
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Bernadette on Fri 04/18/2014 at 17:42:17.40.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bernadette\Documents\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

4/18/2014 5:44:02 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\CoolLyrics
C:\Program Files\MSXML 4.0
C:\Program Files\NeroInstall.bak
C:\Program Files\URUSoft
C:\Program Files\Common Files\AOL
\9E61.tmp
\acro_rd_dir
\hsperfdata_Bernadette
\Low
\plugtmp
\plugtmp-1
\WPDNSE
C:\Users\Bernadette\AppData\Roaming\AVG8
C:\Users\Bernadette\AppData\Roaming\HpUpdate
C:\Users\Bernadette\AppData\Roaming\IrfanView
C:\Users\Bernadette\AppData\Local\Conduit

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934c42-161d-45bc-8cef-ef18abe2a30c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Mozilla\Firefox\Extensions\{12ff8c0f-2b0e-4b07-a1cc-4b7ea21c58f2} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default

---- Lines conduit modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=bs&q="
user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._4aMembers_.homepage", "http://home.tb.ask.com/index.jhtml?ptb=AF434FB4-9FCE-48C4-9F6E-9C4C162C1ECA&n=77fd5270
user_pref("extensions.toolbar.mindspark._4aMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.hp.lastGuardTime", -302864859);
user_pref("extensions.toolbar.mindspark._4aMembers_.hp.numGuards", 1);
user_pref("extensions.toolbar.mindspark._4aMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.installDate", "2013090416");
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.partnerId", "^ZQ^xdm458^YYA^be");
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.installation.toolbarId", "AF434FB4-9FCE-48C4-9F6E-9C4C162C1ECA");
user_pref("extensions.toolbar.mindspark._4aMembers_.lastActivePing", "1378482897898");
user_pref("extensions.toolbar.mindspark._4aMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4aMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "astrology@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "astrology@mindspark.com");
---- Lines ask.com removed from prefs.js ----
user_pref("keyword.URL", "http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=AF434FB4-9FCE-48C4-9F6E-9C4C162C1ECA&n=77fd5270&ind=2013090416&p2=^Z
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- Lines {20a82645-c095-46ed-80e3-08825760534b} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines {87934c42-161d-45bc-8cef-ef18abe2a30c} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- FireFox user.js and prefs.js backups ---- 

