Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Robin on za 30-05-2015 at 12:55:14,06. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Robin\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 30-5-2015 12:57:08 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\b806a1bf-87f7-4e2e-871f-44313d9c6849 deleted successfully C:\PROGRA~2\dumps deleted successfully C:\PROGRA~2\predm deleted successfully C:\Program Files\ATI deleted successfully C:\Program Files\trend micro deleted successfully C:\Program Files\VideoLAN deleted successfully C:\PROGRA~3\15258f47ab8941178ff712b4c41ae770 deleted successfully C:\PROGRA~3\APN deleted successfully C:\PROGRA~3\LumaEmu_SteamCloud deleted successfully C:\Users\Robin\AppData\Roaming\DAEMON Tools Lite deleted successfully C:\Users\Robin\AppData\Roaming\Publish Providers deleted successfully C:\Users\Robin\AppData\Roaming\rearhpan deleted successfully C:\Users\Robin\AppData\Local\SmartWeb deleted successfully C:\Users\Robin\AppData\Local\SpacialAudio deleted successfully C:\Users\Robin\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4084138155-1781582168-817132210-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3733a40e deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\3733a40e deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command] @="C:\\Program Files (x86)\\Opera\\Launcher.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Robin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\b806a1bf-87f7-4e2e-871f-44313d9c6849 not found C:\PROGRA~2\dumps not found C:\PROGRA~2\predm not found C:\ProgramData\FlashBeat not found C:\Program Files (x86)\b806a1bf-87f7-4e2e-871f-44313d9c6849 not found C:\ProgramData\15258f47ab8941178ff712b4c41ae770 not found C:\Program Files (x86)\predm not found C:\PROGRA~3\15258f47ab8941178ff712b4c41ae770 not found "C:\Users\Robin\AppData\Roaming\BYAIAMUF.exe" not found "C:\Users\Robin\AppData\Roaming\qEeeeGFcg8JVEWeDylCU3STDju.exe" not found C:\PROGRA~2\69dc8177-a574-4dff-8461-b3267b078dcf deleted C:\PROGRA~2\AGEIA Technologies deleted C:\Program Files\Enigma Software Group deleted C:\ProgramData\28341ff220e0446c9fff27c4493d622e deleted C:\ProgramData\3816031624398402902 deleted C:\Program Files (x86)\globalUpdate deleted C:\windows\SysNative\Tasks\TXIQVLD1 deleted C:\windows\SysNative\Tasks\YHKESJDA deleted C:\user.js deleted C:\PROGRA~3\Package Cache deleted C:\Users\Robin\AppData\Local\updater.log deleted C:\Users\Robin\AppData\Local\globalUpdate deleted C:\Users\Robin\AppData\Local\CrashRpt deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\abengine deleted C:\Users\Robin\AppData\LocalLow\Company deleted C:\Users\Robin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted C:\windows\SysNative\tasks\update-S-1-5-21-4084138155-1781582168-817132210-1000 deleted C:\windows\SysNative\tasks\update-sys deleted C:\Windows\tasks\update-S-1-5-21-4084138155-1781582168-817132210-1000.job deleted C:\Windows\tasks\update-sys.job deleted C:\END deleted C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted "C:\Windows\tasks\BYAIAMUF.job" deleted "C:\Windows\tasks\qEeeeGFcg8JVEWeDylCU3STDju.job" deleted "C:\Windows\tasks\TXIQVLD1.job" deleted "C:\Users\Robin\AppData\Local\LumaEmu" deleted "C:\Users\Robin\AppData\Roaming\BYAIAMUF" deleted "C:\Windows\tasks\BYAIAMUF.job" deleted "C:\Windows\SysNative\tasks\BYAIAMUF" deleted "C:\Users\Robin\AppData\Roaming\qEeeeGFcg8JVEWeDylCU3STDju" deleted "C:\Windows\tasks\qEeeeGFcg8JVEWeDylCU3STDju.job" deleted "C:\Windows\SysNative\tasks\qEeeeGFcg8JVEWeDylCU3STDju" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.dll" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.exe" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\uploader.dll" deleted "C:\PROGRA~2\Skillbrains" deleted "C:\PROGRA~2\Skillbrains\lightshot" deleted "C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Robin\AppData\Local\Temp ==== 2015-05-26 18:35:55 50754352847B5E71E11ABF4D30407148 441220 ------w- C:\Users\Robin\AppData\Local\Temp\jna\jna686539629556923903.dll 2015-05-25 15:48:20 667384827BB3604D587780FD7E78260D 2999808 ----a-w- C:\Users\Robin\AppData\Local\Temp\jue9F.exe 2015-05-25 15:28:44 2A5F246B97D00F77B78D15F72923839B 61981 ----a-w- C:\Users\Robin\AppData\Local\Temp\Uninstall.exe 2015-05-25 15:21:03 9DD19D61D196759BC4F088CDDC58DFDA 2744320 ----a-w- C:\Users\Robin\AppData\Local\Temp\14B8\temp\TyHelpTFUO.xyz.exe 2015-05-25 11:53:10 126147CB9CC6C0B3F37EE954AC53E12E 40960 ------w- C:\Users\Robin\AppData\Local\Temp\is45637729\1644513_stp\gvstb.exe 2015-05-25 11:53:10 126147CB9CC6C0B3F37EE954AC53E12E 40960 ------w- C:\Users\Robin\AppData\Local\Temp\is45637729\11561076_stp\gvstb.exe 2015-05-22 14:06:43 D956FEFC0BA08A16B20C6A280ECDE9BA 54 ----a-w- C:\Users\Robin\AppData\Local\Temp\3f7d85e2d46c535e31a8fa8c7799ae40.dll 2015-05-22 14:06:32 29A8AC540F372B5D377DB0FBFE5341B6 512 ----a-w- C:\Users\Robin\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll ====== Java Cache ===== 2015-05-25 09:51:39 97B93BBBB813910CB8BFC80753E88AFF 533 ----a-w- C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2550737a-398e3440 ====== C:\Windows\SysWOW64 ===== 2015-05-25 15:30:15 1D56C0852DF99DD02EBBBE3A2D5E372B 4 ----a-w- C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-05-13 14:49:38 F7DFAE6040AC910B7C64EE208A34157D 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-05-13 14:49:38 8FE94F2EF9BF444E93E35D87E210D02F 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-05-25 17:02:46 75E06DCEFFBE0B4FDD4423B06800C947 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0970c9f4e3091.job 2015-05-25 16:48:22 D30F1C368EA2E6E20B1C05766B241F6E 1050 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 16:48:22 1A59896DE9B8F5A64B4A03BEED33EA2D 1052 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0970a9ca1855e.job 2015-05-25 15:16:16 689D2ADFCB5F58431B1F0F1B0328E4E1 3090 ----a-w- C:\Windows\Sysnative\Tasks\iren3006 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-05-13 17:09:11 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-05-13 16:56:44 -------- d-----w- C:\PROGRA~2\Craften Terminal 2015-05-08 12:16:28 -------- d-----w- C:\PROGRA~2\COMMON~1\BattlEye ======= C: ===== 2015-05-28 15:13:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Robin\AppData\Roaming ====== 2015-05-26 18:47:56 -------- d-----w- C:\Users\Robin\AppData\Roaming\.minecraft 2015-05-25 16:47:35 -------- d-----w- C:\Users\Robin\AppData\Local\Deployment 2015-05-25 16:47:35 -------- d-----w- C:\Users\Robin\AppData\Local\Apps 2015-05-25 16:10:22 -------- d-sh--w- C:\Users\Robin\AppData\Locallow\EmieUserList 2015-05-25 16:10:22 -------- d-sh--w- C:\Users\Robin\AppData\Locallow\EmieSiteList 2015-05-25 16:10:22 -------- d-sh--w- C:\Users\Robin\AppData\Locallow\EmieBrowserModeList 2015-05-25 15:18:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Robin\AppData\Locallow\localStorageIE_backup.txt 2015-05-15 11:55:47 C3707E1059E21850B5B06BA3612CA7F5 424 ----a-w- C:\Users\Robin\AppData\Local\UserProducts.xml 2015-05-13 16:56:48 -------- d-----w- C:\Users\Robin\AppData\Roaming\Craften Terminal 2015-05-08 12:16:30 -------- d-----w- C:\Users\Robin\AppData\Local\Arma 