
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Pangea on vr 28-08-2015 at 12:40:39,16.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pangea\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-08-27-104209.log	66160 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection] 

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

Antivirus] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection] 

==== Deleting Files \ Folders ======================

C:\\Program Files (x86)\\Ad-Aware Antivirus not found
C:\\ProgramData\\Ad-Aware Browsing Protection not found

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default
user_pref("browser.startup.homepage", "http://www.nu.nl/");
user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default
user_pref("network.proxy.backup.ftp", "");
user_pref("network.proxy.backup.ftp_port", 0);
user_pref("network.proxy.backup.gopher", "");
user_pref("network.proxy.backup.gopher_port", 0);
user_pref("network.proxy.backup.socks", "");
user_pref("network.proxy.backup.socks_port", 0);
user_pref("network.proxy.backup.ssl", "");
user_pref("network.proxy.backup.ssl_port", 0);
user_pref("network.proxy.ftp", "110.64.96.7:8080");
user_pref("network.proxy.gopher", "110.64.96.7:8080");
user_pref("network.proxy.http", "110.64.96.7:8080");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "110.64.96.7:8080");
user_pref("network.proxy.ssl", "110.64.96.7:8080");
user_pref("network.proxy.type", 1);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFPlgn" [28-08-2015 12:07]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- DuckDuckGo Plus - %ProfilePath%\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475
D7324EB1EDCB8990F8522DE0311359E9	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.250.17
0C0C5C207121C7A78414A8250E8E099A	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -	Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System

