
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by User on ma 24/08/2015 at 16:19:47,25.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

24/08/2015 16:20:41 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\deallpeak deleted successfully
C:\PROGRA~2\deualster deleted successfully
C:\PROGRA~2\dOwneloaditkoeep deleted successfully
C:\PROGRA~2\MediaWatchV1 deleted successfully
C:\PROGRA~2\NewSavER deleted successfully
C:\PROGRA~2\NexxtCouup deleted successfully
C:\PROGRA~2\Saeveribox deleted successfully
C:\PROGRA~2\SaverEextension deleted successfully
C:\PROGRA~2\TrustMediaViewerV1 deleted successfully
C:\PROGRA~2\WEbbing deleted successfully
C:\PROGRA~2\WWebsave deleted successfully
C:\PROGRA~2\YoutubeAdblocker deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\297a03af000048f4 deleted successfully
C:\PROGRA~3\374311380 deleted successfully
C:\PROGRA~3\deallpeak deleted successfully
C:\PROGRA~3\DealsFactor deleted successfully
C:\PROGRA~3\deualster deleted successfully
C:\PROGRA~3\NewSavER deleted successfully
C:\PROGRA~3\NexxtCouup deleted successfully
C:\PROGRA~3\Saeveribox deleted successfully
C:\PROGRA~3\SaverEextension deleted successfully
C:\PROGRA~3\WEbbing deleted successfully
C:\PROGRA~3\WWebsave deleted successfully
C:\PROGRA~3\YoutubeAdblocker deleted successfully
C:\Users\User\AppData\Roaming\Goofball deleted successfully
C:\Users\User\AppData\Roaming\Systweak deleted successfully
C:\Users\User\AppData\Local\cache deleted successfully
C:\Users\User\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\User\AppData\Local\EmieSiteList deleted successfully
C:\Users\User\AppData\Local\EmieUserList deleted successfully
C:\Users\User\AppData\Local\Genesis_06272038 deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully
HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gfnpttr2.default

user.js not found
---- Lines Sweet removed from prefs.js ----
user_pref("extensions.8GCSxmXqpMSJiSLG.url", "http://elegantvacationdeals.net/sync2/?q=hfZ9oemHBchEAen0qHC6tMqLDe49CNU0nUkMCMlNhd9FqjaFrdrFrTw7rjYMBzq
---- Lines extensions.8GCSxmXqpMSJiSLG removed from prefs.js ----
user_pref("extensions.8GCSxmXqpMSJiSLG.epoch", "1437831451");
---- Lines extensions.LmoSDcm2fgXgWY3u removed from prefs.js ----
user_pref("extensions.LmoSDcm2fgXgWY3u.epoch", "1437831450");
user_pref("extensions.LmoSDcm2fgXgWY3u.url", "http://solutionget.info/sync2/?q=hfZ9ofmEgShEAen0qHC6tMqLDe49CNU0nUkMCMlNhd9FqjaGrjgFqHs9rTaMBzqUojw8rdC
---- Lines extensions.XIgbOTOljPO76c63 removed from prefs.js ----
user_pref("extensions.XIgbOTOljPO76c63.epoch", "1437831450");
user_pref("extensions.XIgbOTOljPO76c63.url", "http://bloggergroupweb.info/sync2/?q=hfZ9oemMC7n5hShEAen0rHwFqTwMg708BNmGWj8cmihGheDUojw8rdnFqTw8qdCFqih
---- Lines extensions.mU3qlGq7cjb8ygQh removed from prefs.js ----
user_pref("extensions.mU3qlGq7cjb8ygQh.epoch", "1437831451");
user_pref("extensions.mU3qlGq7cjb8ygQh.url", "http://getsrv.info/sync2/?q=hfZ9oex9DihEAen0qHC6tMqLDe49CNU0nUkMCMlNhd9FqjaFrjwFpjsErjaMBzqUojw8rdCGqdwH
---- FireFox user.js and prefs.js backups ---- 

prefs_20152408_1627_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"mobilegeni daemon"=- 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"TornTv Downloader"=- 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\deallpeak not found
C:\PROGRA~2\deualster not found
C:\PROGRA~2\dOwneloaditkoeep not found
C:\PROGRA~2\MediaWatchV1 not found
C:\PROGRA~2\NewSavER not found
C:\PROGRA~2\NexxtCouup not found
C:\PROGRA~2\Saeveribox not found
C:\PROGRA~2\SaverEextension not found
C:\PROGRA~2\TrustMediaViewerV1 not found
C:\PROGRA~2\WEbbing not found
C:\PROGRA~2\WWebsave not found
C:\PROGRA~2\YoutubeAdblocker not found
C:\Program Files (x86)\Mobogenie not found
C:\Users\User\AppData\Roaming\TornTV.com not found
C:\ProgramData\297a03af000048f4 not found
C:\Program Files (x86)\Saeveribox not found
C:\Program Files (x86)\dOwneloaditkoeep not found
C:\Program Files (x86)\deualster not found
C:\ProgramData\deualster not found
C:\PROGRA~2\CuTTheePriice deleted
C:\PROGRA~2\DealExprresss deleted
C:\PROGRA~2\DeealExpreSss deleted
C:\PROGRA~2\HaPpyo2SAvvee deleted
C:\PROGRA~2\IndepthSystem deleted
C:\PROGRA~2\DealExPressu deleted
C:\PROGRA~2\Happy22Savve deleted
C:\PROGRA~2\Hover Zoom deleted
C:\PROGRA~2\No Scroll Bars Please deleted
c:\programdata\{7ad657ec-a084-5081-7ad6-657eca085fb2} deleted
C:\Windows\tasks\FontElite.job deleted
c:\programdata\{055a6788-7f61-224e-055a-a67887f69e21} deleted
c:\programdata\{25903538-cb7a-3458-2590-03538cb7d4e3} deleted
c:\programdata\{b93f3f08-ac42-b31d-b93f-f3f08ac4fc22} deleted
C:\ProgramData\3cfb8dec00000faf deleted
C:\ProgramData\{e3ce6f9a-3e70-d812-e3ce-e6f9a3e7be68} deleted
C:\ProgramData\{aefd7411-2017-d4a7-aefd-d7411201d044} deleted
C:\ProgramData\{7b933b70-ed0d-7e8e-7b93-33b70ed0edc3} deleted
C:\ProgramData\{5d138b00-1bf9-15cc-5d13-38b001bf2c00} deleted
C:\ProgramData\{51bee51f-5e3d-6975-51be-ee51f5e3947d} deleted
C:\ProgramData\{e561f190-b0d7-db75-e561-1f190b0dc642} deleted
C:\ProgramData\downloaditkeep deleted
C:\ProgramData\savinshop deleted
C:\ProgramData\{d6815401-b7ad-56c3-d681-15401b7a5006} deleted
C:\ProgramData\{ba668516-4f78-44bd-ba66-685164f71459} deleted
C:\ProgramData\4fbc8935a28d9bd2 deleted
C:\ProgramData\5745618088071371730 deleted
