Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by hildy on vr 26-06-2015 at 9:21:37.11. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hildy\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 26-6-2015 9:27:03 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\FreeTime deleted successfully C:\PROGRA~2\LEGO Company deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\MyFree Codec deleted successfully C:\PROGRA~2\NeroInstall.bak deleted successfully C:\PROGRA~2\RAF deleted successfully C:\PROGRA~2\Robbie Konijn deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\Symantec deleted successfully C:\PROGRA~3\AVAST Software deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\Users\hildy\AppData\Roaming\Media Player Classic deleted successfully C:\Users\hildy\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\hildy\AppData\Local\EmieSiteList deleted successfully C:\Users\hildy\AppData\Local\EmieUserList deleted successfully C:\Users\hildy\AppData\Local\KundenName deleted successfully C:\Users\hildy\AppData\Local\Unity deleted successfully C:\Users\Mos\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2755537501-3059940164-430007127-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AA7E0D77-4A98-492F-9CB9-D8361170C9E7} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\hildy\AppData\Roaming\KompoZer\Profiles\fi7o3c3c.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_26-06-2015_0959_.backup ProfilePath: C:\Users\hildy\AppData\Roaming\Mozilla\Firefox\Profiles\huriypit.default user.js not found ---- Lines ask.com removed from prefs.js ---- user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.defaultengine", "Ask.com"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- FireFox user.js and prefs.js backups ---- prefs_26-06-2015_0959_.backup ProfilePath: C:\Users\hildy\AppData\Roaming\TomTom\HOME\Profiles\cxrxpzux.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_26-06-2015_0959_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\FreeTime not found C:\PROGRA~2\LEGO Company not found C:\PROGRA~2\MyFree Codec not found C:\PROGRA~2\NeroInstall.bak not found C:\PROGRA~2\RAF not found C:\PROGRA~2\Robbie Konijn not found C:\Users\hildy\.android deleted C:\extensions deleted C:\install.exe deleted C:\found.001 deleted C:\PROGRA~3\UpdaterLog.txt deleted C:\PROGRA~3\vj3abod.fee deleted C:\PROGRA~3\SPL2E9E.tmp deleted C:\PROGRA~3\SPL2EAD.tmp deleted C:\PROGRA~3\SPL3B89.tmp deleted C:\PROGRA~3\SPL3EB4.tmp deleted C:\PROGRA~3\SPL4124.tmp deleted C:\PROGRA~3\SPL444F.tmp deleted C:\PROGRA~3\SPL4695.tmp deleted C:\PROGRA~3\SPL494E.tmp deleted C:\PROGRA~3\SPL49C8.tmp deleted C:\PROGRA~3\SPL4B08.tmp deleted C:\PROGRA~3\SPL5431.tmp deleted C:\PROGRA~3\SPL548A.tmp deleted C:\PROGRA~3\SPL552E.tmp deleted C:\PROGRA~3\SPL6170.tmp deleted C:\PROGRA~3\SPL671B.tmp deleted C:\PROGRA~3\SPL6D5D.tmp deleted C:\PROGRA~3\SPL6DFE.tmp deleted C:\PROGRA~3\SPL7223.tmp deleted C:\PROGRA~3\SPL8285.tmp deleted C:\PROGRA~3\SPL979F.tmp deleted C:\PROGRA~3\SPLA015.tmp deleted C:\PROGRA~3\SPLA565.tmp deleted C:\PROGRA~3\SPLB00C.tmp deleted C:\PROGRA~3\SPLB97E.tmp deleted C:\PROGRA~3\SPLC7D0.tmp deleted C:\PROGRA~3\SPLD99D.tmp deleted C:\PROGRA~3\SPLEF9B.tmp deleted C:\Users\hildy\AppData\LocalLow\ilividtoolbarguid deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\hildy\AppData\Roaming\Mozilla\Firefox\Profiles\huriypit.default\ilividtoolbarguid deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\hildy\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-06-10 11:37:51 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-10 11:37:50 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-06-10 11:37:27 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-06-25 10:36:44 -------- d-----w- C:\Program Files\trend micro 2015-05-31 12:37:52 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\hildy\AppData\Roaming ====== 2015-06-06 05:50:32 -------- d-----w- C:\Users\hildy\AppData\Local\GWX ====== C:\Users\hildy ====== 2015-06-25 10:35:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hildy\Desktop\RSITx64.exe 2015-05-31 13:30:32 766230EB38387581A4AAB8C3305C0DDA 229 ----a-w- C:\Users\hildy\BullseyeCoverageError.txt 2015-05-31 12:37:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro ====== C: exe-files == === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2755537501-3059940164-430007127-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\hildy\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\hildy\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AMD