Zoek.exe v5.0.0.0 Updated 24-11-2014 Tool run by DELL on di 25-11-2014 at 14:50:15,43. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\DELL\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-11-25-092855.log 48187 bytes C:\zoek-results2014-11-25-120049.log 1191 bytes ==== Empty Folders Check ====================== \Tijdelijke bestanden \05373ADB-E4FB-41C7-A158-D20892E58336 \06572fde \06ed3b39 \0743f4d7aab943abb7033f9d0f0489ed1110 \07e9e2789e5a4bedaa4d11626a36ae861135 \1330tmp \1331tmp \1332tmp \1333tmp \1334tmp \1335tmp \1346tmp \1347tmp \1348tmp \1349tmp \1636604 \19ae5dd0efff4cd081c3739da98b16d71108 \467c795afffd427384c076f5ed645b791120 \523aa5da768e41b8be8835bab89db3281103 \812.tmp \8a70eF4505 \8A91tmp \8A92tmp \8A93tmp \8A94tmp \8B21tmp \8B8Ftmp \8C5Btmp \8C5Ctmp \8C5Dtmp \8DE4tmp \a7bc2d5c051e4aa48afc1c90b5483107 \be7d544b39314b81a58656b9283a082738 \d3b103374abe4e2d835d2b02ccba71e51077 \ed947c254d30423c809d20d3e82647161067 \ET \hsperfdata_DELL \IM \ImInstaller \innoApp \LCFEM \Low \mia1 \mia2 \msdt \OICE_09B774D8-60D4-44E8-A59A-E64EF51E8DC1.0 \OICE_EA08A983-1994-4F40-B265-9D44800EF80B.0 \plushd \ppcrlui_17612_2.ui \ppcrlui_22000_2.ui \ppcrlui_31980_2.ui \ppcrlui_3480_2.ui \ppcrlui_3752_2.ui \ppcrlui_6660_2.ui \ppcrlui_7364_2.ui \ppcrlui_8468_2.ui \ppcrlui_920_2.ui \Rad Rater \RarSFX0 \SP \SWL \WPDNSE \WPR \ZOG ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B2CE916-EBAE-4C2D-9A6-53C25C1CDCA} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CF02A9D-9BB5-4F99-AAC8-6BAF551BB513} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D040E83-EE4A-4308-B0C7-2BCB609DC14} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F14884-C5F4-41CE-8823-B5F061D93258} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20410824-FBB4-4C6E-A294-FAE1F99AC058} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22851D20-1FCD-4B02-AEFA-4A454056771C} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22D19353-B601-4D38-B35F-9B579685E5C} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2324D347-E531-41ED-958A-C5D0FE7D4612} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BB7ED60-27D6-42BE-AFA6-88D34C36653} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BC5D3BA-1A38-426B-BE4A-93801B84E836} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2cd1c432-1b11-45d6-acce-aa31f0938c1f} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F207EC5-E7BE-438E-AB73-CBF75E27FB84} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3739a27d-069f-4444-a735-bde81caf5e2f} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B06C46F-7F53-4486-96A2-2537625F1BCC} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3bcb56db-586f-43f2-8ae7-619b522abc02} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43468137-28D9-4B6B-A8D-83531F12C2E} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43D99C81-BB1F-4437-BE1-E92ECEABF6} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B49533B-30B5-4941-A8ED-78D9123F888B} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3D7693-FFE4-4D9D-A02C-6AED5E625B12} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50835FD6-A830-4917-A73B-8FF2F5A0DE1} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50876B83-3540-4D88-9E38-FD41A39EA968} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53BC4685-F509-4107-80E5-BD73EDA868C5} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5858d2e0-4281-4cbd-86b2-9352eb59dbed} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DC479CF-94F6-4AF9-B7C4-7349167AE071} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60609682-7a1e-459d-a05e-a89e52e80f3e} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{656FE518-41D4-4BE2-942B-1EA9B7AA6EE4} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{698525A8-4F32-4170-8243-A734EA18B77} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70558DFA-C2A2-4196-B1D0-6BCFCFB248CB} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72C9F906-AC49-4B04-B6F8-B71040183974} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A2AACDC-694E-4786-B2BE-18B7E968D77} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D91AFF5-88C9-4B04-A76B-6311A9F6FFB6} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE1AFE1-A3A-4F90-8ABD-8BB55099F0F5} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{815FFE64-7CEB-4B00-B88E-474027724293} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84D9A2B4-5930-408E-BBA2-DD81B64EE3D} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86E6C04D-81DC-41E1-B37B-7E6D3E3477CC} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89D25847-1650-41B0-AEF0-9B1B829E9E3} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9262dbc5-700d-45b0-8efe-557b0e30e676} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9270D026-A3C6-436E-8921-7CFEC813F82} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{985025AE-F621-4CE1-A2CE-F3E19F6A446} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FD1CF0-F2B2-430B-AF87-F6CDE09960BA} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD2CDC18-79DD-414D-A9F4-75C1738464C1} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0412BA8-3407-406B-80A2-4D304362DCEC} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0AD5BBA-C8D9-4AD5-9640-52E676F83075} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C34E60-8C75-4811-9F84-5D594D62948B} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C684D89A-1E2C-4451-B13B-5F53579E152} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAF7B03A-7A69-43B8-BA86-C7C5F793A6B} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1DC6125-5B52-4F85-8054-8AFF6EDD552E} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D29CB43C-48C8-4D24-9947-63FD443BB497} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D37C3FA2-9598-4E10-A34F-749C5384548A} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D532682F-62E1-4DF6-9716-F78