31 0 ----a-w- C:\Users\Robby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/02/2014 14:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22/12/2009 17:25]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\{DB3D65B2-7447-49F3-829D-B1242A857BBB}" ["c:\program files\google\chrome\application\chrome.exe"]
"C:\Windows\system32\tasks\Acer\Burn Notification" [C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2013 14:12]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
- Undetermined - C:\Users\Robby\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- TVU Web Player - %ProfilePath%\extensions\firefox@tvunetworks.com
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
==== Firefox Plugins ======================
Profilepath: C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default
87B41E7975298577BC56B6E82F0E6B34 - C:\Program Files\Java\jre7\bin\npjpi170_25.dll - Java Platform SE 7 U25
73FB13F5D73EDC1DB8C66079903B19F6 - C:\Program Files\Java\jre7\bin\npoji610.dll - Java Platform SE 7 U25
6967C3D9BE67F6A5DEFADEDEE02FCB92 - c:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17
0B759CF1C312102F1F7FFC0F7BE67D0A - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll - InoViewer Plugin
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
A82533DA1C7AFCE542B8E0D2714B8A4A - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
07154B27860B999CC70EB6F7A1528794 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
1BFD18699636B8F1AA26675BA43D2F8F - C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll - TVU Web Player for FireFox
5FBCD34D89D58D695D966A70C9829EE6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.8
E764E340AD2CD744802B5CD51D234E28 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.8
5E689EEF06202E299F96E82DA9174255 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.8
C37A257E3C3D26AA3E75DDF72D861771 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.8
6D2329DFDA605E25D5FC3A3D6A0129B8 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.8
D4619DDAC3134E7D2737EE7B36143316 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.8
1573E1AC2FDE21D2A936F00EDB919FAD - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.8
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\Windows\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
==== Deleted Firefox Extensions ======================
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted
C:\Users\Robby\AppData\Roaming\Mozilla\Firefox\Profiles\27w4mn03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Robby\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Robby\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
AT_Porsche - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg
Webcam Toy - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade
BittorrentBar_NL - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm
Red Bull TV - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbalkogcfbpplioohgihkidalmomblfc
20-20 3D Viewer for IKEA - Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp
Docs - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
General Crawler - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
DealPly - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje
avast WebRep - Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
==== Chrome Fix ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage-journal deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0 deleted successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&s=2&o=vp32&d=0509&m=aspire_7738"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.be/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&r="
{23735B41-2CBD-5328-C66C-5FF7986F9BDE} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlBE328"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=dd3_8oGdgvRA8WnXL-FL5pT3vms?q={searchTerms}"
{B1D44357-3BA0-4D84-9656-DCCE129AB563} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nlBE328"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DDF452-62BA-F2EF-2B10-76C079E8936D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6B1D56A0-B9C4-A31A-5B4E-7E5E8A805515} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Robby\AppData\Local\Mozilla\Firefox\Profiles\27w4mn03.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Robby\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2738 folders=544 295042543 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Robby\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Robby\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Robby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\jZip" not found
==== EOF on ma 24/02/2014 at 15:28:36,98 ======================
