
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Ingr on za 11-04-2015 at 20:16:14.68.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ingr\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

11-4-2015 20:20:45 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\Astonsoft deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\SK Supporter deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\McAfee deleted successfully
C:\PROGRA~3\ALLPlayerRemote deleted successfully
C:\PROGRA~3\Anvsoft deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Evernote deleted successfully
C:\PROGRA~3\System Booster deleted successfully
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Ingr\AppData\Roaming\Any DVD Shrink deleted successfully
C:\Users\Ingr\AppData\Roaming\FileMaker Pro deleted successfully
C:\Users\Ingr\AppData\Roaming\Free CD DVD Burner deleted successfully
C:\Users\Ingr\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Ingr\AppData\Roaming\TP deleted successfully
C:\Users\Ingr\AppData\Local\calibre-cache deleted successfully
C:\Users\Ingr\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\Ingr\AppData\Local\CrashDumps deleted successfully
C:\Users\Ingr\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Ingr\AppData\Local\setps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-972271792-525367119-1395659665-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6CFDD944-014E-406E-85F5-BFCA66B28804} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a1851772 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a1851772 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_11-04-2015_2047_.backup

ProfilePath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\hemaw4pr.default

user.js not found
---- Lines aTTSD90021300PYDKGV101145942com70881 removed from prefs.js ----
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.InstallationThankYouPage", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.InstallationTime", 1422957424);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comaTTSD90021300PYDKGV101145942com70881_dbWasSet", true)
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comaTTSD90021300PYDKGV101145942com70881_dbWasSet_FF25_FI
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncdb_dbWasSet", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.TTSD90021300@PYDKGV101145942.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.active", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.addressbar", "NA");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.addressbarenhanced", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.asyncdb.was_copied", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.asyncinternaldb.was_copied", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.backgroundver", 1);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.certdomaininstaller", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.changeprevious", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallationTime.value", "%221422957424%22");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_id%22%3A%2
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.description", "Ge-Force");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.domain", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.enablesearch", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.homepage", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.iframe", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22388ACC1FE1D44947
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_id%22%
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001729%22%2C%22sub_i
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22388ACC1
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_appVer.value", "38");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_nextCheck.expiration", "Sat Apr 11 2015 01:33:12 GMT+0200");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002241.expiration", "Fri May 08 2015 20:53:59 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002242.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002243.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002244.expiration", "Fri May 08 2015 20:53:59 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002245.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002246.expiration", "Fri May 08 2015 20:53:59 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002246.value", "%22//Javascript%20Helper%20Functions%5
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002247.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002248.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002249.expiration", "Fri May 08 2015 20:53:59 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002250.expiration", "Sun May 24 2015 17:47:28 GMT+0200
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B1%2C-2080374523%2C53
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%2
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 0
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.reporting_user_key_index.expiration", "Tue Feb 04 2025 19:53:59 GMT+0100")
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.reporting_user_key_index.value", "501");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.lastDailyReport", "1428687191793");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.lastUpdate", "1428687186369");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.manifesturl", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.name", "Ge-ForcePlus v3");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.newtab", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.opensearch", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.pluginsurl", "http://js.staticinputserv.com/plugin/apps/70881/plugins/na/ff/plugins.j
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.pluginsversion", 34);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.publisher", "iWebar");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.searchstatus", 0);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.setnewtab", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.thankyou", "");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.updateinterval", 360);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.ver", 38);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.apps", "70881");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.bic", "14b656423398429ae26d2c1439035c75");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.cid", 70881);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.firstrun", false);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.hadappinstalled", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.installationdate", 1423335236);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.installerAdditionalInfo", "{\"asw\":[1, -2080374523, 536870912, 24],\"browser_name\":\"ff\"
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.modetype", "production");
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.reportInstall", true);
user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.statsDailyCounter", 17);
---- FireFox user.js and prefs.js backups ---- 

prefs_11-04-2015_2047_.backup

ProfilePath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_11-04-2015_2047_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"mbot_nl_202"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 