076A131AA} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D64D5231-2276-43D3-B450-7261F96E2798} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd0d13ee-8c8c-4360-a79d-fa707671e8f6} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF6115E4-B203-457D-BF2F-D79FCC789299} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EBA5FD-9840-446F-89DD-702511C6A00} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC376DD9-DA51-4A8E-92CE-4B59AA44ACC5} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0DC5F64-374-40A1-BB8A-49FBBF3D6B6A} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2E578A5-51CB-4A97-8B88-96997B9BF341} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6D96E8-EC4E-425F-9275-8B83E21447CD} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7439612-7051-494B-A49D-F3C379B068FD} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9bea8e6-1f0c-483e-8e3a-7d2efe66d2a6} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAA5F165-D5A9-4747-87F-C96A73D93FE6} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC7FF516-EA11-4BB3-9CC-409E624D3920} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEF4792-507A-4F67-AA59-9B28B53AF3B9} deleted successfully HKEY_USERS\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFAF4FFC-85AF-4E3E-A0F8-3BEBC5ECA1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2cd1c432-1b11-45d6-acce-aa31f0938c1f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3739a27d-069f-4444-a735-bde81caf5e2f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3bcb56db-586f-43f2-8ae7-619b522abc02} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5858d2e0-4281-4cbd-86b2-9352eb59dbed} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60609682-7a1e-459d-a05e-a89e52e80f3e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9262dbc5-700d-45b0-8efe-557b0e30e676} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd0d13ee-8c8c-4360-a79d-fa707671e8f6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9bea8e6-1f0c-483e-8e3a-7d2efe66d2a6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\vvyzlx5u.default ---- Lines a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552 removed from prefs.js ---- user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.InstallationThankYouPage", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.InstallationTime", 1383924407); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.active", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.addressbar", "NA"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.addressbarenhanced", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncdb_dbWasSet", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncinternaldb_dbWasSet", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.backgroundver", 1); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.certdomaininstaller", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.changeprevious", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.cookie.InstallationTime.value", "1383924407"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.domain", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.enablesearch", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.homepage", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.iframe", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.InstallerIdentifiers.expiration", "Fr user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.InstallerIdentifiers.value", "%7B%22i user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_appVer.value", "32"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_nextCheck.expiration", "Sat user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.installer.expiration", "Fri Feb 01 20 user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.installer.value", "%7B%22InstallerIde user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.lastDailyReport", "1383995614413"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.lastUpdate", "1383995613550"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.manifesturl", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.newtab", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.opensearch", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.pluginsversion", 23); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.searchstatus", 0); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.setnewtab", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.thankyou", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.updateinterval", 360); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.ver", 32); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.apps", "41552"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.bic", "1423852998fef3eda1778f42065c0c37"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.cid", 41552); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.firstrun", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.hadappinstalled", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.installationdate", 1383924407); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.modetype", "production"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.reportInstall", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.statsDailyCounter", 2); ---- FireFox user.js and prefs.js backups ---- user_25-11-2014_1507_.backup prefs_25-11-2014_1507_.backup ProfilePath: C:\Users\DELL\AppData\Roaming\Thunderbird\Profiles\yee9j9v7.