Zoek.exe v5.0.0.0 Updated 17-10-2014 Tool run by Laurens on za 18/10/2014 at 14:59:28,61. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Laurens\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/10/2014 15:01:01 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\TimeGate Studios deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~2\COMMON~1\Umbrella deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\Users\Laurens\AppData\Roaming\GrabPro deleted successfully C:\Users\Laurens\AppData\Roaming\Vso deleted successfully C:\Users\Laurens\AppData\Roaming\YourFileDownloader deleted successfully C:\Users\Laurens\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{57B1C053-C7CF-4d59-A846-40F0A6E5EA46} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} deleted successfully HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AA9B1FE2-FFB1-4bf9-AAF5-1137307355F0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_CLASSES_ROOT\CLSID\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_CLASSES_ROOT\CLSID\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\ASDR.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Laurens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\LOLReplay\LOLRecorder.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Laurens\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npggsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npggsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.id", "829585a5000000000000f2ec3888a161"); user_pref("extensions.BabylonToolbar.instlDay", "15557"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=010812_906_cln_3112_3"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=112555&tt=010812_906_cln_3112_3&babsrc=NT_ss&mntrId=829585a500000 user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.110:57:25"); ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=010812_906_cln_3112_3"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); user_pref("extensions.BabylonToolbar.id", "829585a5000000000000f2ec3888a161"); user_pref("extensions.BabylonToolbar.instlDay", "15557"); user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.110:57:25"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.admin", false); ---- Lines Search removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); user_pref("browser.search.order.1", "Search the web (Babylon)"); ---- Lines babsrc removed from prefs.js ---- user_pref("keyword.URL", "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583 ---- Lines babylon removed from prefs.js ---- user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"BE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"13898811666551814400\"},\"youtube\": ---- Lines iminent removed from prefs.js ---- user_pref("browser.newtab.url", "http://search.iminent.com/?ref=NewTab&appId=9BE40EE3-FF7B-4975-8CDC-D4D3F433234D"); user_pref("browser.startup.homepage", "http://start.iminent.com/?appId=9BE40EE3-FF7B-4975-8CDC-D4D3F433234D"); user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":3}"); user_pref("iminent.LayoutId", "1"); user_pref("iminent.newtabredirect", "true"); user_pref("iminent.registerToolbarEvent109", "1406557859996"); user_pref("iminent.registerToolbarEvent111", "1406557860061"); user_pref("iminent.registerToolbarEvent112", "1406557863057"); user_pref("iminent.registerToolbarEvent122", "1406557860067"); user_pref("iminent.registerToolbarEvent140", "1389881192139"); user_pref("iminent.searchindex", "2"); user_pref("iminent.ShowThankyouPixel", "0"); user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}"); user_pref("iminent.version", "8.31.1.1"); user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.31.1.1\",\"InstallEventCTime\":1413635495403,\"InstallEvent\":\"True\"}"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1371225320954"); user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"); user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1"); user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1375263472598"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1375263472601"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1375263485457"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1375263472604"); user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02"); user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0"); ---- Lines iminent modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "d6558212-d9ae-417a-b95c-a3aecb939bad"); ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "d6558212-d9ae-417a-b95c-a3aecb939bad"); user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); ---- Lines helperbar removed from prefs.js ---- user_pref("extensions.helperbar.DockingPositionDown", false); user_pref("extensions.helperbar.SmartbarDisabled", false); user_pref("extensions.helperbar.SmartbarStateMinimaized", false); ---- Lines helperbar modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So ---- Lines extensions.iHlh1iGvh removed from prefs.js ---- user_pref("extensions.iHlh1iGvh.epoch", "1"); user_pref("extensions.iHlh1iGvh.scode", "void(0);"); user_pref("extensions.iHlh1iGvh.url", "http://groupsuper.info/sync/?q=hfZ9ojlVCTsMCyVUojwMg708BNmGWj8cmihGheDUojw9rdkGqda6rdwFpihPBMn0qTU5rHU5qHYGrdY4 ---- FireFox user.js and prefs.js backups ---- user_20141810_1512_.backup prefs_20141810_1512_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DD27FEF-D3F9-1193-0836-21899285F6EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD745F9-D401-18C1-A656-915D701A2D52}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DD27FEF-D3F9-1193-0836-21899285F6EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD745F9-D401-18C1-A656-915D701A2D52}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedUpMyPC"=- "Optimizer Pro"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\BabylonToolbar not found C:\ProgramData\FIINEDEaliSoftu deleted C:\ProgramData\SalesMaagnEt deleted C:\ProgramData\KinGCOupon deleted C:\Program Files (x86)\SaveSense deleted C:\Program Files (x86)\Iminent deleted C:\Program Files (x86)\Yontoo deleted C:\Program Files (x86)\Optimizer Pro deleted C:\Program Files (x86)\Popcorn Time deleted C:\Program Files (x86)\Uniblue\DriverScanner deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\extensions\eeeilehc@ltlqgtj.org deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\extensions\helperbar@helperbar.