C:\PROGRA~3\aagiaiggkandmjhabkdmhkbecannbkkg deleted
C:\windows\SysNative\Tasks\snf deleted
C:\windows\SysNative\Tasks\snp deleted
C:\windows\SysNative\Tasks\DigiMakeover deleted
C:\windows\SysNative\Tasks\FontElite deleted
C:\windows\SysNative\Tasks\SizeFixer deleted
C:\windows\SysNative\Tasks\Superclean deleted
C:\Program Files (x86)\AMD AVT\776ad553-17a7-49e7-8553-1192b47e7e84.dll deleted
C:\Program Files (x86)\AMD AVT\bc9cda7e-b6ad-4228-94c0-94ce0b36f38b.dll deleted
C:\Users\User\AppData\LocalLow\{B634FC98-5066-5C02-5306-8DDC49ADAF9A} deleted
C:\Users\User\AppData\LocalLow\{C5FED1F8-5146-1290-273E-CE49B39C3580} deleted
C:\Users\User\AppData\Local\Packages\windows_ie_ac_001\AC\{B634FC98-5066-5C02-5306-8DDC49ADAF9A} deleted
C:\Users\User\AppData\Local\Packages\windows_ie_ac_001\AC\{C5FED1F8-5146-1290-273E-CE49B39C3580} deleted
C:\Users\User\AppData\Local\DynamicPricer deleted
C:\Users\User\daemonprocess.txt deleted
C:\Users\User\.android deleted
C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted
C:\PROGRA~2\bc9cda7e-b6ad-4228-94c0-94ce0b36f38b deleted
C:\PROGRA~2\globalUpdate deleted
C:\PROGRA~2\COMMON~1\Config deleted
C:\extensions.ini deleted
C:\Users\User\AppData\Roaming\appdataFr3.bin deleted
C:\Users\User\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\ItsReadyApp deleted
C:\PROGRA~3\Registry Helper deleted
C:\PROGRA~3\SaveItCoupons deleted
C:\PROGRA~3\saveron deleted
C:\PROGRA~3\ssaveron deleted
C:\PROGRA~3\IHProtectUpDate deleted
C:\PROGRA~3\GetDiscountApp deleted
C:\PROGRA~3\RandomDealApp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\AppData\Local\globalUpdate deleted
C:\Users\User\AppData\Local\Mobogenie deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\User\AppData\LocalLow\{00AE440D-4DFB-B4B4-7D0A-66BD1DF67B52} deleted
C:\Users\User\AppData\LocalLow\{A8E93E78-C959-86DA-C9D4-638D60A4319E} deleted
C:\Users\User\AppData\LocalLow\{DA972BAC-35BE-C1F2-D7D7-3EF18170E8B2} deleted
C:\Users\User\AppData\LocalLow\{DE48C2B7-E2A3-7F64-29F4-CCFF2290B2F7} deleted
C:\Users\User\AppData\LocalLow\DataMngr deleted
C:\Windows\Reimage.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\RegistryHelperLM.ocx deleted
C:\Windows\SysWOW64\installd.exe deleted
C:\Users\User\Documents\Mobogenie deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gfnpttr2.default\extensions\staged deleted
"C:\Windows\tasks\alpha_shopper_helper_service.job" deleted
"C:\Windows\tasks\DigiMakeover.job" deleted
"C:\Windows\tasks\help4u_notification_service.job" deleted
"C:\Windows\tasks\help4u_updating_service.job" deleted
"C:\Windows\tasks\SizeFixer.job" deleted
"C:\Windows\tasks\Superclean.job" deleted
"C:\Program Files (x86)\Alpha Shopper\alpha_shopper_helper_service.exe" deleted
"C:\Program Files (x86)\help4u\help4u_notification_service.exe" deleted
"C:\PROGRA~2\Alpha Shopper\alpha_shopper_helper_service.exe" deleted
"C:\Program Files (x86)\Alpha Shopper" not deleted
"C:\Program Files (x86)\help4u" not deleted
"C:\PROGRA~2\Alpha Shopper" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-08-11 20:52:37	FC2EA5BD5307D2CFA5AAA38E0C0DDCE9	221184	----a-w-	C:\Windows\notepad.exe
====== C:\Users\User\AppData\Local\Temp ====
2015-08-21 07:38:29	9E51DB6F654206C8B7ADC95AC850BECC	4487744	----a-w-	C:\Users\User\AppData\Local\Temp\supoptsetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-08-19 15:45:54	A98799EBA5BAABF1AB2BAFCE488FC9F9	19871232	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-08-12 21:09:37	F51474B15B4210E93FD73CA9E52E7926	103120	----a-w-	C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:54:30	B4507FD993C3F7545A637863BE756559	124928	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 20:54:30	B06236A3C5568BA063711D6E239509B9	81920	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-08-11 20:54:30	6C02E120E119B06D31EBD96DE4740111	29696	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-08-11 20:54:30	56EFA37771E7628216E9B35ED681384C	721920	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-08-11 20:53:52	AB6A3699E478DEF677D48B126B223C54	4520448	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-08-11 20:53:52	3C74EA1EC43A694060F09B7D754446C6	12856832	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-08-11 20:53:51	A37FEDFC0BC9E96AD3DFFF41D5805F04	2279424	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-08-11 20:53:51	3E168B5E5FEE3D09C2D4E97861B5F4B3	479232	----a-w-	C:\Windows\SysWOW64\ieui.dll
2015-08-11 20:53:51	0AC8CD2138FD10C4A0E2FF08F892359C	1951232	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-08-11 20:53:50	D4CE6BDB3225327B3FAF630287B6B446	1048576	----a-w-	C:\Windows\SysWOW64\actxprxy.dll
2015-08-11 20:53:50	C98AF04E9FC94DBF57B29A9891597664	689152	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 20:53:50	BD3E3A13423C40E8CF4BE531EE68BAF0	1310720	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-08-11 20:53:50	66EA3446CDAC2772CC17A23DFE0169B7	880128	----a-w-	C:\Windows\SysWOW64\inetcomm.dll
2015-08-11 20:53:50	4D036506C8359185FC52EB49DB891743	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2015-08-11 20:53:49	FB1B7D2B2D500E067B96C56EE0B4DDAD	664064	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-08-11 20:53:49	728188684708FEF4F18E2CAB46C54DBB	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 20:53:49	358D91656E54B03B8FFE3CF4D535A6C8	504320	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-08-11 20:53:04	A68963D6522B5281516B9841B6BC9919	198656	----a-w-	C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 20:53:04	1467236922B38B4706BF2539D7BAC4B3	87040	----a-w-	C:\Windows\SysWOW64\davclnt.dll
