Zoek.exe v5.0.0.0 Updated 03-February-2015 Tool run by Arno on wo 04-02-2015 at 19:52:20,66. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Arno\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Dolphin Deals deleted successfully C:\PROGRA~2\PC_Booster deleted successfully C:\PROGRA~2\Xenocode deleted successfully C:\Program Files\Visicom Media deleted successfully C:\PROGRA~3\Trusted Publisher deleted successfully C:\PROGRA~3\Visicom Media deleted successfully C:\Users\Arno\AppData\Roaming\BRT deleted successfully C:\Users\Arno\AppData\Roaming\Google deleted successfully C:\Users\Arno\AppData\Roaming\Imminent deleted successfully C:\Users\Arno\AppData\Roaming\Publish Providers deleted successfully C:\Users\Arno\AppData\Local\Research In Motion deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11A0504F-B13B-4C49-989-E63ACC3ADFE} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12570850-19C1-4F1B-BEF-2669AF364F82} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15F62F4A-2BF9-4CBA-94F3-E22B7AFB9EEB} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17A79B67-A164-4185-B26D-9C4A137212A6} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19E9C4AE-F054-4F10-89DB-6FDDC0AD662} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A0BF302-DE55-4E89-A29D-3C728686421} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FBEE3DE-8C92-4DFA-88F1-8365CE7A8EA} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F582933-1566-4257-B9DB-D226B22459A} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{416EDB9B-6D5E-4CE7-A4E3-8B39837FBFC3} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B603060-B51D-425B-98AA-29725F9C4575} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50156605-C099-43ED-A316-D922CA915568} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58aac5ba-697a-4a2f-a918-3ec0767d6c7a} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BF56AD8-30E1-44D3-9B78-953FE20EE55} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60951D37-CD76-4BCF-82C5-3B20817B9241} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66B580D1-2293-43F9-8F39-263477593D42} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F509BBE-5764-4AFE-BDE3-70159C29BBD1} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7011724B-F526-40E2-852B-544754AFCD80} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70FE1AAC-D949-4A15-89B0-29AFF539E2E2} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{733B3D4B-D207-4043-80E5-AD1A70197F66} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{826E511C-861E-4A55-BB3B-B32814CD5BF} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91315562-64-4906-9F9C-F891AB99973} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9cc68231-e05c-4907-ae87-9bc7ba922ba1} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1967426-FB3F-4905-8121-3E91C540DC6B} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9716B8-C04-4128-A7BF-2DD0CC4EEBD1} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac92e988-f467-43f8-95dc-945f938ad92e} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3638669-E2EF-480B-815E-6E8D91B54EC9} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8BC4B6D-99BF-4077-B345-64DE76C8E9E6} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE402E86-5BB7-4331-8BEA-D5D6E46D621} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1E5B7E2-281E-421B-8FE8-989F43A7511} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6371434-A81D-4BBD-BCBD-6894F233762} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D77ED0E1-7BB9-4006-8B6B-0D1DC4FD0C3} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8AD4CA0-CC92-4D5A-94DE-AD1E8D2BFC2} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAE8016B-B14F-4C3A-B490-DE90F1106152} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD7EB5C6-61E8-478E-9EA1-78AE95EE94C} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{deeb49c0-6ba0-4381-be98-76c64397d1d2} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0389F74-B859-4B1D-BFA7-A429A999546F} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0ECDFD9-D2FD-4F22-B28B-43C6239038B6} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5399638-3FF1-4146-B02A-FB0EF2129B} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF162C5A-8974-4724-B751-95744C6BFFA5} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F03C4500-97A5-41A8-813E-66174BA0995C} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3D607CB-4F9C-491B-9879-FAD368645B} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4423DDC-612F-480B-9417-71138CC62EC} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F814D16E-B35B-42A7-B4F3-14231936A14} deleted successfully HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC3BDDE7-6DEC-4580-A2EB-8E4790819C6C} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58aac5ba-697a-4a2f-a918-3ec0767d6c7a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9cc68231-e05c-4907-ae87-9bc7ba922ba1} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac92e988-f467-43f8-95dc-945f938ad92e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{deeb49c0-6ba0-4381-be98-76c64397d1d2} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBIUpd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPBIUpd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Dolphin