Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Pieter on wo 12/08/2015 at 13:51:22,97. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Pieter\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-24-131246.log 95956 bytes C:\zoek-results2015-04-20-132939.log 45297 bytes C:\zoek-results2015-04-20-160106.log 51752 bytes C:\zoek-results2015-08-09-194513.log 62670 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\globalUpdatem deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default user.js not found ---- Lines istart removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "istartsurf"); user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/web/favicon.ico"); user_pref("browser.search.searchengine.name", "istartsurf"); user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=dspp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- prefs_20151208_1423_.backup ProfilePath: C:\Users\Pieter\AppData\Roaming\TomTom\HOME\Profiles\f9aferhx.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151208_1423_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4c81-863D-3BA0751E1419}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Optimizer Pro"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\MiuiTab not found c:\programdata\{c8a6a735-fdc2-dfd8-c8a6-6a735fdc9cd7} not found c:\programdata\{2aaee9ec-ddd1-eae0-2aae-ee9ecddda7b3} not found "C: WINDOWS\tasks\AutoMount.job" not found "C: WINDOWS\tasks\ExtremeOrganizer.job" not found "C: WINDOWS\tasks\m9skEjNaY5S.job" not found "c:\Windows\zoek-delete.exe" not found C:\PROGRA~2\SSmartCuompAAre deleted C:\Program Files (x86)\Optimizer Pro 3.99 deleted C:\Program Files (x86)\globalUpdate deleted C:\ProgramData\{263637ab-1742-af41-2636-637ab174deac} deleted C:\Program Files (x86)\b700fb04-773f-4f86-b815-e227df2272ab deleted C:\PROGRA~3\okcfhfemegkhdadlncllfbomdbehmlhj deleted C:\PROGRA~3\8093733674390682793 deleted C:\Users\Pieter\AppData\Local\globalUpdate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\Windows\tasks\m9skEjNaY5S.job deleted C:\windows\SysNative\tasks\m9skEjNaY5S deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Pieter\Desktop\Optimizer Pro.lnk deleted C:\Users\Pieter\AppData\Roaming\m9skEjNaY5S.exe deleted C:\Users\Pieter\AppData\Roaming\z5MBe4ejnxv2.exe deleted "C:\Windows\tasks\OneTouchCrop.job" deleted "C:\Windows\tasks\z5MBe4ejnxv2.job" deleted "C:\Users\Pieter\AppData\Roaming\m9skEjNaY5S" deleted "C:\Users\Pieter\AppData\Roaming\z5MBe4ejnxv2" deleted "C:\Windows\tasks\z5MBe4ejnxv2.job" deleted "C:\Windows\SysNative\tasks\z5MBe4ejnxv2" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-09 12:22:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\prleth.sys 2015-08-09 12:22:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\hgfs.sys ====== C:\Users\Pieter\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-08-09 12:36:08 1ABCD42C883F114BCF0847889BA689E8 4 ----a-w- C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-08-09 18:50:20 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-08-09 18:50:11 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-08-09 18:50:11 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-08-09 18:50:11 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-07-14 19:11:24 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-14 19:11:24 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-14 19:11:24 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-14 19:11:23 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-07-14 19:11:23 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-07-14 19:10:21 065F79543D7999EC28B687F87E96B803 20992 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys ====== C:\Windows\Tasks ====== 2015-08-09 14:13:23 BDA0E18D2302805AC608E287D7683DC0 3158 ----a-w- C:\Windows\Sysnative\Tasks\{3D0E56A1-8760-4D35-8649-4159AFC23C2B} 2015-08-09 12:31:02 AFCD2DB88698F0895867B045D7359FEC 352 ----a-w- C:\Windows\Tasks\AutoMount.job 2015-08-09 12:30:01 3821C107E09892AF20332FDDAADD7B0F 360 ----a-w- C:\Windows\Tasks\ExtremeOrganizer.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-08-09 13:58:04 -------- d-----w- C:\PROGRA~2\Atari 2015-08-09 12:23:08 -------- d-----w- C:\PROGRA~2\Opera ======= C: ===== 2015-08-09 14:11:42 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\dummy.htm ====== C:\Users\Pieter\AppData\Roaming ====== 2015-08-09 19:38:34 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-08-09 19:38:33 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Temp 2015-08-09 19:38:33 -------- d-----w- C:\Users\postgres\AppData\Local\Temp 2015-08-09 19:38:33 -------- d-----w- C:\Users\Pieter\AppData\Local\Temp 2015-08-09 19:38:33 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-08-09 19:38:33 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-08-09 18:21:33 