user_20140418_0553_.backup
prefs_20140418_0553_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\Conduit deleted
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\CoolLyrics deleted
C:\Program Files\Toolbar Cleaner deleted
C:\found.000 deleted
C:\Users\Bernadette\AppData\Roaming\SecureSearch deleted
C:\Users\Bernadette\AppData\Roaming\eIntaller deleted
C:\Users\Bernadette\AppData\Roaming\Babylon deleted
C:\Users\Bernadette\AppData\Local\funmoods-speeddial.crx deleted
C:\Users\Bernadette\AppData\Local\funmoods.crx deleted
C:\Users\Bernadette\AppData\Local\adawarebp deleted
C:\Users\Bernadette\AppData\Local\Conduit deleted
C:\Users\Bernadette\AppData\LocalLow\Yahoo! deleted
C:\Users\Bernadette\AppData\LocalLow\adawaretb deleted
C:\Users\Bernadette\AppData\LocalLow\BabylonToolbar deleted
C:\Users\Bernadette\AppData\LocalLow\Funmoods deleted
C:\Users\Bernadette\AppData\LocalLow\PriceGong deleted
C:\Users\Bernadette\AppData\LocalLow\Conduit deleted
C:\Users\Bernadette\AppData\LocalLow\conduitEngine deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\system32\tasks\Desk 365 RunAsStdUser deleted
C:\user.js deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\searchplugins\ask-web-search.xml deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\searchplugins\askcom.xml deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\searchplugins\Search.xml deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\Invalidprefs.js deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\aimToolbarData deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\CT2786678 deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\adawaretb deleted
C:\Program Files\Mozilla Firefox\components\AskSearch.js deleted
C:\Users\Bernadette\Adaware_Installer.exe deleted
C:\Users\Bernadette\embrd2k8b84.exe deleted
C:\Users\Bernadette\tscc.exe deleted
C:\Users\Bernadette\vgae521xvst.exe deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\extensions\engine@conduit.com deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\conduit deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\ConduitEngine deleted
C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\BERNAD~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2014-04-12 07:21:32	E0D0597E355539485CE641949F640889	6119424	----a-w-	C:\Windows\System32\ieframe.dll
2014-04-12 07:21:32	2EF271675C87108D9B926AFC85BBAA91	3627008	----a-w-	C:\Windows\System32\mshtml.dll
2014-04-12 07:21:31	DE4746B5D70281B4CA9847947B94B314	834048	----a-w-	C:\Windows\System32\wininet.dll
2014-04-12 07:21:31	B59A595C54312D5E17283B26187B7DC4	480256	----a-w-	C:\Windows\System32\mshtmled.dll
2014-04-12 07:21:31	9A95492B5F616E56EADB9587E9717AFA	1177600	----a-w-	C:\Windows\System32\urlmon.dll
2014-04-12 07:21:31	94481D4985194CCF9599B9BCD81A70F3	498688	----a-w-	C:\Windows\System32\msfeeds.dll
2014-04-12 07:21:31	7CC62643C29F8C16A9577F5399A0509F	271872	----a-w-	C:\Windows\System32\iertutil.dll
2014-04-12 07:21:31	419F6C7D7AB9AD1A42F9D98EC01DDF17	671232	----a-w-	C:\Windows\System32\mstime.dll
2014-04-12 07:21:30	DDCA5DA0B5C52980E0CDFDFDF95CE8DF	19456	----a-w-	C:\Windows\System32\corpol.dll
2014-04-12 07:21:30	951D4EB904ED0FBD632C9D66F73965CB	389632	----a-w-	C:\Windows\System32\html.iec
2014-04-12 07:21:30	8B004C9BA2B1D799229C0698AB37DCCA	180736	----a-w-	C:\Windows\System32\ieui.dll
2014-04-12 07:21:30	735699E76FB16734E72A63CB97A473E4	193024	----a-w-	C:\Windows\System32\iepeers.dll
2014-04-12 07:21:30	53B26A58AF62FE0D26D8D14C49528627	380928	----a-w-	C:\Windows\System32\ieapfltr.dll
2014-04-12 07:21:30	4C3D674955269ECB6C1D28A989E44011	27648	----a-w-	C:\Windows\System32\jsproxy.dll
2014-04-12 07:21:30	37AF2C87DA3DDBB652B952ADD1337170	106496	----a-w-	C:\Windows\System32\url.dll
2014-04-12 07:21:30	19DB4563BCD6E13398E5842BD987D1B8	1383424	----a-w-	C:\Windows\System32\mshtml.tlb
2014-04-12 07:18:36	695DB97B018FB06F693F37108322AA1E	894464	----a-w-	C:\Windows\System32\kernel32.dll
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C: =====
====== C:\Users\Bernadette\AppData\Roaming ======
====== C:\Users\Bernadette ======

====== C: exe-files ==
2014-04-13 09:57:11	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\Trend Micro\Bernadette.exe
2014-04-13 09:56:39	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Users\Bernadette\Documents\Downloads\RSIT.exe
2014-04-12 07:21:31	BC81B331CC4634EC9B87282B5BFA98AD	304128	----a-w-	C:\Program Files\Internet Explorer\ieuser.exe
2014-04-12 07:21:31	3426D79ED25B2AD6FCF52122064389CC	282624	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
=== C: other files ==