Deals deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Dolphin Deals deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Dolphin Deals deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update Dolphin Deals deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBIUpdd deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPBIUpdd deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default user.js not found ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.defaultenginename", "mystartsearch"); user_pref("browser.search.selectedEngine", "mystartsearch"); user_pref("browser.startup.homepage", "http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932"); ---- Lines quick_start removed from prefs.js ---- user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- Lines extensions.yv_ removed from prefs.js ---- user_pref("extensions.yv_.epoch", "1"); user_pref("extensions.yv_.scode", "void(0);"); user_pref("extensions.yv_.url", "http://getyourfilespot.info/sync/?q=hfZ9ofbTAy1MCyVUojwFqTaMg708BNmGWj8cmihGheDUojw9rdCGpjw8rdaHqchPBMn0rjr4rjY5rdY9r ---- FireFox user.js and prefs.js backups ---- prefs_04-02-2015_2010_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Pokki"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Dolphin Deals not found C:\ProgramData\ShopperPro deleted C:\Program Files (x86)\Common Files\DVDVideoSoft deleted C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default\extensions\r9f-td@rvdrooeor.co.uk deleted C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} deleted C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default\extensions\faststartff@gmail.com deleted C:\Program Files (x86)\Free Codec Pack deleted C:\Program Files (x86)\DVDVideoSoft deleted C:\Users\Arno\AppData\Roaming\RHEng deleted C:\Program Files\Common Files\ShopperPro deleted C:\Users\Arno\AppData\LocalLow\{22A3FB66-6A3F-C727-98BA-08514B6009B9} deleted C:\Users\Arno\AppData\Local\Packages\windows_ie_ac_001\AC\{22A3FB66-6A3F-C727-98BA-08514B6009B9} deleted C:\Users\Arno\.android deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\mystartsearch.xml deleted C:\PROGRA~2\globalUpdate deleted C:\Program Files\Common Files\System\SysMenu.dll deleted C:\Program Files\Common Files\System\SysMenu64.dll deleted C:\Users\Arno\AppData\Roaming\VOPackage deleted C:\Users\Arno\AppData\Roaming\mystartsearch deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\PROGRA~3\Package Cache deleted C:\PROGRA~3\EmailNotifier deleted C:\Users\Arno\AppData\Local\updater.log deleted C:\Users\Arno\AppData\Local\Genesis_06232056 deleted C:\Users\Arno\AppData\Local\globalUpdate deleted C:\Users\Arno\AppData\Local\CrashRpt deleted C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Public\Documents\ShopperPro deleted C:\Users\Arno\Downloads\FreeYouTubeToMP3Converter.exe deleted C:\windows\SysNative\tasks\update-S-1-5-21-4269831661-1795342113-1383225290-1000 deleted C:\windows\SysNative\tasks\update-sys deleted C:\Windows\tasks\update-S-1-5-21-4269831661-1795342113-1383225290-1000.job deleted C:\Windows\tasks\update-sys.job deleted C:\windows\SysNative\tasks\UNELEVATE_1081 deleted C:\windows\SysNative\Tasks\SPBIW_UpdateTask_Time_31303431353832342d5b5b4a346c4123452a5a556c deleted C:\windows\SysNative\Tasks\SPDriver deleted C:\windows\SysNative\tasks\ShopperPro deleted C:\windows\SysNative\tasks\ShopperProJSUpd deleted C:\windows\SysNative\tasks\YTDownloader deleted C:\end deleted C:\windows\SysNative\drivers\{f2dee4ac-05d0-4e54-80bc-2dc0ba61a2c7}Gw64.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Arno\Desktop\Continue installation - File Downloader Installation.lnk deleted C:\Users\Arno\Desktop\Continue Installer.exe.lnk deleted C:\Users\Arno\AppData\Roaming\TwitchBot.exe deleted "C:\PROGRA~3\47eaea4cfb7dbfde\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140729170052" deleted "C:\PROGRA~3\47eaea4cfb7dbfde\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140729170148" deleted "C:\Users\Arno\AppData\Local\Pokki\analytics.db" not deleted "C:\Users\Arno\AppData\Local\Pokki\engine_update.db" not deleted "C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" deleted "C:\PROGRA~2\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.0.17\Lightshot.dll" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.0.17\Lightshot.exe" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.0.17\uploader.dll" deleted "C:\PROGRA~2\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" deleted "C:\Users\Arno\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" deleted "C:\PROGRA~3\47eaea4cfb7dbfde" deleted "C:\Program Files (x86)\ShopperPro" deleted "C:\PROGRA~2\ShopperPro" deleted "C:\PROGRA~2\Skillbrains" deleted "C:\PROGRA~2\ShopperPro" deleted "C:\Users\Arno\AppData\Local\Pokki" not deleted "C:\Program Files (x86)\ShopperPro\JSDriver" deleted "C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1443" deleted "C:\PROGRA~2\ShopperPro\JSDriver" deleted "C:\PROGRA~2\ShopperPro\JSDriver\1.38.0.1443" deleted "C:\PROGRA~2\Skillbrains\lightshot" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.0.17" deleted "C:\PROGRA~2\ShopperPro\JSDriver" deleted "C:\PROGRA~2\ShopperPro\JSDriver\1.38.0.1443" deleted "C:\Users\Arno\AppData\Local\Pokki\Engine" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Arno\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 20:36:14 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-03 20:27:26 -------- d-----w- C:\Program Files\trend micro 2015-01-07 15:34:05 -------- d-----w- C:\Program Files\Genymobile ======= C:\PROGRA~2 ===== 2015-01-24 13:56:19 -------- d-----w- C:\PROGRA~2\Plex ======= C: ===== ====== C:\Users\Arno\AppData\Roaming ====== 2015-01-26 21:40:17 50CC804A19444C47D832642971E684BA 425 ----a-w- C:\Users\Arno\AppData\Local\UserProducts.xml 2015-01-24 13:56:41 -------- d-----w- C:\Users\Arno\AppData\Local\Plex Media Server 2015-01-18 23:18:41 -------- d-----w- C:\Users\Arno\AppData\Local\Pokki 2015-01-18 23:15:48 -------- d-----w- C:\Users\Arno\AppData\Roaming\DVDVideoSoft ====== C:\Users\Arno ====== 2015-02-03 20:26:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Arno\Downloads\RSITx64 (1).exe 2015-02-03 20:25:53 068A1444442BC93D1394159D31E4AB34 1214844 ----a-w- C:\Users\Arno\Downloads\RSITx64.exe 2015-01-31 21:24:12 1BE1376ACA949D40F8E63BD0CA903798 14879016 ----a-w- C:\Users\Arno\Downloads\gu5setup (1).exe 2015-01-31 21:23:51 2B723949E03621044C7015DB3FAAB63C 14873176 ----a-w- C:\Users\Arno\Downloads\gu5setup.exe 2015-01-27 20:59:01 -------- d-----w- C:\Users\Arno\TurbulenceFD Caches 003 2015-01-27 20:47:03 -------- d-----w- C:\Users\Arno\TurbulenceFD Caches 002 2015-01-26 21:40:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2015-01-26 21:38:55 31ED5B9411D17B6F9DD459AC881FFB16 2452808 ----a-w- C:\Users\Arno\Downloads\setup-lightshot.exe 2015-01-24 20:45:32 F13AD7273D0E336C7AF017F0C96FDD80 11417720 ----a-w- C:\Users\Arno\Downloads\join.me.exe 2015-01-24 13:56:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2015-01-23 16:17:51 3415ECEED8F4197B3DD9714D0C8C8AA1 23210008 ----a-w- C:\Users\Arno\Downloads\Popcorn-Time-0.3.7.1-Setup.exe 2015-01-18 23:19:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-07 15:34:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion ====== C: exe-files == 2015-02-03 20:27:26 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Arno.exe 2015-01-30 21:47:15 CF9BA33C05F698644E790FF80AB96295 41175632 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_chrome_installer.exe 2015-01-29 19:45:59 48B8D96A0FE6D8CD49F3AACE1A0DEE18 792144 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_40.0.2214.93_chrome_updater.exe === C: other files == 2015-02-03 20:52:47 DEEEF19697F578C445270FB083C001F2 48497090 ----a-w- C:\Users\Arno\Downloads\codecanyon-7864695-boutique.zip 2015-02-01 01:07:43 C4063D2E34A5192C84478410390481CB 46268773 ----a-w- C:\Users\Arno\Downloads\FaithfulVenom-32x-1.8-Beta3.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4269831661-1795342113-1383225290-1000\Software\Microsoft\Windows\CurrentVersion\Run] "SPDriver"="C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "uTorrent"="C:\Users\Arno\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Spotify Web Helper"="C:\Users\Arno\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "ADSKAppManager"="C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe -showminimized -checkautorun" "SPDriver"="C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" "Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" "LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SPDriver"="C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1443\jsdrv.exe" "Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" "uTorrent"="C:\Users\Arno\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" "Spotify Web Helper"="C:\Users\Arno\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Creative Cloud" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\Arno\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AthBtTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AtherosBtStack" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BlueStacks Agent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EADM" "hkey"="HKCU" "command"="\"D:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f.lux] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="f.lux" "hkey"="HKCU" "command"="\"C:\\Users\\Arno\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FAHConsole] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FAHConsole" "hkey"="HKLM" "command"="C:\\Program Files\\File Association Helper\\FAHConsole.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Gyazo] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Gyazo" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Gyazo\\GyStation.