2015-08-11 20:53:02	703B543281B5537DEB5B8EF05D94D898	1499920	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2015-08-11 20:52:46	ED239F7D7D98E8E21A9CFCB8DA22B91C	15159296	----a-w-	C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-11 20:52:38	A153AE01A8B83739B121D8808EFF86E2	393560	----a-w-	C:\Windows\SysWOW64\netcfgx.dll
2015-08-11 20:52:37	AD560C728C33F20E9D0CF37C40DB7A23	1556992	----a-w-	C:\Windows\SysWOW64\msxml3.dll
2015-08-11 20:52:37	9D12A01443D52BB25A8AD0F100F91B83	212992	----a-w-	C:\Windows\SysWOW64\notepad.exe
2015-08-11 20:52:37	8CF33E0D6E2592BBC3A471F40358E2DB	856064	----a-w-	C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 20:52:37	7D2406D3E8DEAB81A539C8FF5FB8EAE2	1901776	----a-w-	C:\Windows\SysWOW64\msxml6.dll
2015-08-11 20:52:37	6CF8627C9C84CA5E6CE8DC10CE757538	1559552	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2015-08-11 20:52:37	6738291C76FDD47037225BD70EE3503C	35840	----a-w-	C:\Windows\SysWOW64\atmlib.dll
2015-08-11 20:52:37	2C961D5568DA48EA25FC663411120A04	6213120	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2015-08-11 20:52:37	1B3D01CF06111D199380C0A7FBF5B1DE	301568	----a-w-	C:\Windows\SysWOW64\atmfd.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-08-19 15:45:54	E5F2BB962F84A8F8D996FEA33F4C817B	25191936	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-08-12 21:09:37	AFA127EEA1E9FAE862A55A1D0B7E822C	124624	----a-w-	C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 20:54:30	F3C92D851BB901EDB5C7A977EFD578A8	409088	----a-w-	C:\Windows\Sysnative\WUSettingsProvider.dll
2015-08-11 20:54:30	DB3B4BE9021D0ADB3B34D00AB94D0895	140288	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2015-08-11 20:54:30	C82107E0CC8E12DE7CFBB4A9BFFD62BA	95744	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-08-11 20:54:30	BB6F53F80AA1789815963C16E303A973	3704320	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-08-11 20:54:30	7CFB5C243562FEDEE84B2BBF12BEE33E	2228736	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-08-11 20:54:30	6FD5F29679239BF336D9AC045EFDE74F	35840	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-08-11 20:54:30	6CDF693DB2B20604E7314F8323F52F00	136904	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-08-11 20:54:30	5B5196CFE7A703D9F9309859EA70462C	891904	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-08-11 20:53:56	3DCE7705F6770C90A616B149C261E8EE	411133	----a-w-	C:\Windows\Sysnative\ApnDatabase.xml
2015-08-11 20:53:53	995797E4DE4215715CA2040BB81F4594	14451200	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-08-11 20:53:52	E892688BB1C8B0B485C27436F2B963CF	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-08-11 20:53:52	C6960223A6BAB3CF83DB09565D191844	5923328	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-08-11 20:53:51	C555B5C8142844DED9E3BD94E6313000	2427904	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-08-11 20:53:51	158C1D034080B9DC0A9A2CD9E8DB0199	1545728	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-08-11 20:53:51	0A11C834B8CA37AE07DF5E8727846BEC	2880000	----a-w-	C:\Windows\Sysnative\actxprxy.dll
2015-08-11 20:53:50	D25352D34FDE9AF82F6362CA86A317C3	145408	----a-w-	C:\Windows\Sysnative\iepeers.dll
2015-08-11 20:53:50	8EB07ED289C0F53E3838DC812E5A9CCC	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2015-08-11 20:53:50	77A4FEE4031F90DBB5C16F6A8FC855BC	417792	----a-w-	C:\Windows\Sysnative\html.iec
2015-08-11 20:53:50	4E37600CED71FFCE7EEBB129A90B3431	2885632	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-08-11 20:53:50	43AF91A40E44205272335E33B7BBA4C3	2125824	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-08-11 20:53:50	3E4568FFE110FE81CA1A75BF1149153B	801280	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-08-11 20:53:49	C580215DE134617942FF1740A1235CE4	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-08-11 20:53:49	9C7B3D3A9A945AED5CC97C6535C9D857	816640	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-08-11 20:53:49	591A23DF78E3DDE47FF769C82CAC5AC7	1032704	----a-w-	C:\Windows\Sysnative\inetcomm.dll
2015-08-11 20:53:49	39E11AA344781CD5773BE9E2472C84E4	584192	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-08-11 20:53:04	F077AA3AF6BF55445801661ADBC63D06	104448	----a-w-	C:\Windows\Sysnative\davclnt.dll
2015-08-11 20:53:04	40F83492DB9ABBA59773A45FB487C8B2	228864	----a-w-	C:\Windows\Sysnative\WebClnt.dll
2015-08-11 20:53:02	C8219AC86CFE28102878B69F414F2079	7458648	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-08-11 20:53:02	7E85DB0463AD2403AE84AD162B162279	1217024	----a-w-	C:\Windows\Sysnative\sysmain.dll
2015-08-11 20:53:02	3CDAF271CFC64DB18F1B6D8BF495EB58	1735000	----a-w-	C:\Windows\Sysnative\ntdll.dll
2015-08-11 20:52:47	F6506621BF6CEE122A7CE155296299A8	743424	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-08-11 20:52:47	EBB3AD82E6CE2B4B978E7CBF00E6089D	18823680	----a-w-	C:\Windows\Sysnative\Windows.UI.Xaml.dll