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_25-11-2014_1507_.backup ==== Deleting Files \ Folders ====================== C:\Users\DELL\AppData\LocalLow\{6ABB25C9-3419-1666-0AB5-35FE49A202D6} deleted C:\Users\DELL\AppData\LocalLow\{A312ACBC-5CB7-E45A-355D-2565E3EE0903} deleted C:\Users\DELL\AppData\LocalLow\{DB5EAE30-2562-8EDF-85ED-4B82DD26AA75} deleted C:\Users\DELL\AppData\LocalLow\{E4E25DB5-A28F-7040-94F9-EB1F1F785881} deleted C:\Users\DELL\AppData\LocalLow\{FE874615-B57D-3E9F-0C05-025CDD75559D} deleted C:\Users\DELL\AppData\Local\Packages\windows_ie_ac_001\AC\{6ABB25C9-3419-1666-0AB5-35FE49A202D6} deleted C:\Users\DELL\AppData\Local\Packages\windows_ie_ac_001\AC\{A312ACBC-5CB7-E45A-355D-2565E3EE0903} deleted C:\Users\DELL\AppData\Local\Packages\windows_ie_ac_001\AC\{DB5EAE30-2562-8EDF-85ED-4B82DD26AA75} deleted C:\Users\DELL\AppData\Local\Packages\windows_ie_ac_001\AC\{E4E25DB5-A28F-7040-94F9-EB1F1F785881} deleted C:\Users\DELL\AppData\Local\Packages\windows_ie_ac_001\AC\{FE874615-B57D-3E9F-0C05-025CDD75559D} deleted C:\PROGRA~2\Video Download Converter deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\globalUpdate deleted C:\Users\DELL\AppData\Roaming\WB.CFG deleted C:\Users\DELL\AppData\Local\Maxiget deleted C:\Users\DELL\AppData\Local\globalUpdate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3 deleted C:\Windows\patsearch.bin deleted C:\windows\SysNative\Tasks\Browser Updater deleted C:\rei deleted C:\Users\DELL\AppData\LocalLow\{97083A3D-1A90-28D2-63C1-C54B49A23CA4} deleted C:\Users\DELL\AppData\LocalLow\{B7FBA521-7DA9-3ABB-3539-9EE7B1AED62E} deleted C:\Users\DELL\AppData\LocalLow\{E8AD271A-B8F9-5708-8502-0F1D7F042A98} deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\windows\SysNative\tasks\SecureHost deleted C:\windows\SysNative\tasks\HostSecure2 deleted C:\windows\SysNative\tasks\HostSecure3 deleted C:\Windows\Launcher.exe deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\DELL\Documents\Add-in Express deleted C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\vvyzlx5u.default\jetpack deleted C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\vvyzlx5u.default\extensions\staged deleted "C:\Users\DELL\AppData\Roaming\BWQNWU" deleted "C:\Users\DELL\AppData\Roaming\CILDFBNG" deleted "C:\Users\DELL\AppData\Roaming\DMIFJ" deleted "C:\Users\DELL\AppData\Roaming\EQOMP" deleted "C:\Users\DELL\AppData\Roaming\FUOBXQ" deleted "C:\Users\DELL\AppData\Roaming\GPZDXRR" deleted "C:\Users\DELL\AppData\Roaming\PD" deleted "C:\Users\DELL\AppData\Roaming\PTZB" deleted "C:\Users\DELL\AppData\Roaming\itesing\procol.dll" deleted "C:\Users\DELL\AppData\Roaming\itesing" not deleted ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [20-01-2014 21:39] ==== Firefox Extensions ====================== ProfilePath: C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\vvyzlx5u.default - chineseperakungmailcom - %ProfilePath%\extensions\chineseperakun@gmail.com - Undetermined - %ProfilePath%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} ProfilePath: C:\Users\DELL\AppData\Roaming\Thunderbird\Profiles\yee9j9v7.default - Undetermined - %ProfilePath%\extensions\staged-xpis - Statusbar Date - %ProfilePath%\extensions\statusbardate@webspirited.com.xpi - Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\DELL\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Ask Toolbar - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko Comodo Web Inspector - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn Cinema Video 1.8V23.11 - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp TheGoPhoto.it V10 - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieejjmmgeihokfnlipbofpgnajfkdbbo Dr. PC - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi Cricwaves - DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogkedgpbfenekaceibcobmmgdbokmndm eikmcjimdcekglgfdpokaobbpafcnjbd - DELL\AppData\Local\Google\Chrome\User Data\default\Extensions\eikmcjimdcekglgfdpokaobbpafcnjbd Cricwaves - DELL\AppData\Local\Google\Chrome\User Data\default\Extensions\ogkedgpbfenekaceibcobmmgdbokmndm ==== Chromium Startpages ====================== C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Preferences "homepage": "http://websearch.searchsun.info/?pid=724&r=2014/03/16&hid=2944326092898986235&lg=EN&cc=NL", ==== Chromium Fix ====================== C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ieejjmmgeihokfnlipbofpgnajfkdbbo deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dljlgfjbaggojggbdimimbkofkifdbhl deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\meheikebbfeannjplflnekfnfdgilpoe deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp deleted successfully C:\Users\DELL\AppData\Local\Google\Chrome\User Data\default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp deleted successfully C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfjnfapiocpibeddeekmbikhpegjhdgi deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google/" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] @="http://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] @="http://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] @="http://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" "Default"="www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=85023&tid=29472&ver=6.9&ts=1416697200000.000000&tguid=85023-29472-1416769709156-6290E182E5B64425D708A6C416FD040D&st=chrome&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" "Search Bar"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" "Search Bar"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" "Search Bar"="http://www.google.com" "Search Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://google/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {497EF518-8FDE-4404-9C3B-EBA8D1492014} Google Url="https://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PLXB_nlNL604" ==== shortcuts on Users Desktops ====================== C:\Users\DELL\Desktop\Afbeeldingen - Snelkoppeling.lnk - C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms C:\Users\DELL\Desktop\Documenten - Snelkoppeling.lnk - C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Corel PaintShop Photo Pro X3.lnk - C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\SoundTap Streaming Audio Recorder.lnk - C:\Program Files (x86)\NCH Swift Sound\SoundTap\soundtap.exe ==== shortcuts in Users Start Menu ====================== C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Servicetool.lnk - C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\doctorpclab.com\Uninstall.lnk - C:\Program Files (x86)\doctorpclab.com\uninst.