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\extensions\iiau_p29xlz@mvy-jlztqc.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\extensions\jkhoyuaa@tfeioa.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\extensions\{2fab2e94-d6f9-42de-8839-3510cef6424b} deleted C:\Windows\syswow64\appdata deleted C:\Users\Laurens\AppData\LocalLow\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted C:\Users\Laurens\AppData\LocalLow\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted C:\Users\Laurens\AppData\LocalLow\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted C:\Users\Laurens\AppData\Local\Packages\windows_ie_ac_001\AC\{8DD27FEF-D3F9-1193-0836-21899285F6EB} deleted C:\Users\Laurens\AppData\Local\Packages\windows_ie_ac_001\AC\{BAD745F9-D401-18C1-A656-915D701A2D52} deleted C:\Users\Laurens\AppData\Local\Packages\windows_ie_ac_001\AC\{BE8A33BB-D5D8-1996-8DA3-315D29D4CB1F} deleted C:\PROGRA~3\e88743a81b365877 deleted C:\PROGRA~3\Overwolf deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\SearchTheWeb.xml deleted C:\PROGRA~2\Mozilla Firefox\defaults\pref\all-iminent.js deleted C:\PROGRA~2\BitLord 2 deleted C:\PROGRA~2\DefaultTab deleted C:\PROGRA~2\Vuze_Remote deleted C:\PROGRA~2\YourFileDownloader deleted C:\user.js deleted C:\install.exe deleted C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader deleted C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk deleted C:\Users\Laurens\AppData\Roaming\BabylonToolbar deleted C:\Users\Laurens\AppData\Roaming\BitLord deleted C:\Users\Laurens\AppData\Roaming\Iminent deleted C:\Users\Laurens\AppData\Roaming\Babylon deleted C:\Users\Laurens\AppData\Roaming\Yontoo deleted C:\Users\Laurens\AppData\Roaming\DefaultTab deleted C:\Users\Laurens\AppData\Roaming\Optimizer Pro deleted C:\Users\Laurens\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Uniblue\DriverScanner deleted C:\PROGRA~3\Uniblue deleted C:\PROGRA~3\Iminent deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\Laurens\AppData\Local\CRE deleted C:\Users\Laurens\AppData\Local\SwvUpdater deleted C:\Users\Laurens\AppData\Local\Smartbar deleted C:\Users\Laurens\AppData\Local\Babylon deleted C:\Users\Laurens\AppData\Local\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted C:\windows\SysNative\Tasks\Your File Updater deleted C:\Windows\Tasks\SpeedUpMyPC.job deleted C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE} deleted C:\Users\Laurens\Downloads\iLividSetup (1).exe deleted C:\Users\Laurens\Downloads\iLividSetup (2).exe deleted C:\Users\Laurens\Downloads\iLividSetup.exe deleted C:\Users\Laurens\Downloads\SoftonicDownloader_voor_vlc-media-player.exe deleted C:\Users\Laurens\AppData\LocalLow\BabylonToolbar deleted C:\Users\Laurens\AppData\LocalLow\Vuze_Remote deleted C:\Users\Laurens\AppData\LocalLow\Smartbar deleted C:\Users\Laurens\AppData\LocalLow\Conduit deleted C:\Users\Laurens\AppData\LocalLow\ConduitEngine deleted C:\windows\SysNative\tasks\DriverScanner deleted C:\Windows\tasks\DriverScanner.job deleted C:\Windows\tasks\dsmonitor.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Windows\Syswow64\SearchProtect deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Laurens\Documents\Optimizer Pro deleted C:\Users\Laurens\Documents\BitLord deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default\searchplugins\Web Search.xml deleted C:\Users\Laurens\Crysis2AdvancedGraphicsOptions.exe deleted "C:\Windows\Installer\30e8c0d.msi" deleted "C:\Windows\Installer\50b69.msi" deleted "C:\Windows\Installer\50b69.msi" deleted "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe" deleted "C:\PROGRA~2\Uniblue\SpeedUpMyPC\spmonitor.exe" deleted "C:\Users\Laurens\AppData\Roaming\Uniblue\SpeedUpMyPC\monitor.log" deleted "C:\Users\Laurens\AppData\Roaming\Uniblue\SpeedUpMyPC\monitor.log" deleted "C:\Program Files (x86)\Uniblue\SpeedUpMyPC" not deleted "C:\PROGRA~2\Uniblue\SpeedUpMyPC" not deleted "C:\Users\Laurens\AppData\Roaming\Uniblue" deleted "C:\Users\Laurens\AppData\Roaming\Uniblue\SpeedUpMyPC" deleted "C:\Users\Laurens\AppData\Roaming\Uniblue\SpeedUpMyPC" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8170 MB CPU Info: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz CPU Speed: 3407,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Realtek Digital Output(Optical) | Display Adapters: AMD Radeon HD 6900 Series | AMD Radeon HD 6900 Series | AMD Radeon HD 6900 Series | AMD Radeon HD 6900 Series | AMD Radeon HD 6900 Series | AMD Radeon HD 6900 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | TP-LINK 150Mbps Wireless Lite N Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 3x (D: | E: | F: | ) D: HL-DT-STBDDVDRW CH10LS20 | E: DTSOFT BDROM | F: WNK Y7CDQR4 Ports: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 931,4GB Hard Disks - Free: C: 381,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer INC. P8H67-M EVO Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 34.0.1847.137 Internet Explorer Version: 11.0.9600.17358 Mozilla Firefox version: 14.0.1 (x86 en-US) Opera Browser version: 18.0.1284.68 Google Chrome version: 34.0.1847.137 Adobe Reader version: 10.1.0.534 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Laurens\AppData\Local\Temp ==== 2014-10-18 12:50:02 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Laurens\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvqfehq.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-18 12:51:56 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-17 18:10:01 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll 2014-10-17 18:10:01 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll 2014-10-17 18:10:01 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll 2014-10-17 18:09:37 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-17 18:09:37 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-10-17 18:09:37 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-10-17 18:09:37 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 18:09:36 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-10-17 18:09:36 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 18:09:36 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-10-17 18:09:36 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 18:09:36 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-17 18:09:36 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-10-17 18:09:35 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-10-17 18:09:35 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 18:09:35 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-10-17 18:09:35 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-10-17 18:09:34 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-10-17 18:09:34 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-10-17 18:09:34 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 18:09:34 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-10-17 18:09:33 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-10-17 18:09:33 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-10-17 18:09:33 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-17 18:09:32 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-10-17 18:09:32 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-10-17 18:09:32 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-10-17 18:09:32 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-17 18:09:32 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-10-17 18:07:39 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-10-17 18:07:27 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll 2014-10-17 18:06:33 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-10-17 18:06:28 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll 2014-10-17 18:06:28 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-10-17 18:06:28 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2014-10-17 18:06:28 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-10-17 18:06:28 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-10-17 18:05:32 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-18 09:12:26 BE819054E5DBB2F7464E241FF12D90D2 5064704 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2014-10-17 18:10:05 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-10-17 18:10:01 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll 2014-10-17 18:10:01 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll 2014-10-17 18:10:01 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll 2014-10-17 18:09:49 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-10-17 18:09:49 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-10-17 18:09:47 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-10-17 18:09:37 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-10-17 18:09:37 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-10-17 18:09:37 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-10-17 18:09:36 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-10-17 18:09:36 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-10-17 18:09:35 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-10-17 18:09:35 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-10-17 18:09:34 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-10-17 18:09:34 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-10-17 18:09:34 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-10-17 18:09:34 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-10-17 18:09:33 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-10-17 18:09:33 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-10-17 18:09:33 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-10-17 18:09:32 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-10-17 18:09:32 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-10-17 18:09:32 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-10-17 18:09:32 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-10-17 18:09:31 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-10-17 18:09:31 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-10-17 18:09:31 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-10-17 18:09:31 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-10-17 18:09:31 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-10-17 18:09:31 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-10-17 18:09:30 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-10-17 18:09:30 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-10-17 18:09:30 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-10-17 18:09:30 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-10-17 18:09:29 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-10-17 18:09:28 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-10-17 18:07:39 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll 2014-10-17 18:07:27 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll 2014-10-17 18:06:33 467D0E831D6DF8DA16BF856D0537A153 3722240 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-10-17 18:06:29 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-10-17 18:06:29 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-10-17 18:06:28 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll 2014-10-17 18:06:28 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-10-17 18:06:28 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-10-17 18:06:28 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2014-10-17 18:05:32 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-17 18:06:28 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-17 18:06:28 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== 2014-10-18 12:29:34 AA4222DC53A20804996E7659DEF78D6E 3172 ----a-w- C:\Windows\Sysnative\Tasks\{F7B00A76-5578-4AF5-BF9F-D0E2DFAFD05D} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-17 18:24:43 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-10-18 12:52:22 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-10-18 12:51:26 -------- d-----w- C:\PROGRA~2\Java 2014-09-20 10:14:50 -------- d-----w- C:\PROGRA~2\K-Lite Codec Pack ======= C: ===== ====== C:\Users\Laurens\AppData\Roaming ====== 2014-10-17 23:19:44 0431C3C454668E73B053230896125627 122768 ----a-w- C:\Users\Laurens\AppData\Local\GDIPFONTCACHEV1.DAT ====== C:\Users\Laurens ====== 2014-10-18 12:52:25 -------- d-----w- C:\ProgramData\Sun 2014-10-18 12:51:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-18 12:34:41 