2015-08-11 20:52:47	E57267B8ED09F569FA603E8868845B0E	1148416	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-08-11 20:52:47	BA8572BDA108A0C54187AE9C13306FB0	69120	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-08-11 20:52:47	9D74FEC6CE8EF72CF5FF83447F45B2ED	774144	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-08-11 20:52:47	90F1A2A33C7EC9885994746B83201D6F	25776	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2015-08-11 20:52:47	89DF19162B8ADE69856978CE4A979173	1116160	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-08-11 20:52:47	1E9B6977F7928FF9FB9DC64A21F000AD	437248	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-08-11 20:52:38	F776672C327EA4B8409B337422B87350	59392	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2015-08-11 20:52:38	52DA047D3968A40CD9E353B1D256FACD	487256	----a-w-	C:\Windows\Sysnative\netcfgx.dll
2015-08-11 20:52:38	05B08C20B8428ECE088CB5635696A48D	59392	----a-w-	C:\Windows\Sysnative\basesrv.dll
2015-08-11 20:52:37	FC2EA5BD5307D2CFA5AAA38E0C0DDCE9	221184	----a-w-	C:\Windows\Sysnative\notepad.exe
2015-08-11 20:52:37	AE0E60AE84B2E5CD261E6BD96F074841	44032	----a-w-	C:\Windows\Sysnative\atmlib.dll
2015-08-11 20:52:37	A1DB29E2E47A99E1992B6049ED838C9F	358912	----a-w-	C:\Windows\Sysnative\atmfd.dll
2015-08-11 20:52:37	753F99CF6554FD9CBCDC79E7CB94E63A	2345472	----a-w-	C:\Windows\Sysnative\msxml3.dll
2015-08-11 20:52:37	6789160F360BF5BAF50CFEBC4043FA8E	1994752	----a-w-	C:\Windows\Sysnative\DWrite.dll
2015-08-11 20:52:37	570CCDEB1D230BEFDE7A0556FB02C674	7032320	----a-w-	C:\Windows\Sysnative\mstscax.dll
2015-08-11 20:52:37	4F9BFE0A0E3D979DE1C2C717E7FF34E0	4177408	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-08-11 20:52:37	3D6FE1BAB1FCBEECCA6F64E4C0F11640	2529880	----a-w-	C:\Windows\Sysnative\msxml6.dll
2015-08-11 20:52:37	362614DBA04ACBA2897E920706CE46B7	536920	----a-w-	C:\Windows\Sysnative\mcupdate_GenuineIntel.dll
2015-08-11 20:52:37	1FD24A3B2B1BBEEC69EE009F3B110286	1101824	----a-w-	C:\Windows\Sysnative\rdvidcrl.dll
2015-08-11 20:52:37	1E93CBB75D167CDF85501A8C790097A8	1381888	----a-w-	C:\Windows\Sysnative\FntCache.dll
====== C:\Windows\Sysnative\drivers =====
2015-08-11 20:53:02	9A788037D768809DFD677F4BA08A224A	101720	----a-w-	C:\Windows\Sysnative\drivers\mountmgr.sys
2015-08-11 20:52:46	CE67080F00E0AF32755096CEA6430ABA	114520	----a-w-	C:\Windows\Sysnative\drivers\WdNisDrv.sys
2015-08-11 20:52:46	81285DDC994F03379DB46419300B2DCB	44560	----a-w-	C:\Windows\Sysnative\drivers\WdBoot.sys
2015-08-11 20:52:46	26B8FED3F3B85F5F0C4BD03FD00B9941	270168	----a-w-	C:\Windows\Sysnative\drivers\WdFilter.sys
2015-08-11 20:52:38	97DC5967F65503213FD1F1B3E4A6F983	1113944	----a-w-	C:\Windows\Sysnative\drivers\ndis.sys
2015-08-11 20:52:37	746DDF7D59AB8D721C88D48434597E8D	2476376	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2015-08-11 20:52:37	25991A1635AF725E9DC840A6A36824EC	428888	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
====== C:\Windows\Tasks ======
2015-08-23 15:56:37	A2F422C41A79813F007BEF48CD18A2BE	22164	----a-w-	C:\Windows\Sysnative\Tasks\DNSWETHERSFIELD
2015-08-23 15:14:24	370A42A45AFDDD71E266161AD5CED9DA	3806	----a-w-	C:\Windows\Sysnative\Tasks\Opera scheduled Autoupdate 1440342862
2015-07-28 14:06:41	23EBBA1C4A36247C13B5F7012A97645A	3156	----a-w-	C:\Windows\Sysnative\Tasks\33of3mxy
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-08-23 16:07:08	--------	d-----w-	C:\Program Files\trend micro
2015-07-28 14:21:48	3734676	----a-w-	C:\Program Files\Common Files\uaqn45kb.exe
2015-07-28 14:06:40	--------	d-----w-	C:\Program Files\Common Files\bxfkukn5
======= C:\PROGRA~2 =====
2015-08-23 16:05:59	--------	d-----w-	C:\PROGRA~2\trend micro
2015-08-23 15:56:36	--------	d-----w-	C:\PROGRA~2\DNS Unlocker
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2015-08-23 15:12:37	--------	d-----w-	C:\Users\User\AppData\Local\Slimjet
2015-08-17 16:55:30	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla
2015-07-29 18:05:49	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\WinRAR
2015-07-28 14:22:22	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\A
====== C:\Users\User ======
2015-08-23 16:07:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64.exe
2015-08-23 16:05:50	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\User\Downloads\RSIT.exe
2015-08-23 15:17:29	D3893975FBFD7F397B1B26158F48638F	129780392	----a-w-	C:\Users\User\Downloads\NS-TW-22.5.0-EN-US.exe
2015-08-23 15:17:07	04843480365F69CE090DEEDCB9F17281	144845224	----a-w-	C:\Users\User\Downloads\NS_22.5.2.15_SYMTB_PROMO_4_MRFTT_CC010_13034-NL-NL.exe
2015-08-23 15:13:45	F2806D0FE7FA981453C726BEA70E14A0	703440	----a-w-	C:\Users\User\Downloads\Opera_NI_stable.exe
2015-08-23 15:11:20	69FCD9CAF89B64F01AAA91F2353ECDB7	43994504	----a-w-	C:\Users\User\Downloads\sjtsetup_x86.exe
2015-08-23 15:07:18	0A5B39A859EB84484D5559A8BA22F736	38494576	----a-w-	C:\Users\User\Downloads\SafariSetup.exe
2015-08-13 12:48:19	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer
2015-07-28 19:59:26	--------	d-----w-	C:\ProgramData\ExtTags
2015-07-28 19:59:25	--------	d-----w-	C:\ProgramData\ExtTag
2015-07-28 14:21:51	--------	d-----w-	C:\ProgramData\ITHelpers
2015-07-28 14:21:50	--------	d-----w-	C:\ProgramData\ITHelper

====== C: exe-files ==
2015-08-23 16:07:08	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\User.exe
2015-08-23 16:07:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64.exe