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesAirMessage" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn Hamachi Ui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ManyCam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ManyCam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\ManyCam\\ManyCam.exe\" --silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Memory Cleaner] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Memory Cleaner" "hkey"="HKCU" "command"="C:\\Users\\Arno\\AppData\\Roaming\\KoshyJohn.com\\MemClean\\MemClean.exe boot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Registry Helper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Registry Helper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Registry Helper\\RegistryHelper.Exe\" /boot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Arno\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Arno\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Arno\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="XboxStat" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YTDownloader" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\YTDownloader\\YTDownloader.exe\" /boot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk] "item"="AML Device Install" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AML Device Install.lnk" "backup"="C:\\Windows\\pss\\AML Device Install.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\AMDAVT~1\\bin\\kdbsync.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-02-2015 20:05] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-10-2014 22:32] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-10-2014 22:32] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Asrsetup" [E:\ASRSetup.exe] "C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"] "C:\Windows\SysNative\tasks\Red Giant Link" ["C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe"] "C:\Windows\SysNative\tasks\{E116563D-DB43-4AAF-8F62-5ED6FE3C532E}" [C:\Users\Arno\Desktop\Gang Beastz\Gang Beasts.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "faststartff@gmail.com"="C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default\extensions\faststartff@gmail.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default - SQLite Manager - %ProfilePath%\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Arno\AppData\Roaming\Mozilla\Firefox\Profiles\2opoh2lp.default 0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash A4FDD66D0DBF2CADF5B7D2F8187E24D1 - C:\Users\Arno\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Torch deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Arno\AppData\Local\Torch deleted Fake profile C:\Users\Arno\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Arno\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Arno\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\Gast\AppData\Local\Torch deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Chromatic Browser deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.94 (Up to date, latest Stable version: 40.0.2214.94) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[25-06-2014 14:23] Webpage Screenshot - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki AdBlock Premium - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj TweetDeck by Twitter - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl STATYZR - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipcpaklbkimihjpfhjmbekcgepmiidib SQLite Database Browser (Beta) - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpbdkmaomigeneadlamehkfchdmojgg Webpage Screenshot Gallery - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp Google Wallet - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Vine Client - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci goo.gl URL Shortener extension - Arno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnggipjiafeklgjdclhhkeefdebipmm ==== Chromium Fix ====================== C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.samsbox.com_0.localstorage deleted successfully C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.samsbox.com_0.localstorage-journal deleted successfully C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.sqeedolphindeals.com_0.localstorage deleted successfully C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_api.sqeedolphindeals.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_nlBE592" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\faststartff@gmail.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Arno\Desktop\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf C:\Users\Arno\Desktop\Collab.lnk - C:\Program Files (x86)\Image-Line\Collab\Collab.exe C:\Users\Arno\Desktop\Doorgaan met de installatie van WinZip.lnk - C:\Users\Arno\AppData\Local\Temp\ICReinstall_winzip18-firedrive-2.exe /RR C:\Users\Arno\Desktop\ER Assistant.lnk - C:\Program Files (x86)\ER Assistant\ERAssistant.exe C:\Users\Arno\Desktop\FL Studio 8.lnk - D:\Program Files (x86)\Image-Line\FL.exe C:\Users\Arno\Desktop\Fraps.lnk - C:\Fraps\fraps.exe C:\Users\Arno\Desktop\Gramblr.lnk - C:\Gramblr\Gramblr.exe iconPath=@TargetDir/gramblr.ico C:\Users\Arno\Desktop\HD Tune.lnk - C:\Program Files (x86)\HD Tune\HDTune.exe C:\Users\Arno\Desktop\join.me.lnk - C:\Users\Arno\AppData\Local\join.me\join.me.exe C:\Users\Arno\Desktop\Memory Cleaner.lnk - C:\Users\Arno\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe C:\Users\Arno\Desktop\Open Broadcaster Software.lnk - C:\Program Files (x86)\OBS\OBS.exe