Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
IStartSurf taking over all browsers
Message
<blockquote data-quote="LiamA" data-source="post: 260028" data-attributes="member: 27752"><p>Thank you for you help, the results are as follows.</p><p></p><p>Zoek.exe v5.0.0.0 Updated 10-September-2014</p><p>Tool run by User on 11/09/2014 at 16:48:41.99.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== Older Logs ======================</p><p></p><p>C:\zoek-results2014-09-10-210111.log 55756 bytes</p><p>C:\zoek-results2014-09-11-154151.log 32060 bytes</p><p></p><p>==== System Restore Info ======================</p><p></p><p>11/09/2014 16:50:23 Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Reset Hosts File ======================</p><p></p><p># Copyright (c) 1993-2006 Microsoft Corp.</p><p>#</p><p># This is a sample HOSTS file used by Microsoft TCP/IP for Windows.</p><p>#</p><p># This file contains the mappings of IP addresses to host names. Each</p><p># entry should be kept on an individual line. The IP address should</p><p># be placed in the first column followed by the corresponding host name.</p><p># The IP address and the host name should be separated by at least one</p><p># space.</p><p>#</p><p># Additionally, comments (such as these) may be inserted on individual</p><p># lines or following the machine name denoted by a '#' symbol.</p><p>#</p><p># For example:</p><p>#</p><p># 102.54.94.97 rhino.acme.com # source server</p><p># 38.25.63.10 x.acme.com # x client host</p><p># localhost name resolution is handle within DNS itself.</p><p>127.0.0.1 localhost</p><p>::1 localhost</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:wrc@avast.com">wrc@avast.com</a>"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/08/2014 14:20]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 11:36]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256</p><p>4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash</p><p>C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director</p><p>4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>bopakagnckmlgajfccecajhnimjiiedh - No path found[]</p><p>gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/08/2014 14:20]</p><p></p><p>Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p></p><p>==== Chromium Startpages ======================</p><p></p><p>C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p>":{"known_disabled":"72EBCB8EA89F52FE3098441A0A425AB665FCA55467A3C2F5ADDB47D4780F1447","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"05836E187C3742918F4F63F4B8497690924C0E24B3D4AE456C1DF65D89E38924","apdfllckaahabafndbhieahigkjlhalf":"75A3B53824CBA377374284FE3731ED7DD792800B3A4395A15264FD5D90C6D695","bepbmhgboaologfdajaanbcjmnhjmhfn":"8523A790CB4E3352C4BD726C388BBA7B21702C26EF3CED72B5945B273D2D867F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"C501EF5F0CB6F9A1060CAA36F71955E908FD3916D683774F342549510553200A","bnbaolfhobbbokdcmfiplbokkokobjgc":"7545DA0CD3726C617CAA9E953FA55B123E45B543AA76DDFC1170571FE74CB269","booedmolknjekdopkepjjeckmjkdpfgl":"19CD6282B7B366FEE78A872CA2389A5030A55432E4DFB7A4E8CB343E580781AC","bopakagnckmlgajfccecajhnimjiiedh":"A0FE9D5F17DC1DB72A7A6312F0851FA6E6362964BD966D1F6CD567FC193033BA","coobgpohoikkiipiblmjeljniedjpjpf":"55DA7C03DE6D5D7EF6790280CA29FB742C556210B5B56C6AD3C2140D67F84B43","daghjgaeamaenkcfjbojfdiamlocmape":"2030F3FADBAE4BF13A0947A5E272B3B8BCFB562C3B023EC81EED55C20CCCCF96","dnhpdliibojhegemfjheidglijccjfmc":"70241FAF05F02C2138566C7F2D0AAFB909C2F56A99FCB362819ACDC18AF52F54","eemcgdkfndhakfknompkggombfjjjeno":"5DAA9EB1FA71A41914FE362632CBDB36E71585396375FDA467F8E939265B1A10","ennkphjdgehloodpbhlhldgbnhmacadg":"C654CABB8DA9B2610B5C3B6447CE5806158553A691361C5515D88A3B70B80CDA","ffhfoagmjcnkolneahbpagjcjjaeofbg":"D75BB6623B4DA1A74A0F632E9B90BFAA5908A91F703D5312C00C61962B6ED5FD","flpcjncodpafbgdpnkljologafpionhb":"D8054206795B9BD5E762A567A058B20F610F44D25BA06151446DCCCAEC300AFA","gfdkimpbcpahaombhbimeihdjnejgicl":"