2015-08-23 16:05:59	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files (x86)\trend micro\User.exe
2015-08-23 16:05:50	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\User\Downloads\RSIT.exe
2015-08-23 15:56:36	279F4DB651FE4B239E52343A3C6CBE41	628224	----a-w-	C:\Program Files (x86)\DNS Unlocker\dnswethersfield.exe
2015-08-23 15:56:36	033DA857CA43BC19ADB1F59AEE3C8957	719711	----a-w-	C:\Program Files (x86)\DNS Unlocker\unins000.exe
2015-08-23 15:17:29	D3893975FBFD7F397B1B26158F48638F	129780392	----a-w-	C:\Users\User\Downloads\NS-TW-22.5.0-EN-US.exe
2015-08-23 15:17:07	04843480365F69CE090DEEDCB9F17281	144845224	----a-w-	C:\Users\User\Downloads\NS_22.5.2.15_SYMTB_PROMO_4_MRFTT_CC010_13034-NL-NL.exe
2015-08-23 15:14:22	E3928C1737A104B5583BCDD55DA9A436	73336	----a-w-	C:\Program Files (x86)\Opera\31.0.1889.174_2\wow_helper.exe
2015-08-23 15:14:22	948FA74B07C4E4DA03BD8272FA85286C	899704	----a-w-	C:\Program Files (x86)\Opera\31.0.1889.174_2\opera.exe
2015-08-23 15:14:22	520002C4A4737CDDD6B860E30ECD7C67	511608	----a-w-	C:\Program Files (x86)\Opera\31.0.1889.174_2\opera_crashreporter.exe
2015-08-23 15:14:22	502204336674EBC79860D2AE74CAC60E	3515000	----a-w-	C:\Program Files (x86)\Opera\31.0.1889.174_2\opera_autoupdate.exe
2015-08-23 15:14:22	0592A00BA269710A68ABC75B437FC206	1280120	----a-w-	C:\Program Files (x86)\Opera\31.0.1889.174_2\installer.exe
2015-08-23 15:14:22	044C9C39D1164EB8CB8FA8DFBA6E063C	931960	----a-w-	C:\Program Files (x86)\Opera\launcher.exe
2015-08-23 15:13:49	01096690DA76E107F4AE8F0796A517EA	34168632	----a-w-	C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\K02121W6\Opera_31.0.1889.174_Setup[1].exe
2015-08-23 15:13:45	F2806D0FE7FA981453C726BEA70E14A0	703440	----a-w-	C:\Users\User\Downloads\Opera_NI_stable.exe
2015-08-23 15:11:20	69FCD9CAF89B64F01AAA91F2353ECDB7	43994504	----a-w-	C:\Users\User\Downloads\sjtsetup_x86.exe
2015-08-23 15:07:18	0A5B39A859EB84484D5559A8BA22F736	38494576	----a-w-	C:\Users\User\Downloads\SafariSetup.exe
2015-08-23 14:57:31	AFAED5A6224A03B45D420618BB483C05	703400	----a-w-	C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\AT7P4GR8\Opera_NI_stable.exe
2015-08-23 14:36:03	01096690DA76E107F4AE8F0796A517EA	34168632	----a-w-	C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\08BNM1BQ\Opera_31.0.1889.174_Setup[1].exe
2015-08-21 07:38:29	9E51DB6F654206C8B7ADC95AC850BECC	4487744	----a-w-	C:\Users\User\AppData\Local\Temp\supoptsetup.exe
=== C: other files ==
2015-08-23 17:56:17	8965ABC4CEE2CD268D8ECEE4B7799844	24475716	----a-w-	C:\Users\User\Downloads\DAF_Screensaver_2015.zip
2015-08-23 15:20:31	0510396A957E9FD7205BA62D3CAE4528	162392	----a-r-	C:\Windows\System32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"BingSvc"="C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
"Registry Helper"="C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe /boot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"BingSvc"="C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\ProgramData\\ITHelper\\4akgtwlf.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\ProgramData\\ITHelper\\fxv4sz02.dll"

==== Startup Folders ======================

2014-03-07 15:14:15	2070	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [12/08/2015 16:54]
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 16:54]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\33of3mxy" [C:\Program Files\Common Files\bxfkukn5\4bed8z2pvlt35.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\DNSWETHERSFIELD" [dnswethersfield.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1440342862" [C:\Program Files (x86)\Opera\launcher.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7A66EF19-D0C9-4D28-A71A-286237E5D80B}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\gfnpttr2.default
user_pref("browser.startup.homepage", "C:\ProgramData\ITHelpers\ff.HP");
user_pref("browser.newtab.url", "C:\ProgramData\ITHelpers\ff.NT");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn" [24/08/2015 16:12]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Gast\AppData\Local\Torch deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\User\AppData\Local\Torch deleted
Fake profile C:\Users\User\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\User\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx[05/03/2015 10:45]

Norton Identity Safe - User\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
help4u - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlppefmhmoiaeemeffjchbieeghlan
TornPlusTV_version1.11 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heildphpnddilhkemkielfhnkaagiabh
Norton Identity Safe - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
jlioidldolgbmanndggdnldambdlglgj - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlioidldolgbmanndggdnldambdlglgj
mhophkifmlkobgkeahlhcdnjadcpmlbp - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhophkifmlkobgkeahlhcdnjadcpmlbp
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Hover Zoom - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Norton Security Toolbar - User\AppData\Local\Slimjet\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - User\AppData\Local\Slimjet\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Web Store Payments - User\AppData\Local\Slimjet\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