==== Firefox Extensions ======================

ProfilePath: C:\Users\BERNAD~1\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default
- Undetermined - C:\Users\Bernadette\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bernadette\AppData\Roaming\Mozilla\Firefox\Profiles\f33c92hy.default
ABE2E50533899C45DFA03E1D8767648F	- C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll -	Shockwave Flash
01D93217A9EE48DD37072B671378CC9C	- c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.1.0.30109.0.dll -	Silverlight Plug-In
01D93217A9EE48DD37072B671378CC9C	- c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll -	Silverlight Plug-In
ECD88CDFC178E6A84DB1346EABF9F03F	- C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F	- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
3F9F8E0F93D6FA7B7552077A3DF171DE	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
34E3709244736B8976820F730E5A8815	- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 6 U31
A878453A1714870EAADA83E6434BDB77	- C:\Program Files\Java\jre6\bin\plugin2\npdeployJava1.dll -	Java Deployment Toolkit 6.0.310.5
C517E5EA7CEE783F3681F62D2A362E5B	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live? Photo Gallery
B6A800D881A0176C544988870861E798	- C:\Windows\system32\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
24E990B1E6D55428001843CF7217DD81	- C:\Program Files\Microsoft\Office Live\npOLW.dll -	Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
28986F0A2342A033345EF9E70D395E4F	- c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll -	Microsoft® Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
abfmigjiaapipflmopkaaooigcjjdojh - C:\Program Files\LyricsContainer\130.crx[]
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\BERNAD~1\AppData\Local\funmoods.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\BERNAD~1\AppData\Local\funmoods-speeddial.crx[]
oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\BERNAD~1\AppData\Local\funmoods.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\BERNAD~1\AppData\Local\funmoods-speeddial.crx[]

==== Chrome Fix ======================

C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage deleted successfully
C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Backup.Old.Start Page"="http://search.babylon.com/?affID=113480&tt=3312_7&babsrc=HP_ss&mntrId=b67dee3900000000000000224397e592"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com"
"Search Page"="http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomSearch"="http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{3ea5cc93-e372-4e4d-83b9-793689516a65}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Backup.Old.Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomSearch"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3ab40fcd-0261-4c3f-a76f-77ed4668679e} AOL Search Url="http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20120122214800115&tb_oid=22-01-2012&tb_mrud=22-01-2012"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_nl"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2744838355-1766387590-1531623454-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Bernadette\Desktop\Flash Player - Snelkoppeling.lnk -  
C:\Users\Bernadette\Desktop\HiJackThis.lnk - C:\Users\Bernadette\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 
C:\Users\Bernadette\Desktop\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPScan.exe 
C:\Users\Bernadette\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\Bernadette\Desktop\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe 
C:\Users\Bernadette\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe 
C:\Users\Bernadette\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Bernadette\Desktop\Sitecom MD-020 SIM Editor.lnk - C:\Program Files\Sitecom MD-020 SIM Editor\USIMEditor.exe 
C:\Users\Bernadette\Desktop\Windows Explorer.lnk - C:\Windows\explorer.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Ad-Aware.lnk - C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe 
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\Users\Public\Desktop\CyberLink PowerDirector.lnk - C:\Program Files\Cyberlink\PowerDirector\PDR9.exe 
C:\Users\Public\Desktop\Embird 2010.lnk - C:\Program Files\EMBIRD32\EMBIRD.EXE 
C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk - C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE409C9143291432&ts=1371484712
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe 
C:\Users\Public\Desktop\TeamViewer 5.lnk - C:\Program Files\TeamViewer\Version5\TeamViewer.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.0.285\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk - C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe 
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPScan.exe 
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE409C9143291432&ts=1371484712
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.qvo6.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE409C9143291432&ts=1371484712
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ZipGenius 6.lnk - C:\Program Files\ZipGenius 6\zipgenius.exe 
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Bernadette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avi Player deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Bernadette\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Bernadette\AppData\Local\Mozilla\Firefox\Profiles\f33c92hy.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4153 folders=171 114224395 bytes)

==== Empty Temp Folders ======================

C:\Users\Bernadette\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BERNAD~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Fri 04/18/2014 at 18:02:59.28 ======================