1E917CC343047F0A4C15124574AFFA431FBF8F18F9F8216E1A9386963172B9EB","gomekmidlodglbbmalcneegieacbdmki":"317E12021A7F6730FABE9024DA446FB0F16763176CC56736F3F7F6C16F2A5974","impaepofmnammebeenafgmllpnjaiime":"5295BCFE7320B7895EDBBE196BD272A37FEB0C172C3FD15E29A5ACE5DF1AFDC8","kmendfapggjehodndflmmgagdbamhnfd":"D616EAF7B9F8B9BEE3C938E01EC275753D923C5E8AAE7DDFD81343F1F6B1ECA5","laemenhgkighepiafkfjmmpbocmeffjl":"56ED6678B43D5DE40282888D809080B1AF14FA8280441AEE9108A067B8BEEA32","mfehgcgbbipciphmccgaenjidiccnmng":"8BE4AF82A05BD261EC9C2784ACC2E5C159CA5DDEB40A1F75D1A4639CCEB0126F","mfffpogegjflfpflabcdkioaeobkgjik":"335FC71B19E7A1F116A8C81A137B9B31A74B5F2AB0DA625C34D799281E6EE2DF","mgndgikekgjfcpckkfioiadnlibdjbkf":"2EE0327F9B7B8814D106F803D1892A90392BD936B3FB4E9A2019DD2242626BCE","neajdppkdcdipfabeoofebfddakdcjhd":"842D1672701F8B18F8DFA0F9D6AE0A45356D981A468FDD46C9437A81634DC380","nkeimhogjdpnpccoofpliimaahmaaome":"ADF3183CF7CB3908E6C47C1AD15D75224CD7717B059ADAB75BF0636238188D32","nmmhkkegccagdldgiimedpiccmgmieda":"CDCEA882F0C1476C2D59BA032F947AAC1EA25DE4D473568A17AC9642380D5349","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"DDBE9355152B33829713ACA959F6BE249AF6BD83C2090B477D13931F1305E47F","pjkljhegncpnkpknbcohdijeoejaedia":"44DE05019D4B0F7421FD54FA1CDEA34E4C3A7D5E10C5229555E25DFB5ACF54B9"}},"google":{"services":{"last_username":"4588FD3458002F1638522C13A156E0F02DB9593B8DD13F1E51EFD72558AF987A"}},"homepage":"9A06C7613BBBB0024826A2D38E7C1CCC30B118A596642F5ADF3E4E9C66CEBE1D","homepage_is_newtabpage":"ACCEC6D2C6D303FE508202E094D35D2EAE8A255BF4571BE3306DD70C88C523FC","pinned_tabs":"B83FC1405B4104CA8AD41A044D705B10CC942B37CE1C923E95E5CB706EB5CFC6","prefs":{"preference_reset_time":"669EF1716CE9573E7B425C1726A0DD863A9FE77F8EEA505FA52D63556694290D"},"profile":{"reset_prompt_memento":"7EEEE547D11A8DF66E793686AF52CA7B0CAD258AE36093C99F807CA200E079B1"},"safebrowsing":{"incident_report_sent":"E2ACA7D4F0D9A368799A6CBE1688485E10AA956BF7EFCA8216B452F29F381442"},"search_provider_overrides":"AAFDEC98AB4FDB4CE1EB0F12C67792F7625F812F36A2D09780C9BB4F6A4651E7","session":{"restore_on_startup":"34CCCE703C9AC722F79A3EEC05B451B7863E89F677C94B6848CE2291EFBE7060","startup_urls":"DA5363B5ADE817F041F71D96AD57ACA03D45542F265934FAA05C0A4964567AF0"},"sync":{"remaining_rollback_tries":"B8548E18CCE5C0B522DBE2E4352DEE7A749BC2EC6ACB0E191E549F0F81BA655D"}}},"safebrowsing":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\User\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\User\\Pictures"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["<a href="http://www.istartsurf.com/?type=hp&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S" target="_blank">http://www.istartsurf.com/?type=hp&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S</a>"],"startup_urls_migration_time":"13047907879540913"},"sync":{"remaining_rollback_tries":0},"sync_promo":{"startup_count":3,"user_skipped":true},"translate_accepted_count":{"de":0,"nl":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":8,"nl":0},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}</p><p></p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.msn.com/?pc=AV01" target="_blank">http://www.msn.com/?pc=AV01</a>"</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.msn.com/?pc=AV01" target="_blank">http://www.msn.com/?pc=AV01</a>"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR</a>"</p><p>{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="<a href="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" target="_blank">http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Idle~_~Crawler deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6818F6FB-6270-4DE8-9827-40E852111F2A} deleted successfully</p><p>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c0ac12fb-52ab-498f-97b1-a71fd4774748} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eDealsPop_is1 deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd deleted successfully</p><p>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindApp deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully</p><p>HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\BF6F818607268ED48972048E2511F1A2 deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME will be deleted at reboot</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ will be deleted at reboot</p><p>C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\c15ib0e9.default\Cache emptied successfully</p><p>C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256\Cache emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=629 folders=166 123085868 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\User\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\User\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not found</p><p>"C:\PROGRA~2\MyPC Backup" not found</p><p>"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME" not found</p><p>"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ" not found</p><p>"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y" not found</p><p></p><p>==== EOF on 11/09/2014 at 17:38:54.45 ======================</p></blockquote><p></p>
[QUOTE="LiamA, post: 260028, member: 27752"] Thank you for you help, the results are as follows. Zoek.exe v5.0.0.0 Updated 10-September-2014 Tool run by User on 11/09/2014 at 16:48:41.99. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-09-10-210111.log 55756 bytes C:\zoek-results2014-09-11-154151.log 32060 bytes ==== System Restore Info ====================== 11/09/2014 16:50:23 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]wrc@avast.com[/email]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/08/2014 14:20] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 11:36] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director 4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/08/2014 14:20] Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn ==== Chromium Startpages ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences ":{"known_disabled":"72EBCB8EA89F52FE3098441A0A425AB665FCA55467A3C2F5ADDB47D4780F1447","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"05836E187C3742918F4F63F4B8497690924C0E24B3D4AE456C1DF65D89E38924","apdfllckaahabafndbhieahigkjlhalf":"75A3B53824CBA377374284FE3731ED7DD792800B3A4395A15264FD5D90C6D695","bepbmhgboaologfdajaanbcjmnhjmhfn":"8523A790CB4E3352C4BD726C388BBA7B21702C26EF3CED72B5945B273D2D867F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"C501EF5F0CB6F9A1060CAA36F71955E908FD3916D683774F342549510553200A","bnbaolfhobbbokdcmfiplbokkokobjgc":"7545DA0CD3726C617CAA9E953FA55B123E45B543AA76DDFC1170571FE74CB269","booedmolknjekdopkepjjeckmjkdpfgl":"19CD6282B7B366FEE78A872CA2389A5030A55432E4DFB7A4E8CB343E580781AC","bopakagnckmlgajfccecajhnimjiiedh":"A0FE9D5F17DC1DB72A7A6312F0851FA6E6362964BD966D1F6CD567FC193033BA","coobgpohoikkiipiblmjeljniedjpjpf":"55DA7C03DE6D5D7EF6790280CA29FB742C556210B5B56C6AD3C2140D67F84B43","daghjgaeamaenkcfjbojfdiamlocmape":"2030F3FADBAE4BF13A0947A5E272B3B8BCFB562C3B023EC81EED55C20CCCCF96","dnhpdliibojhegemfjheidglijccjfmc":"70241FAF05F02C2138566C7F2D0AAFB909C2F56A99FCB362819ACDC18AF52F54","eemcgdkfndhakfknompkggombfjjjeno":"5DAA9EB1FA71A41914FE362632CBDB36E71585396375FDA467F8E939265B1A10","ennkphjdgehloodpbhlhldgbnhmacadg":"C654CABB8DA9B2610B5C3B6447CE5806158553A691361C5515D88A3B70B80CDA","ffhfoagmjcnkolneahbpagjcjjaeofbg":"D75BB6623B4DA1A74A0F632E9B90BFAA5908A91F703D5312C00C61962B6ED5FD","flpcjncodpafbgdpnkljologafpionhb":"D8054206795B9BD5E762A567A058B20F610F44D25BA06151446DCCCAEC300AFA","gfdkimpbcpahaombhbimeihdjnejgicl":"1E917CC343047F0A4C15124574AFFA431FBF8F18F9F8216E1A9386963172B9EB","gomekmidlodglbbmalcneegieacbdmki":"317E12021A7F6730FABE9024DA446FB0F16763176CC56736F3F7F6C16F2A5974","impaepofmnammebeenafgmllpnjaiime":"5295BCFE7320B7895EDBBE196BD272A37FEB0C172C3FD15E29A5ACE5DF1AFDC8","kmendfapggjehodndflmmgagdbamhnfd":"D616EAF7B9F8B9BEE3C938E01EC275753D923C5E8AAE7DDFD81343F1F6B1ECA5","laemenhgkighepiafkfjmmpbocmeffjl":"56ED6678B43D5DE40282888D809080B1AF14FA8280441AEE9108A067B8BEEA32","mfehgcgbbipciphmccgaenjidiccnmng":"8BE4AF82A05BD261EC9C2784ACC2E5C159CA5DDEB40A1F75D1A4639CCEB0126F","mfffpogegjflfpflabcdkioaeobkgjik":"335FC71B19E7A1F116A8C81A137B9B31A74B5F2AB0DA625C34D799281E6EE2DF","mgndgikekgjfcpckkfioiadnlibdjbkf":"2EE0327F9B7B8814D106F803D1892A90392BD936B3FB4E9A2019DD2242626BCE","neajdppkdcdipfabeoofebfddakdcjhd":"842D1672701F8B18F8DFA0F9D6AE0A45356D981A468FDD46C9437A81634DC380","nkeimhogjdpnpccoofpliimaahmaaome":"ADF3183CF7CB3908E6C47C1AD15D75224CD7717B059ADAB75BF0636238188D32","nmmhkkegccagdldgiimedpiccmgmieda":"CDCEA882F0C1476C2D59BA032F947AAC1EA25DE4D473568A17AC9642380D5349","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"DDBE9355152B33829713ACA959F6BE249AF6BD83C2090B477D13931F1305E47F","pjkljhegncpnkpknbcohdijeoejaedia":"44DE05019D4B0F7421FD54FA1CDEA34E4C3A7D5E10C5229555E25DFB5ACF54B9"}},"google":{"services":{"last_username":"4588FD3458002F1638522C13A156E0F02DB9593B8DD13F1E51EFD72558AF987A"}},"homepage":"9A06C7613BBBB0024826A2D38E7C1CCC30B118A596642F5ADF3E4E9C66CEBE1D","homepage_is_newtabpage":"ACCEC6D2C6D303FE508202E094D35D2EAE8A255BF4571BE3306DD70C88C523FC","pinned_tabs":"B83FC1405B4104CA8AD41A044D705B10CC942B37CE1C923E95E5CB706EB5CFC6","prefs":{"preference_reset_time":"669EF1716CE9573E7B425C1726A0DD863A9FE77F8EEA505FA52D63556694290D"},"profile":{"reset_prompt_memento":"7EEEE547D11A8DF66E793686AF52CA7B0CAD258AE36093C99F807CA200E079B1"},"safebrowsing":{"incident_report_sent":"E2ACA7D4F0D9A368799A6CBE1688485E10AA956BF7EFCA8216B452F29F381442"},"search_provider_overrides":"AAFDEC98AB4FDB4CE1EB0F12C67792F7625F812F36A2D09780C9BB4F6A4651E7","session":{"restore_on_startup":"34CCCE703C9AC722F79A3EEC05B451B7863E89F677C94B6848CE2291EFBE7060","startup_urls":"DA5363B5ADE817F041F71D96AD57ACA03D45542F265934FAA05C0A4964567AF0"},"sync":{"remaining_rollback_tries":"B8548E18CCE5C0B522DBE2E4352DEE7A749BC2EC6ACB0E191E549F0F81BA655D"}}},"safebrowsing":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\User\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\User\\Pictures"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["[url]http://www.istartsurf.com/?type=hp&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S[/url]"],"startup_urls_migration_time":"13047907879540913"},"sync":{"remaining_rollback_tries":0},"sync_promo":{"startup_count":3,"user_skipped":true},"translate_accepted_count":{"de":0,"nl":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":8,"nl":0},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.msn.com/?pc=AV01[/url]" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.msn.com/?pc=AV01[/url]" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR[/url]" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="[url]http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01[/url]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Idle~_~Crawler deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6818F6FB-6270-4DE8-9827-40E852111F2A} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c0ac12fb-52ab-498f-97b1-a71fd4774748} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eDealsPop_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindApp deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\BF6F818607268ED48972048E2511F1A2 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME will be deleted at reboot C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ will be deleted at reboot C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\c15ib0e9.default\Cache emptied successfully C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=629 folders=166 123085868 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not found "C:\PROGRA~2\MyPC Backup" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ" not found "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y" not found ==== EOF on 11/09/2014 at 17:38:54.45 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top