selector is not a valid CSS selector - User\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp

==== Chromium Startpages ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
rts_spdy":true},"ssl.gstatic.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"stats.g.doubleclick.net:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"syndication.twitter.com:443":{"supports_spdy":true},"t4.liverail.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternate_protocol":{"port":443,"probability":0.080,"protocol_str":"quic"},"settings":{"4":100,"5":96,"6":0},"supports_spdy":true},"tpc.googlesyndication.com:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"winnerican.org:443":{"supports_spdy":true},"winnering.info:443":{"supports_spdy":true},"winnering.org:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"alternate_protocol":{"port":443,"probability":0.50,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.google-analytics.com:80":{"alternate_protocol":{"port":80,"probability":0.50,"protocol_str":"quic"}},"www.google.be:443":{"alternate_protocol":{"port":443,"probability":0.50,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.google.be:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"www.google.com:443":{"alternate_protocol":{"port":443,"probability":0.50,"protocol_str":"quic"},"settings":{"4":100,"5":32,"6":0},"supports_spdy":true},"www.google.com:80":{"alternate_protocol":{"port":80,"probability":0.50,"protocol_str":"quic"}},"www.googleadservices.com:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"www.googleapis.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.googletagmanager.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.googletagmanager.com:80":{"alternate_protocol":{"port":80,"probability":0.50,"protocol_str":"quic"}},"www.googletagservices.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.googletagservices.com:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"www.gstatic.com:443":{"alternate_protocol":{"port":443,"probability":0.50,"protocol_str":"quic"},"settings":{"4":100,"5":64,"6":0},"supports_spdy":true},"www.gstatic.com:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"www.youtube-nocookie.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.youtube.com:443":{"alternate_protocol":{"port":443,"probability":0.080,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true},"www.youtube.com:80":{"alternate_protocol":{"port":80,"probability":0.080,"protocol_str":"quic"}},"yt3.ggpht.com:443":{"alternate_protocol":{"port":443,"probability":0.020,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true}},"version":3}},"ntp":{"most_visited_blacklist":{"01e3dd43566b07a43b76297fa0c86cb7":null,"03fb632b37f67daa4c4e5ccbdb9712e7":null,"061ad806c980ab361251bfc1156a262b":null,"07b2338fc3b0edea69d55917d441f969":null,"0a10b92b6f5f40cc2938fe39d9695598":null,"0bc8e29b38acd5a9904d3c6cefe02757":null,"138bd0778e1e1e7c8862c523c4684629":null,"14eeb8a6e3976bbdab94b795e3bd2d30":null,"14f2d440e50fda81f74613a51c67e228":null,"173010fd854aca5d269e71584216a2aa":null,"17e81dd0b55ffd998d4b0ebf34da2d35":null,"181249653d1d303dce6379618ea56b28":null,"1b1e5b0b0e5b66049e41d9c7fea0e1e9":null,"2ea27cc7ae48ba784f233b3521b65911":null,"2ff3e8ba1ea27c5419f4d4adee138ad4":null,"355935bab33abf69b0d14d30529bbdd2":null,"3644ae79031803e65783fe27ff7715bd":null,"39fbe56420f485dbfca136570ee9e4f8":null,"4aa0c53aa075bfef445eaec78d1e6428":null,"521668d339bbdecf1c6c637212694cab":null,"52ccaee145ed02dc1abaf4e309dd0757":null,"5459dd5d2b122e3c495e6175e6d64805":null,"54c20dcb545b5f05b52e7df2309aac18":null,"5a60818a49212d2f483e344b460c750e":null,"5bb9ea1af1a7510c477be74f20146d0a":null,"5c4030fee042a5859b6d7b16b8f81663":null,"5db91cba91c0d94c212d8b9db6e7278b":null,"600f424b5359e933b5932f4b62f5babd":null,"604798b9413fd534a9ec4b429e75f70d":null,"626387c13e3a70631b8ef1eb5c21bf48":null,"650bb022b16d6c466c4328384b61570b":null,"6547a7b8f4837b689cf0c411f631c6ed":null,"68e87a97fd8776dd7809283f4375bb5f":null,"6cd8903c8fef936a558182fc4ff8c0fa":null,"6d7d2b926d9c0d25912be419c9488e61":null,"70fff830e7b7bb4462d64cc35c540a11":null,"7155e2a79a9867ab2e4082954dc5975b":null,"7849d935e0346e47466c0d38a45a2197":null,"7a31d94d1c407a8ab7237d4086a46a99":null,"7bf477ade6a4b28698f5e77d423f680f":null,"7e633bdb1ccc397339c70b0a1237d15e":null,"7fc2e3ffb594e293411b4a9f8f2ce60b":null,"886e136f5f69832edc277514241439d9":null,"8ca89edaac07fda7170d0e4075f7423a":null,"91e19a453c4c09c8db8150f469c3045f":null,"958c891c4528d363e8a418d5fa082291":null,"9d774f82e88f48c51198248a19256d0b":null,"9f0414ca13e805e30df8dae59201a189":null,"9f2504f22b68d3fa00cc15a03835db6c":null,"a62dba023ab3a8a4b06330127f4ddf4f":null,"adac28e683f0deed9dccd59262aff1f1":null,"af6f6e2a8c931fc6975a8f3fc315b439":null,"b37c359401ed60dd1e5feba9cfe72d5a":null,"b7d1be488388b00b4266b12d2c1b321f":null,"bced59d847d934d14ecd97e92062f829":null,"be9e09c34885e7a49603e5154906c1ce":null,"c17b6556bafe70b101a03ec5de2f074e":null,"c3e61b3e73d73fe1a54df318ab579384":null,"c8f1f8e9dcc45b28f41bfbcba85b5eae":null,"caf8ba3ab78f486bf8a743a4c72939d2":null,"d3c05be5dd054c6b3fc4f1d0174299ee":null,"dd40b4c0726035d37b83cc30dfd91eab":null,"e1fa988af0cf3ca87ef5bed8fcfbb2d2":null,"e46afad6512cb7eb57fb53e71d4dfafc":null,"e7cb8a9003a9d218624a84295e1d47a6":null,"eaabf9afd1222ad2aae9d3b89544f6be":null,"ec8bd4cc4a4f6aeb4e2359fa1600418e":null,"ed04884535e44aaa4fdf9ee122efaaa9":null,"eefbe8c25b4177c475ec387d3fec20e3":null,"ef246baa845485746beae478e63623d4":null,"f46b7c2fa523b2cb8f672a061daa6e5f":null,"f624a8f65b6ca71e37667d0cce0307a0":null,"f8a8722cbd3f5ec25f3a48d0bbf90104":null,"fadf62751b69d7c3021e2b1b4f321408":null,"fae232097f8c39bf6217d86e82b2d8f8":null,"ff190eadea555d71df8610cdfefc17d5":null}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"[*.]www.voetbalkrant.com,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","name":"Eerste