AVT] "command"="Cmd.exe /c start \"AMD Accelerated Video Transcoding device initialization\" /min \"C:\\Program Files (x86)\\AMD AVT\\bin\\kdbsync.exe\" aml" "hkey"="HKLM" "item"="AMD AVT" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" "hkey"="HKLM" "item"="CanonQuickMenu" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dlebmon.exe] "command"="\"C:\\Program Files (x86)\\Dell P513w\\dlebmon.exe\"" "hkey"="HKLM" "item"="dlebmon.exe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EzPrint] "command"="\"C:\\Program Files (x86)\\Dell P513w\\ezprint.exe\"" "hkey"="HKLM" "item"="EzPrint" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeFallProtection] "command"="C:\\Program Files (x86)\\STMicroelectronics\\AccelerometerP11\\FF_Protection.exe" "hkey"="HKLM" "item"="FreeFallProtection" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" "hkey"="HKLM" "item"="IJNetworkScannerSelectorEX" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" "hkey"="HKLM" "item"="KiesTrayAgent" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Servicetool] "command"="C:\\Program Files (x86)\\KPN\\Servicetool\\KPNServicetool_Launcher.exe /auto" "hkey"="HKLM" "item"="Servicetool" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" "hkey"="HKLM" "item"="StartCCC" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files\\McAfee Security Scan\\3.8.150\\SSScheduler.exe" "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.3 PE.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PHOTOfunSTUDIO 8.3 PE.lnk" "backup"="C:\\Windows\\pss\\PHOTOfunSTUDIO 8.3 PE.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\COMMON~1\\PANASO~1\\PHOTOF~1\\AUTOST~1.EXE -e \"C:\\Program Files (x86)\\Panasonic\\PHOTOfunSTUDIO 8.3 PE\\PHOTOfunSTUDIO.exe\"" "item"="PHOTOfunSTUDIO 8.3 PE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Mos-PC-hildy" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BEDF723E-EC17-4905-B4DA-A6F8F790F20F}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Leader Technologies\PowerRegister\Seagate Product Registration (hildy)" [C:\Users\hildy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\hildy\AppData\Roaming\Mozilla\Firefox\Profiles\huriypit.default user_pref("browser.search.defaultenginename", "Yahoo!"); user_pref("browser.search.selectedEngine", "Yahoo!"); user_pref("keyword.URL", "https://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [24-06-2015 09:12] ==== Firefox Extensions ====================== ProfilePath: C:\Users\hildy\AppData\Roaming\KompoZer\Profiles\fi7o3c3c.default - Undetermined - %ProfilePath%\extensions\installed-extensions.txt - KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ProfilePath: C:\Users\hildy\AppData\Roaming\TomTom\HOME\Profiles\cxrxpzux.default - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - Undetermined - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com - Emulator - %ProfilePath%\extensions\Navcore.9.058.568435@tomtom.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx[05-03-2015 10:45] Google Docs - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Identity Safe - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Norton Security Toolbar - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hildy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\hildy\AppData\Local\Google\Chrome\User Data\Default\Preferences XVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13074167264155807","lastpingday":"13074159595190807","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"nl","default_locale":"en","description":"Een snelle, doorzoekbare e-mailfunctie met minder spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"prefs":{"preference_reset_time":"13057353218367203"},"protection":{"macs":{"browser":{"show_home_button":"47CD7BC0258A0792471653B73B5AF6E7A7222E7060B8CF608B3E65EB2E72F6F3"},"default_search_provider":{"keyword":"1EE34EFE778B9CBD6AC10C93B1AFF3F293D562940CEB5AD6EFD07E6F55190316","name":"4AEF1FC1AFECF6A3C270E3B07306EBB4018A3F4D4984A752A4C2C45CBC740100","search_url":"9DF22758AA671A341EA09F4BF69EC3DE61061B3139861AA2CA74E766E2B40321"},"default_search_provider_data":{"template_url_data":"987A7B2E7C26F1651A8AAC01183E8C13164FA01308E6EE91E9A3465EAA5AD796"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"7B7C39C4FAB084B48E7C1557E9C617332BB4BC43C5CEACEB2CC2D0EA1F2A9C2D","aohghmighlieiainnegkcijnfilokake":"98FC5175E5D74764514F8B834BA42DE7E416530F400812D8C996991