3 2015-05-08 12:11:15 -------- d-----w- C:\Users\Robin\AppData\Local\Bohemia_Interactive 2015-05-08 12:11:07 -------- d-----w- C:\Users\Robin\AppData\Local\Arma 3 Launcher 2015-05-06 12:40:52 -------- d-----w- C:\Users\Robin\AppData\Local\master131 2015-05-03 10:07:56 -------- d-----w- C:\Users\Robin\AppData\Local\wf-launcher ====== C:\Users\Robin ====== 2015-05-29 14:56:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Robin\Downloads\RSITx64.exe 2015-05-28 15:13:33 -------- d-----w- C:\Users\Robin\Start Menu 2015-05-28 15:11:32 C47D45DECBA9558B0C9FEC22F18CCA69 3109248 ----a-w- C:\Users\Robin\Downloads\SpyHunter-Installer.exe 2015-05-27 16:59:30 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2015-05-27 16:59:24 D84222F1AABC057D261C7CB5782B1BE3 806816 ----a-w- C:\Users\Robin\Desktop\rufus-2.1.exe 2015-05-25 16:50:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-25 16:19:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft 2015-05-15 11:55:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2015-05-13 16:56:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal 2015-05-08 12:16:30 -------- d-----w- C:\ProgramData\Bohemia Interactive 2015-05-06 12:50:00 -------- d-----w- C:\ProgramData\DeviceSync 2015-05-03 10:07:59 -------- d-----w- C:\ProgramData\GFACE ====== C: exe-files == 2015-05-29 14:56:52 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Robin\Downloads\RSITx64.exe 2015-05-29 12:35:33 B1798BC27E40983B12FEFD0D85C05B3F 873800 ----a-w- C:\Users\Robin\AppData\Local\Google\Chrome\User Data\SwReporter\3.21.0\software_reporter_tool.exe 2015-05-28 15:11:32 C47D45DECBA9558B0C9FEC22F18CCA69 3109248 ----a-w- C:\Users\Robin\Downloads\SpyHunter-Installer.exe 2015-05-27 17:04:56 80158C097A3F87D4841B65A439619B62 1696104 ----a-w- C:\Users\Robin\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe 2015-05-27 16:59:24 D84222F1AABC057D261C7CB5782B1BE3 806816 ----a-w- C:\Users\Robin\Desktop\rufus-2.1.exe 2015-05-25 17:02:46 0894890F30B5F6510DF953BC50B5504F 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe 2015-05-25 17:02:45 F6EEE6848E933962E12E7B3F25C73C88 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe 2015-05-25 17:02:45 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe 2015-05-25 17:02:45 6732C4A894855042FD3618406B6BBD48 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe 2015-05-25 17:02:41 BB3045B399D898061B926B447C446E05 127816 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe 2015-05-25 17:02:41 8715A0D10CFFC8DEE923957F07DAA042 244040 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe 2015-05-25 17:02:41 6509A96DAE25340772B51AC020CB1094 304968 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe 2015-05-25 17:02:41 0C03FB91E17987EED93F60007B08DAA0 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe 2015-05-25 17:02:38 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E75C9F0D-9F4F-4C6C-A4F2-36A6217D7926}\GoogleUpdateSetup.exe 2015-05-25 17:02:38 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe 2015-05-25 16:50:16 B2BC5122F56A99FC7E9B170C4E61C0F3 42077776 ----a-w- C:\Program Files (x86)\Google\Update\Install\{0AFFAC69-9258-4E12-BA16-FCBEC9322144}\43.0.2357.81_chrome_installer.exe 2015-05-25 16:50:16 B2BC5122F56A99FC7E9B170C4E61C0F3 42077776 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\43.0.2357.81\43.0.2357.81_chrome_installer.exe 2015-05-25 16:48:20 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 2015-05-25 16:24:07 2A5F246B97D00F77B78D15F72923839B 61981 ----a-w- C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC9LREQ9\Validate[1].exe 