Zoek.exe v5.0.0.1 Updated 27-December-2015 Tool run by Stefan Kruithof on ma 28-12-2015 at 18:51:46,31. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Stefan Kruithof\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28-12-2015 18:54:48 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Pando Networks deleted successfully C:\Users\Stefan Kruithof\AppData\Roaming\WinRAR deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\SearchScopes\{153D2CC8-6B3B-4E36-AB57-B03DE2BACF4B} deleted successfully HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7524A748-BA23-4D47-96B7-04FAB069F7E9} deleted successfully HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F60E79D0-82E7-469C-A773-36D759831BDC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Blackberry Device Manager deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Blackberry Device Manager deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default user.js not found ---- Lines yahoo removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Yahoo"); user_pref("browser.search.selectedEngine", "Yahoo"); user_pref("browser.startup.homepage", "https://nl.search.yahoo.com/?type=994519&fr=spigot-yhp-ff|http://www.google.com/ig"); user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org afx.ms ajax.googleapis.com bootstrapcdn.com firstdata.com firstdata.lv flashgot.n user_pref("google.toolbar.sharing.usage.YahooMail", 1); user_pref("keyword.URL", "https://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="); user_pref("startpage.ntsearch_url", "https://nl.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=994519&p={searchTerms}"); ---- FireFox user.js and prefs.js backups ---- prefs_28-12-2015_1918_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Browser Extensions"=- ==== Deleting Files \ Folders ====================== C:\Program Files\Pando Networks not found C:\Program Files\LOLReplay deleted C:\Users\Stefan Kruithof\AppData\Roaming\BrowserExtensions deleted C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} deleted C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{515d1883-7376-4db3-b710-8d76a27231b1} deleted C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{6f67e2de-f1ce-4051-82be-fcecb764cffe} deleted C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{cb8c9aee-41b5-4360-bb54-aa6cacdf0869} deleted C:\Users\Stefan Kruithof\AppData\Roaming\Rim.Desktop.Exception.log deleted C:\Users\Stefan Kruithof\AppData\Roaming\Rim.Desktop.HttpServerSetup.log deleted C:\Users\Stefan Kruithof\AppData\Roaming\Rim.DesktopHelper.Exception.log deleted C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted C:\PROGRA~2\{755AC846-7372-4AC8-8550-C52491DAA8BD} deleted C:\PROGRA~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} deleted C:\PROGRA~2\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} deleted C:\PROGRA~2\Package Cache deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\jetpack deleted "C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\searchplugins\yahoo_ff.xml" deleted "C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\searchplugins\yahoo_ff.xml" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\STEFAN~1\AppData\Local\Temp ==== 2015-12-24 14:56:39 2504A1F4DA3B06B47CF2F81AFB365B79 585824 ----a-w- C:\Users\Stefan Kruithof\AppData\Local\Temp\jre-8u66-windows-au.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2015-12-09 09:10:39 4DD5EF4DBBFAA5EE1880EA996C015D79 113664 ----a-w- C:\Windows\System32\drivers\rmcast.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-12-24 14:59:52 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Users\Stefan Kruithof\AppData\Roaming ====== 2015-12-20 17:47:14 -------- d-----w- C:\Users\Stefan Kruithof\AppData\Local\MalwareProtectionLive ====== C:\Users\Stefan Kruithof ====== 2015-12-27 13:54:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Stefan Kruithof\Downloads\RSIT (1).exe 2015-12-24 15:13:41 76F7569DB01B4D65431B0E6BBBDD261D 1743360 ----a-w- C:\Users\Stefan Kruithof\Downloads\adwcleaner_5.026.exe 2015-12-24 15:04:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Stefan Kruithof\Downloads\RSIT.exe 2015-12-20 18:08:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ====== C: exe-files == 2015-12-27 13:54:39 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Stefan Kruithof\Downloads\RSIT (1).exe 2015-12-24 15:13:41 76F7569DB01B4D65431B0E6BBBDD261D 1743360 ----a-w- C:\Users\Stefan Kruithof\Downloads\adwcleaner_5.026.exe 2015-12-24 15:04:28 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Stefan Kruithof\Downloads\RSIT.exe 2015-12-24 14:58:35 0A3936FE18FC04350159A1E647201501 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe 2015-12-24 14:58:35 092F4D3C25F3086D4C7FDEC79DD71302 159328 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\unpack200.exe 2015-12-24 14:58:34 ADAF1151B29D2D1691FA027B6C55B3D7 50784 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe 2015-12-24 14:58:33 D8EEED21B06866E85DA30485F5059FF6 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe 2015-12-24 14:58:33 73368169BFD965EC6257E77C23CED879 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe 2015-12-24 14:58:33 46AB480B01CD30801B3AE89B5AAE75A8 16480 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\orbd.exe 2015-12-24 14:58:33 3B306D41F07396975ECE34A860BD9036 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\pack200.exe 2015-12-24 14:58:33 17A8DD2484DC26E38DFE3209C8B36980 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe 2015-12-24 14:58:33 0B82777B13B81417E5520DF7B1E8C319 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\rmid.exe 2015-12-24 14:58:29 CA51FB3FE5012E21D9A14AC071527866 76896 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe 2015-12-24 14:58:29 7BE9BE6E15653824A28F5CED6B273588 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\klist.exe 2015-12-24 14:58:29 525027DF51378DDA25F0F52C20BCB132 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\kinit.exe 2015-12-24 14:58:29 36A44033C6B970F95E2A1448F4481CEA 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe 2015-12-24 14:58:29 28FB06FC63D5817153B5502A49DF3F00 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe 2015-12-24 14:58:28 8977B87AB10AB1DA8769CA0053B401B0 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe 2015-12-24 14:58:27 FDF059C05249FAEA0221ED65CD59A9C8 68192 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe 2015-12-24 14:58:27 F003BBCB09CACF8A9F4CE0C67A2D6E63 278624 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe 2015-12-24 14:58:27 7BDD7F1BC2A20971DEE17B6920D61BBC 191584 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe 2015-12-24 14:58:26 EFC80BC662BCC20B0B09700636FDC732 30816 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\jabswitch.exe 2015-12-24 14:58:26 A9E84AD3536425BC68263B723C2442E4 191072 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\java.exe 2015-12-24 14:58:26 04D67FF5044A605F1E7D923A1D6F1751 15968 ----a-w- C:\Program Files\Java\jre1.8.0_66\bin\java-rmi.exe 2015-12-24 14:56:39 2504A1F4DA3B06B47CF2F81AFB365B79 585824 ----a-w- C:\Users\Stefan Kruithof\AppData\Local\Temp\jre-8u66-windows-au.exe === C: other files == 2015-12-24 14:58:36 4DB4B1F67E583B41F841F48254BE38E3 14130 ----a-w- C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2486925755-1224064199-1594891254-1000\Software\Microsoft\Windows\CurrentVersion\Run] "F.lux"="C:\Users\Stefan Kruithof\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\Users\Stefan Kruithof\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe /r" "UpdReg"="C:\Windows\UpdReg.EXE" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "WDAppManager"="C:\Program Files\Western Digital\WD App Manager\AppManagerLauncher.