==== Batch Command(s) Run By Tool======================


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Astonsoft not found
C:\PROGRA~2\SK Supporter not found
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\Ingr\AppData\Roaming\calibre deleted
C:\Program Files (x86)\Common Files\DVDVideoSoft deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\hemaw4pr.default\extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\hemaw4pr.default\extensions\TTSD90021300@PYDKGV101145942.com deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\hemaw4pr.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} deleted
C:\ProgramData\{60a4823e-1b4b-3521-60a4-4823e1b408f8} deleted
C:\Users\Ingr\AppData\Roaming\3EB11C59-1424695033-E111-9ED5-DC0EA1B82B45 deleted
C:\windows\SysNative\Tasks\1114tbUpdateInfo deleted
C:\windows\SysNative\Tasks\XQASEVZBYS deleted
C:\PROGRA~3\{39a5ca52-2680-0f96-39a5-5ca522682948} deleted
C:\Users\Ingr\AppData\LocalLow\{92CF65B5-6FFE-D59E-221A-51BF748133EA} deleted
C:\Users\Ingr\AppData\LocalLow\{FA27203D-EAF4-6CB0-7173-D7E8B068A752} deleted
C:\Users\Ingr\AppData\Local\Packages\windows_ie_ac_001\AC\{92CF65B5-6FFE-D59E-221A-51BF748133EA} deleted
C:\Users\Ingr\AppData\Local\Packages\windows_ie_ac_001\AC\{FA27203D-EAF4-6CB0-7173-D7E8B068A752} deleted
C:\Users\Ingr\.android deleted
C:\PROGRA~2\GUME71.tmp deleted
C:\PROGRA~2\DVDx 4.0 Open Edition deleted
C:\PROGRA~2\Seagate File Recovery for Windows deleted
C:\Program Files\Common Files\System\SysMenu64.dll deleted
C:\Users\Ingr\AppData\Roaming\WB.CFG deleted
C:\Users\Ingr\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Ingr\AppData\Roaming\Company deleted
C:\Users\Ingr\AppData\Roaming\shshortcut.ico deleted
C:\Users\Ingr\AppData\Roaming\fixpermissions.bat deleted
C:\Users\Ingr\AppData\Roaming\INGR-PC.MTBF.txt deleted
C:\Users\Ingr\AppData\Roaming\pcouffin.log deleted
C:\Users\Ingr\AppData\Roaming\__AvidCloudManager.log deleted
C:\Users\Ingr\ia_remove.sh0381.tmp deleted
C:\Users\Ingr\Music\Qtrax Media Library deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\Avg_Update_0814tb deleted
C:\PROGRA~3\Avg_Update_1114tb deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Ingr\AppData\Local\nsv66BC.tmp deleted
C:\Users\Ingr\AppData\Local\nszE1E.tmp deleted
C:\Users\Ingr\AppData\Local\3EB11C59-1424695108-E111-9ED5-DC0EA1B82B45 deleted
C:\Users\Ingr\AppData\Local\avgchrome deleted
C:\Users\Ingr\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\ColorMedia64.dll deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Ingr\Downloads\avg_free_stb_all_2015_5557_cnet.exe deleted
C:\Users\Ingr\AppData\LocalLow\surfcanyon deleted
C:\Users\Ingr\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Nation toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\SK.Enabler-S-1495795506.job deleted
C:\windows\SysNative\tasks\SK.Enabler-S-1495795506 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\tasks\Open Chrome.job deleted
C:\windows\SysNative\drivers\Msft_Kernel_webTinstMK_01009.Wdf deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\wangzhisong deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Ingr\Documents\Add-in Express deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi deleted
C:\Users\Ingr\Desktop\Continue Live Installation.lnk deleted
C:\Users\Ingr\AppData\Roaming\TTOXLQ.exe deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com deleted
"C:\Users\Ingr\AppData\Local\L8457789120" deleted
"C:\Users\Ingr\AppData\Roaming\DoBs\DoBs.mdb" deleted
"C:\Users\Ingr\AppData\Roaming\DoBs" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-04-07 06:17:52	CA87F97365081BFEC039CAB4A3C2763B	511862093	----a-w-	C:\Windows\MEMORY.DMP
====== C:\Users\Ingr\AppData\Local\Temp ====
2015-04-06 15:44:47	5973A242277FB7B19D46BB73178246FC	47329360	----a-w-	C:\Users\Ingr\AppData\Local\Temp\SHSetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2015-03-24 13:38:37	2978A38F5A9D4DE261B62493CCDD584C	3484	----a-w-	C:\Windows\Sysnative\Tasks\Ingr DBAgent 2 0
2015-03-24 13:37:19	D62A3D0D7FD84877F2F444E98ADB3491	3496	----a-w-	C:\Windows\Sysnative\Tasks\Seagate_Install_Launch
2015-03-24 13:33:55	--------	d-----w-	C:\Windows\Sysnative\Tasks\Leader Technologies
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-04-06 15:45:15	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2015-03-24 13:35:08	--------	d-----w-	C:\PROGRA~2\Seagate
2015-03-19 07:09:00	--------	d-----w-	C:\PROGRA~2\SystemPromote
2015-03-14 16:13:36	--------	d-----w-	C:\PROGRA~2\Plus500
======= C: =====
====== C:\Users\Ingr\AppData\Roaming ======
2015-03-27 07:07:00	5DBF2CC4289104FE373ABA88E7AF7D09	197760	----a-w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 13:56:58	--------	d-----w-	C:\Users\Ingr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate File Recovery for Windows
2015-03-24 13:34:09	--------	d-----w-	C:\Users\Ingr\AppData\Roaming\Seagate
2015-03-24 13:32:52	--------	d-----w-	C:\Users\Ingr\AppData\Roaming\Leadertech
2015-03-14 16:13:45	--------	d-----w-	C:\Users\Ingr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
2015-03-14 16:13:36	--------	d-----w-	C:\Users\Ingr\AppData\Local\Plus500
====== C:\Users\Ingr ======
2015-04-06 15:44:23	7873B8294E75160D32CB07A83AD73857	728960	----a-w-	C:\Users\Ingr\Downloads\SpyHunter-installer.exe
2015-04-06 15:37:16	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Ingr\Desktop\RSITx64.exe
2015-03-24 13:38:50	--------	d-----w-	C:\Users\Ingr\My Online Documents
2015-03-24 13:35:21	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2.0
2015-03-14 16:13:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500