C:\Users\Arno\Desktop\osu.lnk - C:\Users\Arno\Desktop\Popcorn Time.lnk - C:\Program Files (x86)\Popcorn Time\Popcorn-Time.exe C:\Users\Arno\Desktop\Refresher.lnk - C:\Program Files (x86)\Refresher\Refresher.exe C:\Users\Arno\Desktop\TechPowerUp GPU-Z.lnk - C:\Program Files (x86)\GPU-Z\GPU-Z.exe C:\Users\Arno\Desktop\Titanium Studio.lnk - D:\Users\Arno\AppData\Roaming\Appcelerator\Titanium Studio\TitaniumStudio.exe C:\Users\Arno\Desktop\Uplay.lnk - D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe C:\Users\Arno\Desktop\Watch Dogs.lnk - D:\Program Files (x86)\R.G. Mechanics\Watch Dogs\bin\watch_dogs.exe C:\Users\Arno\Desktop\µTorrent.lnk - C:\Users\Arno\Desktop\LiveStream\Open Broadcaster Software (32bit).lnk - C:\Program Files (x86)\OBS\OBS.exe C:\Users\Arno\Desktop\LiveStream\Spotify.lnk - C:\Users\Arno\AppData\Roaming\Spotify\spotify.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0 C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\an(i)ma 1.0 64-bit.lnk - C:\aXYZ design\an(i)ma 1.0 64-bit\x64\an(i)ma_x64.exe C:\Users\Public\Desktop\Apowersoft Pro Schermrecorder.lnk - C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe C:\Users\Public\Desktop\Apps.lnk - C:\Users\Public\Libraries\Apps.library-ms C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Public\Desktop\Autodesk 3ds Max 2012 64-bit - English.lnk - D:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe C:\Users\Public\Desktop\Autodesk 3ds Max 2013 64-bit.lnk - D:\Program Files\Autodesk\3ds Max 2013\3dsmax.exe C:\Users\Public\Desktop\Autodesk Maya 2013 64-bit.lnk - D:\Program Files\Maya2013\bin\maya.exe C:\Users\Public\Desktop\avast Free Antivirus.lnk - C:\Users\Public\Desktop\boujou 5.0.lnk - D:\Program Files (x86)\Vicon\boujou 5.0\boujou.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DiskMax.lnk - C:\Program Files (x86)\KoshyJohn.com\DiskMax\DiskMax.exe C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Public\Desktop\Genymotion Shell.lnk - C:\Program Files\Genymobile\Genymotion\genyshell.exe C:\Users\Public\Desktop\Genymotion.lnk - C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\Users\Public\Desktop\GeoGebra.lnk - C:\Program Files (x86)\GeoGebra 4.4\GeoGebra.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe C:\Users\Public\Desktop\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Public\Desktop\Origin.lnk - D:\Program Files (x86)\Origin\Origin.exe C:\Users\Public\Desktop\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe C:\Users\Public\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files\PowerISO\PowerISO.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe C:\Users\Public\Desktop\Steam.lnk - C:\Users\Arno\Desktop\Tijdelijke Data\Steam\Steam.exe C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe C:\Users\Public\Desktop\Unity.lnk - C:\Program Files (x86)\Unity\Editor\Unity.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk - C:\Users\Arno\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"149b46d4a102c0304583931ceaa3f0bf19785ee3" C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk - C:\Users\Arno\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"menu" C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk - C:\Program Files\ASIO4ALL v2\ASIO4ALL Web Site.url C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk - C:\Program Files\ASIO4ALL v2\uninstall.exe C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gramblr\Gramblr.lnk - C:\Gramblr\Gramblr.exe iconPath=@TargetDir/gramblr.ico ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk - C:\Program Files\Adobe\Adobe Audition CC 2014\Adobe Audition CC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk - C:\Program Files\Wireshark\Wireshark.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Pro Schermrecorder.lnk - C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft\Apowersoft Screen Recorder Pro\Verwijder Apowersoft Pro Schermrecorder.lnk - C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Application Manager\Autodesk Application Manager.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk FBX Plug-ins\2013.1\Maya 2013 64-bit\Area Forum.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk FBX Plug-ins\2013.1\Maya 2013 64-bit\Autodesk FBX Web.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk FBX Plug-ins\2013.1\Maya 2013 64-bit\License agreement.lnk - C:\Program Files\Autodesk\FBX\FBXPlugins\2013.1\Maya 2013 64-bit\License\License_ENU.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk FBX Plug-ins\2013.1\Maya 2013 64-bit\readme.lnk - C:\Program Files\Autodesk\FBX\FBXPlugins\2013.1\Maya 2013 64-bit\readme.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk FBX Plug-ins\2013.1\Maya 2013 64-bit\Uninstall.lnk - C:\Program Files\Autodesk\FBX\FBXPlugins\2013.1\Maya 2013 64-bit\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk MatchMover 2013 64-bit\MatchMover 2013 64-bit.lnk - C:\Program Files (x86)\Autodesk\MatchMover2013\MatchMoverApp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk MatchMover 2013 64-bit\Uninstall MatchMover.lnk - C:\Windows\SysWOW64\msiexec.exe /x {5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Maya 2013 64-bit\Autodesk Maya 2013 64-bit.lnk - D:\Program Files\Maya2013\bin\maya.