Profilepath: C:\Users\Pangea\AppData\Roaming\Mozilla\Firefox\Profiles\ysbs19d7.default
D7324EB1EDCB8990F8522DE0311359E9	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.250.17
0C0C5C207121C7A78414A8250E8E099A	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -	Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.2.15\Exts\Chrome.crx[10-07-2015 06:03]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Web Store Payments - Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Pangea\AppData\Local\Google\Chrome\User Data\Default\Preferences
.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13082116281133491","lastpingday":"13083318004478300","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"nl","default_locale":"en","description":"Betalingen via Chrome Web Store","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Betalingen via Chrome Web Store","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.2.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.2.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13057453294017406","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.101\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"8589163E930EE2B0A4CA2D7AB390F1F0E8506BBD9E4A2ED2BEB5C9B84B62F6AD"},"default_search_provider":{"keyword":"77294C4EF304AA32D808572F889F18412C6688265C8F637A49F724409434CA06","name":"240522C3F7C06325D698BE5B9020247918B672A10BC5E50255E7D795621E4FFC","search_url":"E86B03C1F103F19653288C58F07F2C1DA347B90F277499779E97A645BFE7F610"},"default_search_provider_data":{"template_url_data":"8F9613DC34F7FD296FB2A003EF4E4FD30E708B29944BDA5563FBB1E447A97E00"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"9C215984CD5F6D1D1F7F86CEE1F9B31A137DE40CB64759D27DC036F13DCA8032","bepbmhgboaologfdajaanbcjmnhjmhfn":"6AA8DF85F5217800641B14A33774E12EE05744996C4DFC64CCFE0038FAFE7A55","cjabmdjcfcfdmffimndhafhblfmpjdpe":"C3D9843CFFEEC2EB6812551B8F04674D36E949EDB332A9ABAC288D99FAB29B6C","eemcgdkfndhakfknompkggombfjjjeno":"DEEC6838781BFF2C91FF78B05FFE884F7D66C00CAEA423E04A919BCB3AA7B344","ennkphjdgehloodpbhlhldgbnhmacadg":"F60D363FCCE70BD8DF92086F7ACCF972676FB8F2700928A430E1BC2058B3469D","gfdkimpbcpahaombhbimeihdjnejgicl":"AC1D51CC25FA3BAC3E9B2702F19613A882DF1CB02EE70EF738A875CFB75AC1DA","iikflkcanblccfahdhdonehdalibjnif":"DC729502242CAF5EA70EAAA32F87199AE7146E3DF49BCB61CCC64DBE69AC1712","kmendfapggjehodndflmmgagdbamhnfd":"A41F3B868F7DB4A871B933526D554710D99FC9AFBC04F8F096D1515C43FADE38","mfehgcgbbipciphmccgaenjidiccnmng":"1609219688FC2D57C9F382EB95D180DC3195C759D346F48E924E96E96C1C3365","mgndgikekgjfcpckkfioiadnlibdjbkf":"2703C296051957B1E8C85419AE04D567512EB69264D52F46F9A9A1D7E5385045","mhjfbmdgcfjbbpaeojofohoefgiehjai":"30A84DDE3C9167FCA8E2C6156A305F298F10262228660F28FC277072784BD73E","neajdppkdcdipfabeoofebfddakdcjhd":"253A1AFAC1C875DF90010073A0D539FFA66693756EAA8FEC6CFC614A29607455","nkeimhogjdpnpccoofpliimaahmaaome":"CB2439EA279F9A9F389D78944CFE40069ED4D221159A20281E90A1E4175CC7D1","nmmhkkegccagdldgiimedpiccmgmieda":"4E9664062C18CB0BE0A2070B4E753FBEB2B6C08F68DCF42B64FC221874615C3E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"077C7FD20E583250A72D685C74A428E158BFBA58E54397F0B0ECC1725A2EB0B4"}},"google":{"services":{"account_id":"14D942D3E6EAB469CC756A7A41F82AD183AE3612C7234B92DB6589033D7C2CEB","last_username":"488A7BBC72857B0EE6A36B5E7C23565BFB3DB51D55B3B8EAA276B41C017620A5","username":"6253C6C421219A2A951B4C6F7E4799802335CB4396045469D5DFC20BC67D9ABB"}},"homepage":"18DF7B75CE0D2E1430467359CF117C529A8801A5386B87360C33167F772BC4E1","homepage_is_newtabpage":"FF51626096506361A049EF41838F8D6EFBF8611B1AA1BE6D67C5C3CABA1C7525","pinned_tabs":"5FBB02021EB105E7379AAFF177F9AE7A281FAF31E328D846858FC1EADF7A36D9","prefs":{"preference_reset_time":"F0715FE3ADC33AD33C3B6DC9FD9690F0F149D0F39973304491919261215B202E"},"profile":{"reset_prompt_memento":"8F764965F94BA9E06237CD8A6FD047B587C11E155B0033AB4E18E428B02D1DA4"},"safebrowsing":{"incidents_sent":"FDAA9A6EE85F28C0DC932F1FCCBA4E2FAB1909CAAAE4F1D976A75E81F9168779"},"search_provider_overrides":"F431B8BB188F459B0A463AD5D7DDDC3BD290CA92507E9443488268F026EE3D6A","session":{"restore_on_startup":"C87A4432FB6CAD0F618805A3FB5C3C052D69D30724D8A868BDDFAE1576848CFF","startup_urls":"995F291BA63E9994465714EC08DE500EDC7164447B719CC49A4BBEDCF8A6FA6E"},"software_reporter":{"prompt_reason":"1FF6F08ADFC3B1DB6E7C71D4989E0F6C1A58A9A1447A0F0CB91BF7189014AC6F","prompt_seed":"CEA77EB396E6F39C3EFA492866418DE4CBD9539D4BA8A03420DC67293B798279","prompt_version":"DD912403C0D8AA1FF3D71AD94AAE8B37684B9AEFE604355C685EFD8360B6DF09"},"sync":{"remaining_rollback_tries":"FD5BE32918A1B84CBB79AC415C2D9692C87BEB506F9FD71360A4747CAAFE1E58"}},"super_mac":"BE8C789FA36613A415E593F7C83FE093FD51597C9E7FB064112751228F0381FD"}}


==== Chromium Fix ======================

C:\Users\Pangea\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer.msn.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer.msn.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pangea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pangea\AppData\Local\Mozilla\Firefox\Profiles\0yxdn3fa.default-1429287783475\cache2 emptied successfully
C:\Users\Pangea\AppData\Local\Mozilla\Firefox\Profiles\ysbs19d7.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pangea\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=295 folders=53 222322178 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pangea\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pangea\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 28-08-2015 at 13:05:33,00 ======================