Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Beast on zo 27/03/2016 at 14:51:28,76. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Beast\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-02-23-065934.log 50074 bytes ==== Empty Folders Check ====================== C:\Program Files\HitmanPro deleted successfully C:\Program Files\paint.net deleted successfully C:\PROGRA~3\Spybot - Search & Destroy deleted successfully C:\Users\Beast\AppData\Roaming\Hotline Miami deleted successfully C:\Users\Beast\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Beast\AppData\Roaming\ZoomBrowser EX deleted successfully C:\Users\Beast\AppData\Local\CrashDumps deleted successfully C:\Users\Beast\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Beast\AppData\Local\EmieSiteList deleted successfully C:\Users\Beast\AppData\Local\EmieUserList deleted successfully C:\Users\Beast\AppData\Local\Ori and the Blind Forest deleted successfully C:\Users\Beast\AppData\Local\Secunia PSI deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3473739808-715647190-2127078386-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_USERS\S-1-5-21-3473739808-715647190-2127078386-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] ==== Deleting Files \ Folders ====================== C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\Users\Beast\AppData\Roaming\All CPU MeterV3_Settings.ini deleted C:\Users\Beast\AppData\Roaming\GPU MeterV2_Settings.ini deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Package Cache deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted "C:\Users\Beast\AppData\Local\{12D5DD10-B617-463A-88A3-35515FBA2EA4}" deleted "C:\Users\Beast\AppData\Local\{DB7DF400-0541-4EDE-A0EB-715C3744FCFC}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-03-25 17:17:54 678F678B3764D82AE09C7DD41A6FAE7E 731791928 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\Beast\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-03-20 14:23:56 DF1A930E16931877E55884508A3CFCA0 267912 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT ====== C:\Windows\Sysnative\drivers ===== 2016-03-23 15:59:13 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\Windows\Sysnative\drivers\aswKbd.sys 2016-03-10 18:45:04 668E7BC286D8436FBCF08BF999FEF840 12564024 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2016-03-09 18:53:59 CC1B3B52F33CBC1CE60867DA4E23537C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-03-09 18:53:59 8D383CED28332B5F3894658857472F47 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-03-09 18:53:59 8856E45D23BFF4D977BF06D0543BCD96 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-03-09 18:53:59 211A379BAAB812A7B437319BD85B2435 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-03-09 18:53:59 07F8F6B0CAEC7ADD30EBD94940A315D7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-03-09 18:53:52 D029DD09E22EB24318A8FC3D8138BA43 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS 2016-03-09 18:53:52 47B2D0B31BDC3EBE6090228E2BA3764D 1684416 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== 2016-03-23 15:59:19 52A7DBE084F1261C22AD94A235A9C96A 3048 ----a-w- C:\Windows\Sysnative\Tasks\SafeZone scheduled Autoupdate 1458748759 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2016-03-10 18:53:58 -------- d-----w- C:\PROGRA~2\VulkanRT ======= C: ===== ====== C:\Users\Beast\AppData\Roaming ====== 2016-03-22 19:51:48 -------- d-----w- C:\Users\Beast\AppData\Local\ElevatedDiagnostics 2016-03-21 18:45:17 AA6F850ABCCEF75969928DDF3FF1FA4E 58016 ----a-w- C:\Users\Beast\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-20 14:23:31 47B6A49D232394E19631BD394461B555 546256 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat ====== C:\Users\Beast ====== 2016-03-21 18:25:31 -------- d-----w- C:\ProgramData\Foxit ContentPlatform 2016-03-21 18:25:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-03-10 18:53:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0 ====== C: exe-files == 2016-03-27 11:38:46 505033E9D35E29E3CEBE5379B9BDC08D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3473739808-715647190-2127078386-1000\$IJ59VYS.exe 2016-03-27 09:21:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Beast.exe 2016-03-27 09:20:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3473739808-715647190-2127078386-1000\$RJ59VYS.exe 2016-03-26 12:06:40 8714C18E6D9CC93F951605FE78541A54 3226712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.108\49.0.2623.108_49.0.2623.87_chrome_updater.exe 2016-03-25 18:38:46 B3F4649B7AFCC3BD6B94B29BE3378F22 7526896 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\Packages\000088ac\DAO.20578074.exe 2016-03-25 12:38:04 4EE84045B9D44C8C13D56B9D11C2058B 630200 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-03-25 12:38:00 1F2D95F61F7D8A234DA1C458839404CB 172984 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-03-21 18:25:28 E8F8E4E48C121D7F6119DF469A934BB2 93376 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 2016-03-21 18:25:24 225D4A394781A78C3178B17D762EBF03 4511424 ----a-w- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator\FXC_ProxyProcess.exe === C: other files == 2016-03-24 20:39:41 97B5CAF579EA3FDB654AF9E02F43E3FD 311891 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.icechannel.extn.xunitytalk-0.4.91.zip 2016-03-23 15:59:13 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2016-03-22 19:58:47 943FBA0687FD8C7D989A4637D6C0EEC6 310911 