6DB27D414341CC27D29B0CDEAA0586BD 24 ----a-w- C:\Users\Pieter\AppData\Roaming\appdataFr25.bin 2015-08-09 14:11:14 -------- d-----w- C:\Users\Pieter\AppData\Roaming\Atari 2015-08-09 14:06:19 -------- d-----w- C:\Users\Pieter\AppData\Roaming\Leadertech 2015-08-09 12:24:04 -------- d-----w- C:\Users\Pieter\AppData\Roaming\Opera Software 2015-08-09 12:24:04 -------- d-----w- C:\Users\Pieter\AppData\Local\Opera Software ====== C:\Users\Pieter ====== 2015-08-09 18:49:28 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Pieter\Downloads\mbam-setup-2.0.0.1000 (1).exe 2015-08-09 14:06:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari 2015-08-09 08:21:43 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (9).exe 2015-08-06 15:16:43 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (8).exe 2015-08-06 15:16:16 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (7).exe 2015-08-06 15:16:00 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (6).exe ====== C: exe-files == 2015-08-09 18:49:28 32A7154F9934CF3AA5D945D02D069D1F 17523384 ----a-w- C:\Users\Pieter\Downloads\mbam-setup-2.0.0.1000 (1).exe 2015-08-09 14:06:16 1953284D1C4218B018A30F22FD4338D1 15884288 ----a-w- C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe 2015-08-09 13:58:03 BEF1E6A9B97045EC3F2B9CF34ACB6810 121064 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\setup.exe 2015-08-09 13:57:19 BB0F3EB5117F6DE265E6AFF38C2AFA9E 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2015-08-09 13:57:18 D186D961E211E4FD7F7C3A02A864CBE5 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2015-08-09 08:21:43 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (9).exe 2015-08-06 15:16:43 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (8).exe 2015-08-06 15:16:16 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (7).exe 2015-08-06 15:16:00 1500E4507A8A590F0A463CD79CE2D9B8 5012928 ----a-w- C:\Users\Pieter\Downloads\Shockwave_Installer_Slim (6).exe 2015-08-05 14:12:42 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files (x86)\Google\Update\Install\{99510F19-F87C-471F-B407-CB16BDB46399}\44.0.2403.130_44.0.2403.125_chrome_updater.exe 2015-08-05 14:12:42 1DEEF4A41F33D307E6EE2FBE8B179BE2 959568 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.130\44.0.2403.130_44.0.2403.125_chrome_updater.exe === C: other files == 2015-08-11 12:07:25 47D19EF362E219F1311ED7499C183B5C 305726 ----a-w- C:\Users\Pieter\Downloads\Orange.Is.The.New.Black.S01(Ned.DVD).zip 2015-08-09 18:50:20 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-08-09 18:50:11 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-08-09 18:50:11 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-08-09 18:50:11 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-08-09 12:22:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\prleth.sys 2015-08-09 12:22:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\hgfs.sys 2015-08-09 12:20:16 DDE2449AC0E9B77E6DE0D94D41E9C6DB 583455 ----a-w- C:\Users\Pieter\Downloads\RollerCoaster Tycoon 3__3422_il287375.exe.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\Pieter\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Easy-Hide-IP"="C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe" [HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "BitComet"="C:\Program Files (x86)\BitComet\BitComet.exe /tray" "Facebook Update"="C:\Users\Pieter\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MsnMsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1004\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "BitComet"="C:\Program Files (x86)\BitComet\BitComet.exe /tray" "Facebook Update"="C:\Users\Pieter\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MsnMsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe /background" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1385566621-4048086490-2743871047-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "uTorrent"="C:\Users\Pieter\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Easy-Hide-IP"="C:\Program Files\Easy-Hide-IP\easy-hide-ip.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" "Acer Empowering Technology Monitor"="C:\Program Files\Acer\Empowering Technology\SysMonitor.exe" "EmpoweringTechnology"="C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot" ==== Startup Folders ====================== 2014-08-27 20:52:14 2983 ----a-w- C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Moongamers Patch Switcher.lnk 2014-01-28 13:27:12 1545 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AutoMount.job --a------ C:\programdata\c8a6a735-fdc2-dfd8-c8a6-6a735fdc9cd7\pricelessinstaller.exe [] C:\Windows\tasks\ExtremeOrganizer.job --a------ C:\programdata\78407878-6f0f-e747-7840-078786f0e1e1\priceless_soft_partner.