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\Laurens\Desktop\jxpiinstall.exe 2014-10-18 12:30:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-10-18 12:29:39 -------- d-----w- C:\ProgramData\Oracle 2014-10-18 12:28:48 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Laurens\Downloads\chromeinstall-8u25 (3).exe 2014-10-18 12:24:43 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Laurens\Downloads\chromeinstall-8u25 (2).exe 2014-10-17 21:27:33 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Laurens\Downloads\chromeinstall-8u25 (1).exe 2014-10-17 21:27:10 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Laurens\Downloads\chromeinstall-8u25.exe 2014-10-17 18:22:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Laurens\Downloads\RSITx64.exe 2014-10-17 18:16:45 2791FA4A0398C2771A28BAF4B4D90CB7 4964600 ----a-w- C:\Users\Laurens\Downloads\ccsetup418pro.exe 2014-09-20 10:14:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack ====== C: exe-files == 2014-10-17 18:24:43 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Laurens.exe 2014-10-17 18:09:37 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-17 18:09:35 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-10-17 18:09:33 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2014-10-18 12:51:38 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1003127213-1762329582-1897142147-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Laurens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Laurens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\optimi~1\\optpro~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hola"="C:\Program Files\Hola\app\hola.exe --tray --autorun" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSGamerOSD] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ASUSGamerOSD" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\GamerOSD\\GamerOSD.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCU] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCU" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\DeviceVM\\Browser Configuration Utility\\BCU.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BDRegion] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BDRegion" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Cyberlink\\Shared files\\brs.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CLMLServer" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Pro Agent" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Pro\\DTAgent.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeathAdder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DeathAdder" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Razer\\DeathAdder\\razerhid.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Laurens\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Laurens\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HydraVisionDesktopManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HydraVisionDesktopManager" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\HydraVision\\HydraDM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LGDCore] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Launch LGDCore" "hkey"="HKLM" "command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\G-series Software\\LGDCore.exe\" /SHOWHIDE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LgDeviceAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Launch LgDeviceAgent" "hkey"="HKLM" "command"="\"C:\\Program Files\\Logitech\\GamePanel Software\\LgDevAgt.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LGODDFU] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LGODDFU" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\lg_fwupdate\\fwupdate.exe\" blrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Vid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logitech Vid" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Logitech\\Vid HD\\Vid.exe\" -bootmode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LWS" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Logitech\\LWS\\Webcam Software\\LWS.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Malwarebytes' Anti-Malware" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MDS_Menu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MDS_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\MediaShow4\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\MediaShow4\" UpdateWithCreateOnce \"Software\\CyberLink\\MediaShow\\4.1\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Overwolf" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Overwolf\\Overwolf.exe -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Pando Media Booster" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Powersuite Monitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Powersuite Monitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Uniblue\\Powersuite\\powersuite_monitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Raptr" "hkey"="HKCU" "command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Razer Synapse" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl9] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl9" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD9\\PDVD9Serv.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony PC Companion" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Laurens\\AppData\\Roaming\\Spotify\\spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Laurens\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UCam_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\1.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateLBPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePPShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerProducer\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\PowerProducer\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerProducer\\5.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdatePSTShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\Blu-ray Disc Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Blu-ray Disc Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LOLRecorder.lnk" "backup"="C:\\Windows\\pss\\LOLRecorder.