2015-05-25 16:19:55 180B7582F3FABFAF8D4ED91A3A6378B2 593640 ----a-w- C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC9LREQ9\Setup[1].exe 2015-05-25 16:19:51 B08B8A5DD0674AA7DF6F9A4C0FA5641A 146392 ----a-w- C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\uninst.exe 2015-05-25 15:48:20 667384827BB3604D587780FD7E78260D 2999808 ----a-w- C:\Users\Robin\AppData\Local\Temp\jue9F.exe 2015-05-25 15:28:44 2A5F246B97D00F77B78D15F72923839B 61981 ----a-w- C:\Users\Robin\AppData\Local\Temp\Uninstall.exe 2015-05-25 15:21:03 9DD19D61D196759BC4F088CDDC58DFDA 2744320 ----a-w- C:\Users\Robin\AppData\Local\Temp\14B8\temp\TyHelpTFUO.xyz.exe 2015-05-25 11:53:10 126147CB9CC6C0B3F37EE954AC53E12E 40960 ------w- C:\Users\Robin\AppData\Local\Temp\is45637729\1644513_stp\gvstb.exe 2015-05-25 11:53:10 126147CB9CC6C0B3F37EE954AC53E12E 40960 ------w- C:\Users\Robin\AppData\Local\Temp\is45637729\11561076_stp\gvstb.exe 2015-05-23 16:12:39 49555A199BFB0137AABE8EB0337D9931 18653984 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_room_setup\steamvr_room_setup.exe === C: other files == 2015-05-29 15:02:11 B6CA157509D31E4F4A1257BDC300C481 308696 ----a-w- C:\Users\Robin\Downloads\ScriptHookV_1.0.350.2a.zip 2015-05-28 15:13:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2015-05-25 15:18:20 B33C8912629021566294DEAB37EE1FC4 615 ----a-w- C:\Users\Robin\AppData\Local\Temp\File\PlatinumFile.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" "GamingMouse"="C:\Program Files (x86)\Drakonia Configurator\hid.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" "Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\ProgramData\\FlashBeat\\FlashBeat32.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "VX1000"="C:\Windows\vVX1000.exe" "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun" "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe /startup" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BitTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Robin\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GamingKeyboard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GamingKeyboard" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\SHARKOON Skiller\\GameMon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-04-2015 20:12] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-05-2015 18:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0970a9ca1855e.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-05-2015 18:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0970c9f4e3091.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-05-2015 18:48] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\iren3006" [C:\PROGRA~2\HIGHLI~1\iren3006.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1425121749" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01-05-2015 11:17] Google Slides - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Pandora Listener - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\danjmbbdjabpapehlajpomcignjnoidp Lamborghini Drift - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgknjjmoobnbdjlcacclfppohcamflf Google Sheets - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Bookmark Manager - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Last updated at time on date - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd Google Wallet - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia CinemaP-1.9cV16.03 - Robin\AppData\Roaming\Opera Software\Opera Stable\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb CinemaPlus-3.2cV25.05 - Robin\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp ==== Chromium Startpages ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences oglevideo.com:443":{"network_stats":{"srtt":68667}},"r19---sn-hp57knel.googlevideo.com:443":{"network_stats":{"srtt":168693}},"r19---sn-nx57ynl7.googlevideo.com:443":{"network_stats":{"srtt":833732}},"r2---sn-a5m7ln7r.googlevideo.com:443":{"network_stats":{"srtt":259577}},"r2---sn-x0gvoxu-5hnl.