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Ashampoo Burning Studio 14 .lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Ashampoo Burning Studio 14 Compact Mode.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\burningstudio14.exe -compact C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Backup Extractor.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\backupextractor14.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Help.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\lang\BurningStudio-en-us.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Readme.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\readme_nl_nl.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 14\Verwijder Ashampoo Burning Studio 14.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 14\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\calibre 64bit - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\E-book viewer 64bit.lnk - C:\Program Files (x86)\Calibre2\ebook-viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Edit E-book 64bit.lnk - C:\Program Files (x86)\Calibre2\ebook-edit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\LRF viewer 64bit.lnk - C:\Program Files (x86)\Calibre2\lrfviewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx\CDisplayEx.lnk - C:\Program Files\CDisplayEx\CDisplayEx.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx\Verwijder CDisplayEx.lnk - C:\Program Files\CDisplayEx\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Agenda.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe calendar C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contactgegevens.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\E-mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Herinneringen.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud-foto's.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notities.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Zoek mijn iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN\Servicetool.lnk - C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN\KPN Installatie Assistent\KPN Installatie Assistent verwijderen.lnk - C:\ProgramData\{208DBE30-583D-4DB2-BED9-1E486B1F3820}\Setup_KPN_IA.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KPN\KPN Installatie Assistent\KPN Installatie Assistent.lnk - C:\Program Files (x86)\KPN\KPN Installatie Assistent\KPN_IA.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Over QuickTime.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\RichText.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deïnstalleren.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\QTPlayer.ico ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CDisplayEx.lnk - C:\Program Files\CDisplayEx\CDisplayEx.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\HTML-Kit.lnk - C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1416826677&from=ild&uid=WDCXWD1600BEVT-75A23T0_WD-WX11A11M9582M9582 C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Servicetool.lnk - C:\Program Files (x86)\KPN\Servicetool\KPNServicetool_Launcher.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Animation Shop.lnk - C:\Program Files (x86)\Animation Shop 3\Anim.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ComicToEPUB.lnk - C:\Users\DELL\Documents\ComicToEPUB\ComicToEPUB.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\FastStone Capture.lnk - C:\Program Files (x86)\FastStone Capture\FSCapture.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1416826677&from=ild&uid=WDCXWD1600BEVT-75A23T0_WD-WX11A11M9582M9582 C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1416826677&from=ild&uid=WDCXWD1600BEVT-75A23T0_WD-WX11A11M9582M9582 C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Mail (2).lnk - C:\Program Files (x86)\Windows Mail\WinMail.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Mail (3).lnk - C:\Program Files (x86)\Windows Mail\WinMail.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Mail (4).lnk - C:\Program Files (x86)\Windows Mail\WinMail.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Mail.lnk - C:\Program Files (x86)\Windows Mail\WinMail.exe ==== shortcuts After Repair ====================== C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\42ef1006-ae58-4cdb-853a-e92f64c317c9 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\4b11ecfb-83de-4d94-95e1-e09b52ed8eb5 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\55c63591-463e-4e2b-8b37-7bf3b4c170bc deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A80BOQ90 will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\DELL\AppData\Local\Mozilla\Firefox\Profiles\vvyzlx5u.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\DELL\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully C:\Users\DELL\AppData\Local\Google\Chrome\User Data\default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2019 folders=356 212147215 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\DELL\AppData\Local\Temp will be emptied at reboot C:\Users\Eye Candy 4000\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DELL\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\DELL\AppData\Roaming\itesing" not found "C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A80BOQ90" deleted ==== EOF on di 25-11-2014 at 15:15:13,16 ======================