913339C5E","apdfllckaahabafndbhieahigkjlhalf":"A905582D49A94E490801E347E9BD97CC1F514BF7C3D28142B267ECFDEC27638C","bepbmhgboaologfdajaanbcjmnhjmhfn":"80D1FD18F2244549597C380D9BD3DF76841F628AEC7264683341588207F192AF","blpcfgokakmgnkcojhhkbfbldkacnbeo":"F46D983B4FFB0700D9E21D362C6AE7285CEEDE1749733D5AE2210C6A12FDA6F3","bopakagnckmlgajfccecajhnimjiiedh":"7F9B90B5EA329FF714C7203D973E06E17A839C0CD4BB28F0843A2A5FF22BC7C1","coobgpohoikkiipiblmjeljniedjpjpf":"CBEFFFD08F11C0ED649F35DAABB63F35A48146DEE9377E2CC3D5F918BC49A9D8","eemcgdkfndhakfknompkggombfjjjeno":"5D5267386B6F67D635AABC6E5A5C3A49DC205E90F895B302E950C7096A5C1A1D","ennkphjdgehloodpbhlhldgbnhmacadg":"8E7FF273660F99D2476689B9C22E174443B10DB301490AE23C430A8E58D91662","gfdkimpbcpahaombhbimeihdjnejgicl":"DD3B82A986F7D05A79D4D6FA903308E6D8D606EF1AA9A357CFF2996781B0079F","iikflkcanblccfahdhdonehdalibjnif":"FBC8E8D0EA46F6423DE09B54FDCDDF7DD521CC94D65E00A8FEDCA6C2A8A2E105","kmendfapggjehodndflmmgagdbamhnfd":"E97FFD94FABE846BB9432AED9EF0D5DC93791A4C24706913581F3225567A7992","mfehgcgbbipciphmccgaenjidiccnmng":"231D6A6CCC53581532968834F75A804898609B206B5E794748152F17123D912B","mgndgikekgjfcpckkfioiadnlibdjbkf":"BADECA227F2407F5B3459DBEE78BC25C5EEFBABBED08BC71DC708DCFB4F5EF79","mhjfbmdgcfjbbpaeojofohoefgiehjai":"D34CC2FEAE9A2FF6B3B8C9B50D66905E30646496642D8FBC537BFC539AB01ED0","mkfokfffehpeedafpekjeddnmnjhmcmk":"377D441B45F24C306137DC0DF8E52D6544C188BE15393CF98E0E5873C76DCE1E","neajdppkdcdipfabeoofebfddakdcjhd":"23FEB8840256341222C817B80BDD82B79D0D6788755ED98B7C2A870132BF49EF","nkeimhogjdpnpccoofpliimaahmaaome":"703176AB0213F2B0F811FE6E00F18DA9C507CEB2A47BB198D1D3E64802FB496E","nmmhkkegccagdldgiimedpiccmgmieda":"2CE95F6ED57446F4C4323A019D43FDEBBC2859E0C58BB9491B2C18B051B4F163","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"C63507DF6FDCF037F6961A90A63093F2446A5F4F9EB0B80B4344B4878D95688A","pjkljhegncpnkpknbcohdijeoejaedia":"A53407CD256E21EFD626B964EB615A23D56366C452CE97CBFDEA97E6DFA99D1C"}},"google":{"services":{"last_username":"5AFC67DA584046B6221A1BF6CFB14886D895539FDC53DD4B8785830B0913D4EB","username":"B310640F06ECCD12767F03640C46971A4FD6B5D1DBD3046501D4BA4BB93E1E1F"}},"homepage":"A6F3948B586D59AB65ACFF094F96897532EDB6350A47960C74C853FADA7FAA79","homepage_is_newtabpage":"6D0FB9ABF38F193BEC4C9A0610D3C65CA981F4A30128C0F1CDEE8182688BED74","pinned_tabs":"EC91536AB9A6CC8D0845EE1A773A3113670FF7C8CA776FB569D723D71830DD3A","prefs":{"preference_reset_time":"5015C7F74D8FDE3D314CC180E4CF27F4787BB2D30649EDA1D2A98936149EDED2"},"profile":{"reset_prompt_memento":"2799DC25D511B25BFEAE829235943A585BFEAB7BBE449214838F7885D665B4C9"},"safebrowsing":{"incidents_sent":"93079D6206B234CF1A53A769FD66272940122282BA86CDB48CF3D5BDE927AFCD"},"search_provider_overrides":"4376108DF693583C7A8F0FE75ED78255F0B3C9D6880333EE5F8DBDB0B4C58E06","session":{"restore_on_startup":"94026F7FDFE0D35379C8678CE06C0B2DB4BF589A023EAF0A395583963D32B515","startup_urls":"21B14B4299EDF3FF729F6120DD568B67E78BDD91E864311E721F858CE46CAF22"},"software_reporter":{"prompt_reason":"990A235A936DDF3AB76519939EB3D00B6B6F5DF96992A61D5DB900C8A75F64A5","prompt_seed":"012171F36900F1ABEA75A9F695455D1693DB23ACDDB4EE9774443DCE13BF6F0A","prompt_version":"98816C1B3A48280DF148EE8B8E66095128AE6E33D5D41CD80CEE569FFE3D4D8C"},"sync":{"remaining_rollback_tries":"6E8BAF2F2B7478728F3C616B6C27F2F4E9A7FCB8B6682E0FD1B72B0DE125AABE"}},"super_mac":"708858A66F32064F0374A16986BEAD6055A758B4F1E467885E7BCA6083470A5F"},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{2578A147-C72B-48A2-925D-8EF21F795B85}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {2578A147-C72B-48A2-925D-8EF21F795B85} Bing Url="http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6B43401-E818-4961-AFED-118DD8E87642} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hildy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hildy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\hildy\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hildy\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\hildy\AppData\Local\Mozilla\Firefox\Profiles\huriypit.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\hildy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=115 folders=21 144768729 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hildy\AppData\Local\Temp will be emptied at reboot C:\Users\Mos\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\hildy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 26-06-2015 at 10:29:08.04 ======================