Zoek.exe v5.0.0.0 Updated 19-10-2014 Tool run by Robin on vr 24-10-2014 at 17:51:10,64. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robin\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-10-23-192616.log 28590 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4066667900-716801694-3576342501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-4066667900-716801694-3576342501-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default ---- FireFox user.js and prefs.js backups ---- user_24-10-2014_1835_.backup prefs_24-10-2014_1835_.backup ProfilePath: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\qgrt4xwe.default user.js not found ---- Lines helperbar removed from prefs.js ---- user_pref("browser.newtab.url", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS ---- Lines extensions.e5aCkQ removed from prefs.js ---- user_pref("extensions.e5aCkQ.epoch", "1414143655"); user_pref("extensions.e5aCkQ.url", "http://centergoodfind.info/sync2/?q=hfZ9ofqRhihEAen0qHC6tMqLDe49CNU0jUEMCMlNhd9Fqda5rTkGrjr8qjCMBzqUojw9rjaErHsErd ---- FireFox user.js and prefs.js backups ---- prefs_24-10-2014_1835_.backup ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\RegClean Pro not found C:\PROGRA~2\Flowsurf not found C:\Program Files (x86)\ShopperPro not found C:\Users\Robin\AppData\LocalLow\{9211856C-42AE-5F78-5F16-25D4302B1429} deleted C:\Users\Robin\AppData\Local\Packages\windows_ie_ac_001\AC\{9211856C-42AE-5F78-5F16-25D4302B1429} deleted C:\PROGRA~3\148d6ef0b26a369e deleted C:\PROGRA~2\WinZip Driver Updater deleted C:\PROGRA~2\Probit Software deleted C:\PROGRA~2\GetPrivate deleted C:\PROGRA~2\globalUpdate deleted C:\install.exe deleted C:\Support deleted C:\Users\Robin\AppData\Roaming\GetPrivate deleted C:\Users\Robin\AppData\Roaming\WinZip\WinZipDU deleted C:\Users\Robin\AppData\Roaming\aps.uninstall.scan.results deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\Users\Robin\AppData\Local\nsjF45C.tmp deleted C:\Users\Robin\AppData\Local\MaxiGet Download Manager deleted C:\Users\Robin\AppData\Local\globalUpdate deleted C:\Users\Robin\AppData\Local\Installer deleted C:\Users\Robin\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\Tasks\fsupdate deleted C:\Users\Robin\AppData\LocalLow\{DA3E6DC3-7334-A9ED-CFC6-60F662643E52} deleted C:\windows\SysNative\tasks\UNELEVATE_102 deleted C:\windows\SysNative\tasks\ASP deleted C:\windows\SysNative\tasks\GPUP deleted C:\END deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\qgrt4xwe.default\searchplugins\SafeFinder Search.xml deleted C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\qgrt4xwe.default\extensions\dbij6@eo-.co.uk deleted "C:\WINDOWS\Sysnative\ApnDatabase.xml" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [20-10-2014 19:30] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default - Senses - %ProfilePath%\extensions\warnerroberts@hotmail.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default DFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 66640A55AEFF3819C94E0A8D40D7E0AD - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20-09-2014 10:52] cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Gast\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Robin\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Robin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij YouTube - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf cosstminn - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij ShortenMe googl URL shortener QR codes - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn Google Wallet - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda FlowSurf - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn Gmail - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia cosstminn - Robin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Robin\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Xander\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Xander\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij Docs - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf cosstminn - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij ShortenMe googl URL shortener QR codes - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn Google Wallet - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia cosstminn - Xander\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij cosstminn - Xander\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij ==== Chromium Startpages ====================== C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpmsVCo4xxNFbVlw8t5C6fj2ox4rb0XqP8CQYnlV1yIooOR38_3XLAeKNX-i4H2GdaerGZHQrdF2cSScqkixsg,,", ==== Chromium Fix ====================== C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Xander\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Xander\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Xander\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Xander\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn deleted successfully C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHqQRoi4pWJ8KkGKDZ7DUOJo5w,&q={searchTerms}" "Search Bar"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHqQRoi4pWJ8KkGKDZ7DUOJo5w,&q={searchTerms}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1407173939&from=smt&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S107655776557&q={searchTerms}" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1407173939&from=smt&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S107655776557&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1407173939&from=smt&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S107655776557&q={searchTerms}" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1407173939&from=smt&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S107655776557&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHtRhox3F30y1979H-AKfeNPA,,&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHtRhox3F30y1979H-AKfeNPA,,&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHqQRoi4pWJ8KkGKDZ7DUOJo5w,&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHqQRoi4pWJ8KkGKDZ7DUOJo5w,&q={searchTerms}" "SearchAssistant"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpUBjY4kl41NfcHeWz8T-LCk3y0HlDj_6be3malFEkd0DguJznL29A7NfHjkRcHqQRoi4pWJ8KkGKDZ7DUOJo5w,&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset Google Chrome ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Robin\Desktop\Dropbox.lnk - C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Robin\Desktop\Mijn documenten.lnk - C:\Users\Robin\Documents C:\Users\Robin\Desktop\Secure Download Manager.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Installer\{F4924A45-80A9-4BC0-968D-2DCE3360F4C2}\_B8E63C5F101105FA4338CF.exe C:\Users\Robin\Desktop\Spotify.lnk - C:\Users\Robin\AppData\Roaming\Spotify\spotify.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk - C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2013\ib2013.exe C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk - C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\uistub.exe C:\Users\Public\Desktop\Pro Cycling Manager - Seizoen 2012.lnk - C:\Program Files (x86)\Cyanide\Pro Cycling Manager - Seizoen 2012\Autorun\Exe\Autorun.exe C:\Users\Public\Desktop\Pro Cycling Manager - Seizoen 2013.lnk - C:\Program Files (x86)\Cyanide\Pro Cycling Manager - Seizoen 2013\Autorun\Exe\Autorun.exe C:\Users\Public\Desktop\Pro Cycling Manager - Seizoen 2014.lnk - C:\Program Files (x86)\Cyanide\Pro Cycling Manager - Seizoen 2014\Autorun\Exe\Autorun.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Safari.lnk - C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Public\Desktop\Ship Simulator Extremes.lnk - C:\Program Files (x86)\Vstep\ShipSimExtremes\SSE.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Deïnstalleer.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Anti-Malware.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Emsisoft Homepage.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\Emsisoft.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware\Help.lnk - C:\Program Files (x86)\Emsisoft Anti-Malware\en-us.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Visio 2013.lnk - C:\WINDOWS\Installer\{91150000-0051-0000-0000-0000000FF1CE}\visicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\uistub.exe /win8 ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LFS.lnk - C:\Users\Robin\MediaFire\LFS\LFS.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Users\Robin\Downloads\Minecraft.exe C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Xander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pro Cycling Manager - Seizoen 2014.lnk - C:\Program Files (x86)\Cyanide\Pro Cycling Manager - Seizoen 2014\Autorun\Exe\Autorun.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Xander\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Xander\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=379 folders=132 39643361 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robin\AppData\Local\Temp will be emptied at reboot C:\Users\Xander\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Robin\AppData\Local\Temp successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\Sysnative\ApnDatabase.xml" not deleted ==== EOF on vr 24-10-2014 at 18:59:17,31 ======================