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe /d=60" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "F.lux"="C:\Users\Stefan Kruithof\AppData\Local\FluxSoftware\Flux\flux.exe /noshow" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" "Google Update"="C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google Photos Backup"="C:\Users\Stefan Kruithof\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk] "item"="Audible Download Manager" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Audible Download Manager.lnk" "backup"="C:\\Windows\\pss\\Audible Download Manager.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files\\Audible\\Bin\\AudibleDownloadHelper.exe" ==== Startup Folders ====================== 2015-02-19 18:34:39 1777 ----a-w- C:\Users\Stefan Kruithof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP PSC 950.lnk 2011-08-05 11:11:40 1838 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09-12-2015 19:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2015 11:00] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [24-08-2015 11:00] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2486925755-1224064199-1594891254-1000Core.job --a------ C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe [07-09-2015 08:12] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2486925755-1224064199-1594891254-1000UA.job --a------ C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe [07-09-2015 08:12] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Ad-Aware Update (Weekly)" [C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2486925755-1224064199-1594891254-1000Core" [C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2486925755-1224064199-1594891254-1000UA" [C:\Users\Stefan Kruithof\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 2540 series" ["C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [24-06-2009 12:17] ==== Firefox Extensions ====================== ProfilePath: C:\Users\STEFAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default - Undetermined - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{515d1883-7376-4db3-b710-8d76a27231b1} - Undetermined - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{6f67e2de-f1ce-4051-82be-fcecb764cffe} - Undetermined - C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default\extensions\{cb8c9aee-41b5-4360-bb54-aa6cacdf0869} - Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - Deutsches Wrterbuch - %ProfilePath%\extensions\de-DE@dictionaries.addons.mozilla.org - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - 4chan - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Stefan Kruithof\AppData\Roaming\Mozilla\Firefox\Profiles\x6mfw68k.default F2C93DEFE309CAFC9834E2645FBC8452 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.7 7287F8A69896C6D2FE215DC1EBF31ACC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.7 0F30E5C65735B6B4867AD115C61E8D23 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.7 6168D4E6771CF23DAE1D90DEC7715B62 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.7 2C84D0C6CD2677FECFA87062E5B0E3FC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.7 49DA696E73BC2CB49C0E374C7885F7AD - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat 3D1497F3F1A344FFB733CE616BB9096D - C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll - Google Update AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery C45A130CA14334073C0FF795897A1D22 - C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.1.0.30401.0.dll - Silverlight Plug-In C45A130CA14334073C0FF795897A1D22 - C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll - Silverlight Plug-In D6015DB8EA402753421FF62CA3909B62 - C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U66 776C6B8D53C56500BC355D513F11A105 - C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.660.18 84FE63868C1AE2005EB0431A6939C8A0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player 79039398587F475ADA606D1A3B740A63 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 5DF56521E8985BFD8F21A3D97A4D4574 - C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll - Shockwave Flash 3D1497F3F1A344FFB733CE616BB9096D - C:\Users\Stefan Kruithof\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll - Google Update B24F014C6DDA5A39CE7FCB2A8B862C5A - C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17-01-2012 10:45] Google Slides - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek CookiesOK - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\afmkbjoakcacgljcdccofbffloabfbni Google Docs - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Search by Image by Google - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm Google Sheets - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Reddit Enhancement Suite - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb Skype - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://nl.search.yahoo.com/?type=994519&fr=spigot-yhp-ie" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{153D2CC8-6B3B-4E36-AB57-B03DE2BACF4B}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{153D2CC8-6B3B-4E36-AB57-B03DE2BACF4B}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stefan Kruithof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Stefan Kruithof\AppData\Local\Mozilla\Firefox\Profiles\x6mfw68k.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=80 folders=34 16480149 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Stefan Kruithof\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\STEFAN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Stefan Kruithof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted "C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted "C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted "C:\Users\Stefan Kruithof\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted ==== EOF on ma 28-12-2015 at 19:33:08,41 ======================