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"r2---sn-x0gvoxu-5hnl.googlevideo.com:443":{"network_stats":{"srtt":42874}},"r20---sn-p5qlsm7d.googlevideo.com:443":{"network_stats":{"srtt":600323}},"r3---sn-x0gvoxu-5hnl.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"r3---sn-x0gvoxu-5hnl.googlevideo.com:443":{"network_stats":{"srtt":41178}},"r4---sn-5hn7ym7k.googlevideo.com:443":{"network_stats":{"srtt":73356}},"r4---sn-q4f7dnez.googlevideo.com:443":{"network_stats":{"srtt":212688}},"r4---sn-x0gvoxu-5hne.googlevideo.com:443":{"network_stats":{"srtt":69340}},"r4---sn-x0gvoxu-5hnl.googlevideo.com:443":{"alternative_service":[{"port":443,"probability":0.01,"protocol_str":"quic"}],"network_stats":{"srtt":52792}},"r5---sn-p5qlsu7k.googlevideo.com:443":{"network_stats":{"srtt":130386}},"r5---sn-x0gvoxu-5hnl.c.pack.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"r5---sn-x0gvoxu-5hnl.googlevideo.com:443":{"network_stats":{"srtt":416709}},"r6---sn-2x37ln7l.googlevideo.com:443":{"network_stats":{"srtt":1093837}},"r6---sn-x0gvoxu-5hnl.googlevideo.com:443":{"network_stats":{"srtt":70966}},"r7---sn-25g7sm7r.googlevideo.com:443":{"network_stats":{"srtt":88177}},"s.youtube.com:443":{"supports_spdy":true},"s.ytimg.com:443":{"supports_spdy":true},"s.zkcdn.net:443":{"supports_spdy":true},"s0.2mdn.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"s2.googleusercontent.com:443":{"network_stats":{"srtt":83456},"supports_spdy":true},"s7.addthis.com:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":47041},"supports_spdy":true},"ssl.gstatic.com:443":{"supports_spdy":true},"ssl.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"static.adzerk.net:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46676},"supports_spdy":true},"stats.wp.com:443":{"supports_spdy":true},"syndication.twitter.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":70452},"supports_spdy":true},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":45388}},"translate.google.nl:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":34341},"supports_spdy":true},"widget.uservoice.com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46813},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.nl:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":54240},"supports_spdy":true},"www.google.nl:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46472},"supports_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46041}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46147},"supports_spdy":true},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":51632},"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":45155},"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":76237}},"www.gstatic.com:443":{"supports_spdy":true},"www.gta5-mods.com:443":{"supports_spdy":true},"www.organicfacts.net:443":{"supports_spdy":true},"www.reddit.com:443":{"supports_spdy":true},"www.redditstatic.com:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"youtube.com:443":{"supports_spdy":true},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":139043},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.73","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