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\LOLREP~1\\LOLREC~1.EXE -minimize" "item"="LOLRecorder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE " "item"="McAfee Security Scan Plus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Laurens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Laurens\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Laurens\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Laurens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk] "path"="C:\\Users\\Laurens\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GameRanger.lnk" "backup"="C:\\Windows\\pss\\GameRanger.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Laurens\\AppData\\Roaming\\GAMERA~1\\GAMERA~2\\GAMERA~1.EXE /autostart" "item"="GameRanger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Laurens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk] "path"="C:\\Users\\Laurens\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech . Productregistratie.lnk" "backup"="C:\\Windows\\pss\\Logitech . Productregistratie.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\Logitech\\Ereg\\eReg.exe /remind /language=NLB /_WFM=\".\"" "item"="Logitech . Productregistratie" ==== Startup Folders ====================== 2014-09-19 09:25:02 1053 ----a-w- C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-07-05 01:11:32 1997 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1003127213-1762329582-1897142147-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1003127213-1762329582-1897142147-1000UA.job --a------ C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe [18/08/2012 23:30] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/10/2011 10:35] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/10/2011 10:35] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1003127213-1762329582-1897142147-1000Core" [C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1003127213-1762329582-1897142147-1000UA" [C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MSIAfterburner" [C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{15453AA1-ED91-4441-9219-97006D279CE1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1F737E2B-85DF-47FA-81D8-768AEB8A05CE}" [C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe] "C:\Windows\SysNative\tasks\{7D77E8F1-AF62-4A9B-BB8A-AB3F799DF429}" [C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe] "C:\Windows\SysNative\tasks\{C9E14A2A-D1A4-4F30-8F7C-30C8A7C4470A}" [C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe] "C:\Windows\SysNative\tasks\{EAEE518A-C35B-417E-BCD5-9B2357B6B4B4}" [C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth II\lotrbfme2.exe] "C:\Windows\SysNative\tasks\{FDB2200C-F605-4896-91EB-C6BF2A7E5520}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "webbooster@iminent.com"="C:\Program Files (x86)\Iminent\webbooster@iminent.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/11/2012 21:53] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default - Iminent - %ProfilePath%\extensions\firefoxmini@go.im.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\kixebvvr.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Laurens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\Laurens\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/08/2014 12:43] kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[] kfkcangbigakljkjeglcofaomihpejif - C:\Users\Laurens\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 15:13] ojpijjmpahflnipadmlpgbjmagmjchkk - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions amfclgbdpgndipgoegfpkkgobahigbcl - C:\Users\Laurens\AppData\Local\Smartbar/Application\1Extension.crx[] kfkcangbigakljkjeglcofaomihpejif - C:\Users\Laurens\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx[] Last updated at time on date - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Hola Better Internet - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Google Wallet - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Babylon Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc WhiteSmoke US New - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif Skype Click to Call - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda DivX Plus Web Player HTML5 \u003Cvideo\u003E - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://search.iminent.com/?appId=9BE40EE3-FF7B-4975-8CDC-D4D3F433234D", "startup_urls": [ "http://search.iminent.com/?appId=9BE40EE3-FF7B-4975-8CDC-D4D3F433234D", "http://google.be/" ], C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", "urls_to_restore_on_startup": [ "http://www.google.com" ] ==== Chromium Fix ====================== C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.iminent.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.iminent.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.iminent.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.iminent.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wallsave.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.ask.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.sitedeals.nl_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.iminent.com/?appId=9BE40EE3-FF7B-4975-8CDC-D4D3F433234D" "Search Page"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" "Search Bar"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" "Default_Search_URL"="http://www.google.com/ie" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" "SearchAssistant"="http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=BE&userid=2895f05b-e517-4968-b52a-fd3505d82b45&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{AA9B1FE2-FFB1-4bf9-AAF5-1137307355F0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9B1FE2-FFB1-4bf9-AAF5-1137307355F0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox" {8369270C-159D-4f5e-9563-685BBA450E94} Google Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=nl&q={searchTerms}" {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_nlBE454" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\webbooster@iminent.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D566ABB-889B-AF39-7B6A-23D4C5D54542} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EA6A274-9C75-40B4-991F-01482D89D1A7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\472A6AE857C94B0499F11084D2981D7A deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5