Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Poppel on di 30-12-2014 at 21:36:54,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: I:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-04-27-151828.log 66278 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\PROGRA~2\trend micro deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E86BDDD-9038-4f12-8572-4A859C76F21F} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBSrv deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TBSrv deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default user.js not found ---- Lines CT2504091 removed from prefs.js ---- user_pref("CT2504091.FF19Solved", "true"); user_pref("CT2504091.UserID", "UN19186209082284818"); user_pref("CT2504091.fullUserID", "UN19186209082284818.IN.20140822191439"); user_pref("CT2504091.installDate", "22/08/2014 19:14:43"); user_pref("CT2504091.installSessionId", "{B9B7156C-0705-409B-8136-7B4FBE2004D0}"); user_pref("CT2504091.installSp", "false"); user_pref("CT2504091.installerVersion", "1.8.1.4"); user_pref("CT2504091.searchRevert", "false"); user_pref("CT2504091.searchUninstallUserMode", "2"); user_pref("CT2504091.searchUserMode", "2"); user_pref("CT2504091.toolbarInstallDate", "22-08-2014 19:14:39"); user_pref("CT2504091.versionFromInstaller", "10.33.0.17"); user_pref("CT2504091.xpeMode", "1"); ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "IHQ+TH9E2QNRIUMZFS6MF0OZIGT7B6HJR3JXKUPT+C9DJGCAPOVANJML15GHWHPUFZIOHD7YVAPCF+UFCVQTOW"); ---- FireFox user.js and prefs.js backups ---- prefs_30-12-2014_2223_.backup ProfilePath: C:\Users\Poppel\AppData\Roaming\TomTom\HOME\Profiles\bnqsrl1x.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_30-12-2014_2223_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Tbccint deleted C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} deleted C:\Users\Poppel\AppData\LocalLow\Conduit deleted C:\Users\Poppel\AppData\LocalLow\Vuze_Remote deleted C:\PROGRA~2\BrowserSafeguard deleted C:\PROGRA~2\WinRST deleted C:\Users\Poppel\AppData\Local\Search Extensions deleted C:\Users\Poppel\AppData\Local\Conduit deleted C:\Users\Poppel\AppData\LocalLow\PriceGong deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\sho21F9.tmp deleted C:\Windows\Syswow64\sho232C.tmp deleted C:\Windows\Syswow64\sho2FD7.tmp deleted C:\Windows\Syswow64\sho9873.tmp deleted C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default\CT2504091 deleted C:\Users\Public\Desktop\RegClean Pro.lnk deleted C:\Users\Public\Desktop\System Speedup.lnk deleted C:\Users\Poppel\Desktop\Continue FoxTab PDF Reader Installation.lnk deleted C:\Users\Poppel\Desktop\Continue inSSIDer.lnk deleted C:\Users\Poppel\Desktop\Continue Media Finder Installation.lnk deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-12-06 20:22:29 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Poppel\AppData\Local\Temp ==== 2014-12-30 18:26:00 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite11408.dll 2014-12-30 17:09:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite50770.dll 2014-12-30 07:25:08 73C32FE4AAC5DC6F1056401EDD9034D9 6887936 ----a-w- C:\Users\Poppel\AppData\Local\Temp\rt-update.exe 2014-12-26 08:19:08 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite69537.dll 2014-12-25 19:30:05 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite16431.dll 2014-12-24 11:15:09 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite41272.dll 2014-12-24 07:35:05 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite44957.dll 2014-12-23 09:12:42 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite64176.dll 2014-12-22 11:14:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite17806.dll 2014-12-20 12:30:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite12932.dll 2014-12-19 10:17:49 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite36739.dll 2014-12-18 09:45:36 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Poppel\AppData\Local\Temp\System.Data.SQLite75391.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-18 09:53:45 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-30 17:12:53 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe 2014-12-18 09:53:45 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe ====== C:\Windows\Sysnative\drivers ===== 2014-12-11 11:54:32 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== 2014-12-30 19:33:27 4B31AB5E257C48CB367AC5640DB86DE7 3054 ----a-w- C:\Windows\Sysnative\Tasks\{1EF129C6-2C88-4FB3-8957-AE81821BBC89} 2014-12-30 18:24:29 FEDF641AF0121290B1A82C3B28A59369 3446 ----a-w- C:\Windows\Sysnative\Tasks\{C749C9AA-2C33-4476-9CAB-8F86DBBCBBC8} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Poppel\AppData\Roaming ====== 2014-12-30 12:15:49 -------- d-----w- C:\Users\Poppel\AppData\Local\ElevatedDiagnostics 2014-12-23 10:18:50 -------- d-sh--w- C:\Users\Poppel\AppData\Local\EmieBrowserModeList 2014-12-23 10:18:49 -------- d-sh--w- C:\Users\Poppel\AppData\Local\EmieUserList 2014-12-23 10:18:49 -------- d-sh--w- C:\Users\Poppel\AppData\Local\EmieSiteList ====== C:\Users\Poppel ====== ====== C: exe-files == 2014-12-30 17:12:53 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\System32\aswBoot.exe 2014-12-30 07:25:08 73C32FE4AAC5DC6F1056401EDD9034D9 6887936 ----a-w- C:\Users\Poppel\AppData\Local\Temp\rt-update.exe 2014-12-28 20:10:46 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Windows\Temp\245F80C8-B06C-4A9A-B6BC-22DF1D8FDCE1\DismHost.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPLTarget\P0000000000000002"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT EPLTarget\P0000000000000002 /M Epson Stylus SX235" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "nmctxth"="C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "EPLTarget\P0000000000000002"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT EPLTarget\P0000000000000002 /M Epson Stylus SX235" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe /DeleteRunKey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AntivirusCommunicatorAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AntivirusCommunicatorAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\TrustPort\\Antivirus\\bin\\avcom.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EEventManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logitech Download Assistant" "hkey"="HKLM" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Raptr" "hkey"="HKCU" "command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrustPortTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrustPortTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\TrustPort\\Bin\\tptray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Poppel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] "item"="Adobe Gamma" "path"="C:\\Users\\Poppel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11-06-2013 19:55] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 17:25] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23-10-2014 17:25] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\TrustPort Updater" [C:\Program Files (x86)\Common Files\TrustPort\bin\tpupdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [30-12-2014 18:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Poppel\AppData\Roaming\TomTom\HOME\Profiles\bnqsrl1x.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Poppel\AppData\Roaming\Mozilla\Firefox\Profiles\x70dq83a.default ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies B6A800D881A0176C544988870861E798 - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04-08-2014 13:57] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06-12-2014 21:22] Google Docs - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast SafePrice - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Poppel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Poppel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.ask.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7MDNE_nlNL450" {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A86B368-DE89-4CCF-AE91-105E58D878A6} deleted successfully HKEY_USERS\S-1-5-21-66650725-1928138711-2414387954-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D05A1074-BA66-4C41-B5F6-922B0289A746} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1C162FF5-9D64-45F0-BB96-2048E59BD366} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5FF261C146D90F54BB6902845EB93D66 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Poppel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Poppel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Poppel\AppData\Local\Mozilla\Firefox\Profiles\x70dq83a.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Poppel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1923 folders=210 169953169 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Poppel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Poppel\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 30-12-2014 at 22:50:14,71 ======================