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1385566621-4048086490-2743871047-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1385566621-4048086490-2743871047-1000Core" [C:\Users\Pieter\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1385566621-4048086490-2743871047-1000UA" [C:\Users\Pieter\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - e59d93858daa466eadcbd5e56d422dbfc19bd5aff8b54649aa3d056a29ebbbd2" [C:\Program Files\HP\HP Deskjet 2510 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 2510 series" ["C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe"] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "DSE"="true" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Pieter\AppData\Roaming\TomTom\HOME\Profiles\f9aferhx.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\d54h27ht.default EF3CA2A515FEC970E22D2C424A42401E - C:\Users\Pieter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Pieter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 0C0C5C207121C7A78414A8250E8E099A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] https //mynamedomain.koko//0service/update2/crx - Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Startpages ====================== C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Preferences 1556CDC0AFC9561897D90682370A07BC1B760395DD90C862C2E7B35B183307","okcfhfemegkhdadlncllfbomdbehmlhj":"6EAED34657188D440B6F1637B6E540D148A94F9F8C2C19B0532431BF607FF941","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"89CA21EC4303FE022A537CFB50E939E892060664274676329B04E022220576E1","papbadoldddalgcjcicnikcfenodpghp":"E321A874FBC6E5D5DCCB395C8B6FA2945BEC3AFD17CA3D241A4A9A98213B7D51","pjkljhegncpnkpknbcohdijeoejaedia":"7E592097F8A20A75B1E102644EB720E6252B439C86D60D9E8E42FC0CC5F63BBC"}},"homepage":"6AF67BB080B6E6FE34FF208F789EE8847AEADD40DCA7F4D9400C1795F19C6BD5","pinned_tabs":"7C8726A60AA1696258435204B1487FAB9C67EC131E2AC87BF068073617D5E171","prefs":{"preference_reset_time":"2BB94760CD5A1AE13E4A3337131192026C99933068AD453E8844FA3B83735910"},"safebrowsing":{"incidents_sent":"4842C655829CB5F89A53882518B5D00E6FFC78133C1095CD8EF555B9905A8509"}},"super_mac":"230FCCA8D60A6ACFC4EA677917EB925FDA981EDA3836CC3647A5296232A6C167"},"safebrowsing":{"incidents_sent":{"1":{"extensions.settings":"866499333"},"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"domain_request_incident":"42","script_request_incident":"42"}}},"session":{"restore_on_startup":4,"startup_urls":["http://www.istartsurf.com/?type=hppp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9"]}} ==== Chromium Fix ====================== C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.webssearches.com_0.localstorage-journal deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.istartsurf.com/?type=hppp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9" "Search Page"="http://www.istartsurf.com/web/?type=dspp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9" "Default_Search_URL"="http://www.istartsurf.com/web/?type=dspp&ts=1439148037&z=a9d5eb78f22dcc2d2686097g6z6catdg4zdm0t5qfg&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Pieter\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Pieter\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully C:\Users\Pieter\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Pieter\Desktop\A Speeder.lnk - C:\Program Files (x86)\aspeeder\T3631165.exe C:\Users\Pieter\Desktop\Cheat Engine.lnk - C:\Program Files (x86)\Cheat Engine 6.4\Cheat Engine.exe C:\Users\Pieter\Desktop\Farming Simulator 2013 .lnk - C:\Program Files (x86)\Farming Simulator 2013\FarmingSimulator2013.exe C:\Users\Pieter\Desktop\Jodix Free WMA to MP3 Converter.lnk - C:\Program Files (x86)\Free WMA to MP3 Converter\wma_mp3_converter.exe C:\Users\Pieter\Desktop\labels (8).pdf - Snelkoppeling.lnk - C:\Users\Pieter\Downloads\labels (8).pdf C:\Users\Pieter\Desktop\Moongamers Patch Switcher.lnk - C:\Users\Pieter\AppData\Roaming\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_124305e.exe C:\Users\Pieter\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe C:\Users\Pieter\Desktop\Popcorn Time.lnk - C:\Users\Pieter\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Pieter\Desktop\Spider Solitaire.lnk - C:\Users\Pieter\Desktop\µTorrent.lnk - C:\Users\postgres\Desktop\A Speeder.lnk - C:\Program Files (x86)\aspeeder\T3631165.exe C:\Users\postgres\Desktop\Jodix Free WMA to MP3 Converter.lnk - C:\Program Files (x86)\Free WMA to MP3 Converter\wma_mp3_converter.exe C:\Users\UpdatusUser\Desktop\A Speeder.lnk - C:\Program Files (x86)\aspeeder\T3631165.exe C:\Users\UpdatusUser\Desktop\Jodix Free WMA to MP3 Converter.lnk - C:\Program Files (x86)\Free WMA to MP3 Converter\wma_mp3_converter.exe C:\Users\UpdatusUser\Desktop\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Benodigdheden kopen - HP Deskjet 2510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2510 