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Maya 2013 64-bit\FCheck.lnk - D:\Program Files\Maya2013\bin\fcheck.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Maya 2013 64-bit\License Transfer Utility.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\AdLM\R5\LTU.exe 657E1 2013.0.0.F -l en_US C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Composite 2013 64-bit.lnk - C:\Program Files (x86)\Autodesk\Composite 2013\program\composite.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Composite Command Prompt.lnk - C:\Windows\System32\cmd.exe /k "C:\Program Files\Autodesk\Composite 2013\program\txcmdprompt.cmd" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Uninstall.lnk - C:\Windows\System32\msiexec.exe /x {2F808931-D235-4FC7-90CD-F8A890C97B2F} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Documentation\Online Help.lnk - C:\Program Files (x86)\Autodesk\Composite 2013\documentation\help\index.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Documentation\OpenFX API.lnk - C:\Program Files (x86)\Autodesk\Composite 2013\ofx\Documentation\index.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Composite 2013 64-bit\Documentation\Scripting API.lnk - C:\Program Files (x86)\Autodesk\Composite 2013\documentation\scripting\index.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk - C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Audio Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Audio Converter\FreeAudioConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Audio Editor.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Audio Editor\FreeAudioEditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Coub Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Coub Download\FreeCoubDownload.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Dailymotion Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Dailymotion Download\FreeDailymotionDownload.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free DVD Video Burner.lnk - C:\Program Files (x86)\DVDVideoSoft\Free DVD Video Burner\FreeDVDVideoBurner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free DVD Video Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free DVD Video Converter\FreeDVDVideoConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free GIF Maker.lnk - C:\Program Files (x86)\DVDVideoSoft\Free GIF Maker\FreeGIFMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Image Convert and Resize.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Image Convert And Resize\FreeImageConvertAndResize.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Instagram Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Instagram Download\FreeInstagramDownload.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free MP4 Video Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free MP4 Video Converter\FreeMP4VideoConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Screen Video Recorder.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Torrent Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Video Editor.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video Editor\FreeVideoEditor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Video Flip and Rotate.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video Flip And Rotate\FreeVideoFlipAndRotate.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Video to DVD Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free DVD Video Burner\FreeVideoToDVDConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Video to JPG Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video to JPG Converter\FreeVideoToJPGConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free Video to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video to MP3 Converter\FreeVideoToMP3Converter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to DVD Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to DVD Converter\FreeYouTubeToDVDConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Uploader.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Uploader\FreeYouTubeUploader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Genymotion Shell.lnk - C:\Program Files\Genymobile\Genymotion\genyshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Genymotion.lnk - C:\Program Files\Genymobile\Genymotion\genymotion.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion\Uninstall Genymotion.lnk - C:\Program Files\Genymobile\Genymotion\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo Settings.lnk - C:\Program Files (x86)\Gyazo\GyStation.exe /option C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\DiskMax\DiskMax Help.lnk - C:\Program Files (x86)\KoshyJohn.com\DiskMax\DiskMax.exe help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\DiskMax\DiskMax.lnk - C:\Program Files (x86)\KoshyJohn.com\DiskMax\DiskMax.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\DiskMax\Uninstall DiskMax.lnk - C:\Program Files (x86)\KoshyJohn.com\DiskMax\DiskMax.exe uninstall C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Verwijder Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {A0460865-37B5-4071-B85E-8F7C43AA8ED9} REMOVE=ALL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4 Screen Capture.