gebruiker","password_manager_groups_for_domains":[2],"per_host_zoom_levels":{}},"protection":{"macs":{"extensions":null}},"proxy":{"bypass_list":"","mode":"system","server":""},"savefile":{"default_directory":"C:\\Users\\User\\Downloads","type":1},"selectfile":{"last_directory":"C:\\Users\\User\\Pictures\\Burnley novelle"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13056035979730115"},"sync_promo":{"startup_count":10},"translate_accepted_count":{"ar":0,"de":0,"en":0,"fr":0,"nl":0,"pl":0,"ru":0,"und":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"ar":4,"de":5,"en":40,"fr":8,"nl":1,"pl":1,"ru":2,"und":2},"translate_last_denied_time":1416671358148.686,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}


==== Chromium Fix ======================

C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_lyrics-translations.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_lyrics-translations.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_inst.shoppingate.info_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_offers.boostsaves.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_offers.boostsaves.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_customers-research.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkmjdnckhfkjkldogocpnmljokfnbln deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flkmjdnckhfkjkldogocpnmljokfnbln_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flkmjdnckhfkjkldogocpnmljokfnbln_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkelgkihphkegiaagbcgglfidabmgkgp deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkelgkihphkegiaagbcgglfidabmgkgp_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hkelgkihphkegiaagbcgglfidabmgkgp_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\infbohjcpbljfmnimjodijobdhjfijnp deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_infbohjcpbljfmnimjodijobdhjfijnp_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_infbohjcpbljfmnimjodijobdhjfijnp_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbibcidggjhpkknneonplpkegnkfdnb deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhbibcidggjhpkknneonplpkegnkfdnb_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhbibcidggjhpkknneonplpkegnkfdnb_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhbibcidggjhpkknneonplpkegnkfdnb deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmmbnddkcpkgfkedpkjfcpjdbiggcknf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmmbnddkcpkgfkedpkjfcpjdbiggcknf_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmmbnddkcpkgfkedpkjfcpjdbiggcknf_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\koimehekgcjlngpbmkokoghaoakhahkp deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcmaebhdlpahgmjbapiialfihpcfehhi deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcmaebhdlpahgmjbapiialfihpcfehhi_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcmaebhdlpahgmjbapiialfihpcfehhi_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkgjlgfgcbmbdphpekbienchiehfmmhf_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkgjlgfgcbmbdphpekbienchiehfmmhf_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknbgkdnajddkmeikmfeigkdgbdcplbc deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mknbgkdnajddkmeikmfeigkdgbdcplbc_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mknbgkdnajddkmeikmfeigkdgbdcplbc_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmdhcggjebefhdlpdjggelhnelnjefip_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmdhcggjebefhdlpdjggelhnelnjefip_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\necmopaanbhgcmibpgmfcdgcibbkjhjk deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_necmopaanbhgcmibpgmfcdgcibbkjhjk_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_necmopaanbhgcmibpgmfcdgcibbkjhjk_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngdfgobmplemggkpnlbnmamgbagnkok deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nngdfgobmplemggkpnlbnmamgbagnkok_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nngdfgobmplemggkpnlbnmamgbagnkok_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngdfgobmplemggkpnlbnmamgbagnkok deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heildphpnddilhkemkielfhnkaagiabh deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_heildphpnddilhkemkielfhnkaagiabh_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_heildphpnddilhkemkielfhnkaagiabh_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_heildphpnddilhkemkielfhnkaagiabh_0 deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heildphpnddilhkemkielfhnkaagiabh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848176831699050&GUID=EB33BC34-4679-4131-B97D-AF0D898FC9CD"
"Search Page"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197"