====== C: exe-files ==
2015-04-06 15:45:15	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Ingr.exe
2015-04-06 15:22:38	04A8F29E2CB7A633109E6AF1316F6E97	864336	----a-w-	C:\Program Files (x86)\Google\Update\Install\{3A2319CA-A52A-4A98-8CB4-5BE9773CD1F9}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
2015-04-06 15:22:37	04A8F29E2CB7A633109E6AF1316F6E97	864336	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.118\41.0.2272.118_41.0.2272.101_chrome_updater.exe
=== C: other files ==
2015-04-11 17:22:28	DE0983FE4B830699312D35A990B3AE1B	1945	----a-w-	C:\Users\Ingr\AppData\Local\Temp\_MEI25922\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2015-04-11 17:22:27	82F5C942549405F61A8808D0EA0FA9E2	25575	----a-w-	C:\Users\Ingr\AppData\Local\Temp\_MEI25922\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-972271792-525367119-1395659665-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Ingr\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"DBAgent"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe /WinStart"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Ingr\AppData\Roaming\uTorrent\uTorrent.exe  /MINIMIZED"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Uploader"="C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Power Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"ALLUpdate"="\"C:\\Program Files (x86)\\OpenSubtitlesPlayer\\ALLUpdate.exe\" \"sleep\""


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"DivXUpdate"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlazeServoTool"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\NTI\\NTI Digital Flix 2.5\\MediaDetector.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenuEx"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScanUtility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IJNetworkScanUtility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iPrint Event Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iPrint Event Monitor"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\iprntlgn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iPrint Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iPrint Tray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\iprntctl.exe TRAY_ICON"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office15\\lync.exe\" /fromrunkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Ingr\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Ingr\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Ingr\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UVS10 Preload]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UVS10 Preload"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Ulead Systems\\Ulead VideoStudio SE DVD\\uvPL.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ingr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk]
"item"="Send to OneNote"
"path"="C:\\Users\\Ingr\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Send to OneNote.lnk"
"backup"="C:\\Windows\\pss\\Send to OneNote.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office15\\ONENOTEM.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ingr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^the-island-dut-3304158.lnk]
"item"="the-island-dut-3304158"
"path"="C:\\Users\\Ingr\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\the-island-dut-3304158.lnk"
"backup"="C:\\Windows\\pss\\the-island-dut-3304158.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\ProgramData\\{60a4823e-1b4b-3521-60a4-4823e1b408f8}\\the-island-dut-3304158.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05-02-2015 09:56]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-03-2013 21:35]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-03-2013 21:35]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Ingr-PC-Ingr" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\ALL Update" [C:\Program Files (x86)\OpenSubtitlesPlayer\ALLUpdate.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\DivX-online actualiseringsprogramma" [C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Ingr DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"]
"C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe]
"C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Leader Technologies\PowerRegister\Seagate 10 Product Registration (Ingr)" [C:\Users\Ingr\AppData\Roaming\Leadertech\PowerRegister\Seagate 10 Product Registration.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [03-02-2014 20:37]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi

ProfilePath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi

ExtDir: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\hemaw4pr.default
C62322C77D1AAB77B1CF1130FCC3673A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -	Shockwave Flash


==== Deleted Firefox Extensions ======================

C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted
C:\Users\Ingr\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Ingr\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[28-12-2014 17:57]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Drive - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AFAS Personal Bijwerk Assistent - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdjnejhhklnclpkbnfmfimijnlmghfk
Google Drive App Launcher - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Wallet - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ingr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Ingr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\Ingr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com"
"Search Page"="http://www.bing.com/search?q={searchTerms}"
"Search Bar"="http://www.bing.com/search?q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.bing.com/search?q={searchTerms}"
"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-972271792-525367119-1395659665-1001\Software\mozilla\Firefox\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AECA681B-4663-0871-C994-3E282403F752} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{41218fb7} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ingr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ingr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRWNXVFP will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ingr\AppData\Local\Mozilla\Firefox\Profiles\hemaw4pr.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ingr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1118 folders=185 380040759 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ingr\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ingr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ingr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRWNXVFP" not found

==== EOF on za 11-04-2015 at 21:11:56.65 ======================