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\EEScreen.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4 SDK.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\SDK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression\Microsoft Expression Encoder 4.lnk - C:\Program Files (x86)\Microsoft Expression\Encoder 4\Encoder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Lync Recording Manager.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010\Microsoft Visual Studio 2010.lnk - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010\Visual Studio Tools\Spy++.lnk - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\spyxx.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express\Microsoft Visual Basic 2010 Express.lnk - D:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\vbexpress.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixamo Fuse\Mixamo Fuse.lnk - C:\Program Files (x86)\Mixamo Fuse\Code\Build\Output\Fuse\bin\Release\Fuse.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\License_en_US.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\doc\UserManual.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server\Plex Media Server.lnk - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReelSmart Motion Blur 4, After Effects-compatible plugin set\Remove ReelSmart Motion Blur 4, After Effects-compatible plugin set.lnk - C:\Windows\unvise32.exe C:\PROGRA~2\REVISI~1\UNINST~1\RSMB4A~1.LOG C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 13.0\Vegas Pro 13.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\vegas130.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 13.0\Vegas Pro 13.0 Readme.lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\Readme\Vegas_readme.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1\Start Here.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1\WCF RIA Services V1.0 SP1 Walkthrough.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.3.lnk - C:\Program Files (x86)\WinPcap\uninstall.exe ==== shortcuts in Quick Launch ====================== C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apowersoft Screen Recorder Pro.lnk - C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro\Apowersoft Screen Recorder Pro.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Autodesk Maya 2013 64-bit.lnk - D:\Program Files\Maya2013\bin\maya.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Speakonia.lnk - C:\Program Files (x86)\CFS-Technologies\Speakonia\Speakonia.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk - C:\Program Files\Wireshark\Wireshark.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe After Effects CC.lnk - C:\Program Files\Adobe\Adobe After Effects CC\Support Files\AfterFX.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CC 2014.lnk - C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CINEMA 4D ®.lnk - C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CINEMA 4D.lnk - C:\Users\Arno\Downloads\Cinema 4D R16\Cinema 4D R16\CINEMA 4D R16\CINEMA 4D.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1418468531&from=amt&uid=ST2000DM001-9YN164_Z3406932XXXXZ3406932 C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Users\Arno\Desktop\Tijdelijke Data\Steam\Steam.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1\Start Here.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1\WCF RIA Services V1.0 SP1 Walkthrough.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Arno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis_06232056 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAHConsole deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YTDownloader deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHTFE8YZ will be deleted at reboot C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1BM97BQ will be deleted at reboot C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJQ371LN will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Arno\AppData\Local\Mozilla\Firefox\Profiles\2opoh2lp.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Arno\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=7610 folders=768 1860909292 bytes) ==== Empty Temp Folders ====================== C:\Users\Arno\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\MSSQLSERVER\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Arno\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Arno\AppData\Local\Pokki\analytics.db" not found "C:\Users\Arno\AppData\Local\Pokki\engine_update.db" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\Arno\AppData\Local\Pokki" not found "C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHTFE8YZ" not found "C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1BM97BQ" not found "C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJQ371LN" not found "C:\Users\Arno\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q8EKCHDE\fbstatic-a.akamaihd.net" not found ==== EOF on wo 04-02-2015 at 20:34:11,16 ======================