"Default_Search_URL"="http://www.istartsurf.com/web/?type=dspp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
"Search Bar"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
"SearchAssistant"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1437679478&z=c121abbd45d2bc2c965b29bg2z4c6m8q7m8tbzag0w&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1437679478&z=c121abbd45d2bc2c965b29bg2z4c6m8q7m8tbzag0w&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1437679478&z=c121abbd45d2bc2c965b29bg2z4c6m8q7m8tbzag0w&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1437679478&z=c121abbd45d2bc2c965b29bg2z4c6m8q7m8tbzag0w&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.istartsurf.com/web/?type=dspp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
"CustomizeSearch"="http://www.istartsurf.com/web/?type=dspp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.istartsurf.com/web/?type=dspp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
"CustomizeSearch"="http://www.istartsurf.com/web/?type=dspp&ts=1437679523&z=d653d4eb08cfc56d1713b8bg8zbcfmcq7mdt3z3wet&from=obw&uid=CrucialXCT120M500SSD1_14030964419709644197&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130848176831699050&GUID=EB33BC34-4679-4131-B97D-AF0D898FC9CD"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"
{ielnksrch} Search the web Url="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJvkMKt1UGZNXQE3eQ9gwALxaJl4qF8TCDztTOGSyPjsIY7aV_X2sgsTb0a9wrJNigAzvRuA7o3AWhiQMed5c5wKrVBxzjODzXjKMvpaLQAvDmcsgj5TrXak_I1zNKjVzmYWNPh0e2AYWbGkeTPzbKoExj_L&q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} deleted successfully
HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\User\Desktop\Corel PaintShop Pro X7.lnk - C:\Program Files (x86)\Corel PaintShop Pro X7\Corel PaintShop Pro X7.exe 
C:\Users\User\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Photoshop CS6 Extended.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6 Extended\PhotoshopCS6.exe 
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Fraps.lnk - C:\Fraps\fraps.exe 
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Norton Identity Safe.LNK - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coSAStub.exe /install /force
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\Users\Public\Desktop\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe 
C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk - C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer\launcher.exe 
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BE&userid=53692121-d765-713f-7eae-2034d12cfd3d&searchtype=sc&installDate=28/07/2015&barcodeid=50045888&channelid=888

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Photoshop CS6 Extended\Adobe Photoshop CS6 Extended.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS6 Extended\PhotoshopCS6.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer\Play Euro Truck Simulator 2 Multiplayer.lnk - C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer\launcher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.11.149\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.LNK - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coSAStub.exe /install /force
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype voor bureaublad.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BE&userid=53692121-d765-713f-7eae-2034d12cfd3d&searchtype=sc&installDate=28/07/2015&barcodeid=50045888&channelid=888
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (3).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (4).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (5).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (6).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (7).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (8).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (9).lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=BE&userid=53692121-d765-713f-7eae-2034d12cfd3d&searchtype=sc&installDate=28/07/2015&barcodeid=50045888&channelid=888
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera (2).lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint (2).lnk - C:\Windows\system32\mspaint.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe 

==== shortcuts After Repair ======================

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\46f3a504-3e17-4257-abd0-ec16ffd2cf4f deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d007b94a-95a1-45b1-b45e-a9d8f6ea2ec3 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f081f9a9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\D6C120IC will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\gfnpttr2.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\User\AppData\Local\Crossbrowse\Crossbrowse\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Slimjet\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1965 folders=292 145127470 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\User\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Program Files (x86)\Alpha Shopper"  not found
"C:\Program Files (x86)\help4u"  not found
"C:\PROGRA~2\Alpha Shopper"  not found
"C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\D6C120IC" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ma 24/08/2015 at 16:35:13,22 ======================