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.icechannel.extn.xunitytalk-0.4.90.zip 2016-03-22 19:58:47 7227F5B01049FCE06BD3410C5897F563 73906 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\metadata.tvdb.com-1.8.4.zip 2016-03-22 19:58:47 72142943E3C8AC5FE2B6BCF63EA70CA1 9527 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\metadata.common.imdb.com-2.8.5.zip ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3473739808-715647190-2127078386-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon" "hkey"="HKCU" "command"="\"C:\\Windows\\SysWOW64\\Rundll32.exe\" \"C:\\Users\\Beast\\AppData\\Roaming\\ValueApps\\CH\\TBVerifier.dll\",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OscarEditor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OscarEditor" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\MOUSE Editor\\MouseEditor.exe\" Minimum" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\PlayMemories Home\\PMBVolumeWatcher.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23/03/2016 23:07] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/03/2015 20:59] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/03/2015 20:59] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Beast)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1458748759" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07/02/2016 12:42] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [07/02/2016 12:42] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/02/2016 12:27] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions dhdgffkkebhmkfjojejmpbldmpobfkfo - No path found[] Google Slides - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Magic Actions for YouTube - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif UsernameEmail - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkccfnochoebimhhniekgcegeeiepmi Awesome Screenshot: Screen capture Annotate - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce Google Docs - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Web of Trust - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp YouTube - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Night Reading Mode - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\chcciiimjmlgcoabgfdhkfjdcgfpgndi Google Search - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Tampermonkey - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Right-Click Search Wikipedia - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje SimpleUndoClose - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhohdghchmjepmigjojkehidlielknj Google Sheets - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap HTTPS Everywhere - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp Shield For Chrome - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceighgadbamgchioaofojlblndjcggh Web Timer - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnjbdfgigejghknieofeahaknkjafim Google Docs Offline - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi ClickClean - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod Avast Online Security - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Hover Free - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj IE Tab - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd Social Fixer for Facebook - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb AutoPagerize - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp Disconnect - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo View Thru - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd Video Downloader - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp Currency Converter - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg Google Dictionary (by Google) - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja GetThemAll Video Downloader - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm Save to Pocket - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Chrome Web Store Payments - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Personal Blocklist (by Google) - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef ClickClean App - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp Virtual Keyboard - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn Gmail - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mmotraffic.com_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mmotraffic.com_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_xoncisfktn-a.akamaihd.net_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserv.info_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserv.info_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbkekaeindpfpcoldfckljplboolgkfm_0.localstorage deleted successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbkekaeindpfpcoldfckljplboolgkfm_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Reset Google Chrome ====================== C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\61fddc63-1f8d-46ab-a793-de430307e890 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Beast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Beast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=397 folders=107 99488166 bytes) ==== Empty Temp Folders ====================== C:\Users\Beast\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Beast\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 27/03/2016 at 15:13:34,33 ======================