series\Bin\hpqDTSS.exe C:\Users\Public\Desktop\BitComet.lnk - C:\Program Files (x86)\BitComet\BitComet.exe C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk - C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe C:\Users\Public\Desktop\Call of Duty(R) 2 Singleplayer.lnk - C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\DS3 Tool.lnk - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Empowering Technology.lnk - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Users\Public\Desktop\gBurner.lnk - C:\Program Files\gBurner\gBurner.exe C:\Users\Public\Desktop\HP Deskjet 2510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2510 series\Bin\HP Deskjet 2510 series.exe -Start UDCDevicePage C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\ManiaPlanet.lnk - C:\Program Files (x86)\ManiaPlanet\ManiaPlanetLauncher.exe C:\Users\Public\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\PokerStars.be.lnk - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe C:\Users\Public\Desktop\Pro Cycling Manager - Seizoen 2012.lnk - C:\Program Files (x86)\Cyanide\Pro Cycling Manager - Seizoen 2012\Autorun\Exe\Autorun.exe C:\Users\Public\Desktop\RollerCoaster Tycoon 3 Platinum.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Public\Desktop\TM.lnk - C:\Program Files (x86)\TMbot\TM.exe C:\Users\Public\Desktop\TManager.lnk - C:\Program Files (x86)\TMbot\TM.exe C:\Users\Public\Desktop\TmNationsForever.lnk - C:\Program Files (x86)\TmNationsForever\TmForeverLauncher.exe C:\Users\Public\Desktop\TmUnitedForever.lnk - C:\Program Files (x86)\TmUnitedForever\TmForeverLauncher.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Users\Public\Desktop\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\RCT3 Manual.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3_MANUAL_USA.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\Readme.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\Readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\RollerCoaster Tycoon 3 Platinum.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\Soaked Manual.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3S_MANUAL_USA.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\Uninstall RollerCoaster Tycoon® 3 Platinum.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari\RollerCoaster Tycoon 3 Platinum\Wild Manual.lnk - C:\Program Files (x86)\Atari\RollerCoaster Tycoon 3 Platinum\RCT3W_MANUAL_USA.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Office 2010 XAdES XL signature configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoffice2010_XAdES_XL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID\Utilities\MS Outlook registry configuration.lnk - C:\Program Files (x86)\Belgium Identity Card\beidoutlooksnc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EuroFortune Casino.lnk - C:\Program Files (x86)\EuroFortune\EuroFortune.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.be.lnk - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b1695d4f5a951d9d\PokerStars.BE.lnk - C:\Program Files (x86)\PokerStars.BE\PokerStarsUpdate.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TmUnitedForever.lnk - C:\Program Files (x86)\TmUnitedForever\TmForeverLauncher.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1439147818&z=aa54b0bd5387e76d55e0adegfzec7t3g4z7mbm5z0g&from=face&uid=ST9500325AS_5VE3KQJ9XXXX5VE3KQJ9 C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EuroFortune Casino.lnk - C:\Program Files (x86)\EuroFortune\EuroFortune.exe C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Safesoft Protector\itchromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Safesoft Protector\itchromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EuroFortune Casino.lnk - C:\Program Files (x86)\EuroFortune\EuroFortune.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Safesoft Protector\itchromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Safesoft Protector\itchromium.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== shortcuts After Repair ====================== C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Pieter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\postgres\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A74Y4AFI will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Pieter\AppData\Local\Mozilla\Firefox\Profiles\d54h27ht.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Pieter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Pieter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=565 folders=115 83006133 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Pieter\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Pieter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A74Y4AFI" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 12/08/2015 at 16:45:31,25 ======================