"],"most_visited_blacklist":{"04e7596e55a5c5e443f0621e61c41b31":null,"0f6d965f94887214aeb9d8b9d305e1ec":null,"1aa09f8301da2ceaf8bfb8ce3d6c7dd9":null,"1c25f81c3a0bd59b4e867f3f42c29e77":null,"1d6580b8c33d30b4f4374cf64169eef9":null,"2bd81a0a8fba3a0a527397ce1e0f77ac":null,"35e6044217716f2404e1216f466de828":null,"4172626882be815adb6f3a3ef0855c5f":null,"659af2e39af0221da5d8c05c739ba3a6":null,"6f63c989f0c794d9f900245999d7b559":null,"87f1f06509644d7c0c5bcc6c052fe21e":null,"a55fdc7ca6f5906ed8fcb36071264f45":null,"b021b972d59372613c86a9596b8085e0":null,"b217a69e5f40d33954586fa28a20e5ca":null,"b993d0284e5b6cfdfa8e4717c2c0dd9e":null,"dba51bcc527ba93f7fe03868747280d5":null,"dda6f4188fd9be98e2b027b344f57126":null,"dfac2ac2f8102bbfbd4ef18a247d74cb":null,"dfb1a4292b7299846d03eda1e9912394":null,"eb5b8270584a9c4605da609c7588293c":null}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"43.0.2357.65","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Persoon 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Robin\\Desktop","type":1},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13077045436505079"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":2},"translate_last_denied_time":1432574011267.792,"translate_too_often_denied":true,"translate_whitelists":{}} SIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_1","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"AF0BCAACEA2A13DD80AB3AA58F9F58B4AF0511964D52C7885F88D07D44980AEB"},"default_search_provider":{"keyword":"E6DE17DD8292A4E38E44648270151927A0468EBCBAF8E3CABB521C9D78576257","name":"12476030700DF7D3CFB4E7489E6956E7E9FE4883CCEB3DB28E4B5CC786D403E9","search_url":"B1E3871F8C905D0ECD62A625133A4226F42C3FF42A8CC95676784CB0EBD5700E"},"default_search_provider_data":{"template_url_data":"46A113C7A9E94A383AA5E95E71B201E03C387B30866FF7D9878FD3FD3ABA6B9A"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"2D5387A0F652DF3CF35FE04500EF99FD8BFFBFF61730FC6A658330F7949629AA","ahfgeienlihckogmohjhadlkjgocpleb":"4DAF1D9E1A0952852565CB88DA1AD361384F63C0EF01A3A795E8B7240E9CD31B","aohghmighlieiainnegkcijnfilokake":"D12F95C83B5D69FC4ED49E03C10187BA776663CB1B24ECA6841677F1F5F3027A","apdfllckaahabafndbhieahigkjlhalf":"9B8CBEF121FD45C9BBDB334AC8AEB220A5726F16866B3B00AA681338D8A6B96E","bepbmhgboaologfdajaanbcjmnhjmhfn":"813929B48079FC711928AA6949943BE1D793632EE6A7AED774205F1BCFDB5FF5","blpcfgokakmgnkcojhhkbfbldkacnbeo":"DF0BDBE6E6491250B020AA43C5F6702D1B34FB1DCC3BFF5EB0D145DC9FC0F628","coobgpohoikkiipiblmjeljniedjpjpf":"E131B5B69D8E28F67048BF893E8C6E4529AF821967636939CF8FCCF8616E9686","danjmbbdjabpapehlajpomcignjnoidp":"AE8F658FFF03D60BA2065A2734AC4C04C027990325C1A54D3B9B7FF5551A3D78","dmgknjjmoobnbdjlcacclfppohcamflf":"BC17C9019F3189E5C47C78F437445AC4F91F8E71C5443DF1DCD4239EE62D95D0","eemcgdkfndhakfknompkggombfjjjeno":"1A7E5FA347AE76587B0A22FDAE3F5F0DA674A6BA683725AB6E489879EA05706B","ennkphjdgehloodpbhlhldgbnhmacadg":"FD2952C04215E34AE9B92A28F51F351A1D5E681A0656834CC5BF8DD23A4850C1","felcaaldnbdncclmgdcncolpebgiejap":"47282DB6D8212079AC1437F5B5F217F488C00ACD06E04AD1B61634122BD726DE","gfdkimpbcpahaombhbimeihdjnejgicl":"11320FE31B6960B4730C73C98E3F6DADEA67D07F47EA526327536E4E2244D161","gmlllbghnfkpflemihljekbapjopfjik":"981E5FEB3A4E78D95C0EB9ED5A69C005926CE9163147F4A849DB32EBB130B916","kmendfapggjehodndflmmgagdbamhnfd":"131EB5B5752F9510AD98FCDCD26C09E43831CD72AEBE2FCDB9674DB69412F465","knebimhcckndhiglamoabbnifdkijidd":"9A0BB04F52CA313B4B01D98E75B8E672C84F20595D4A39D7B3D6EAD5B1EF998B","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"B25D3B4FC308EE80353EA5C12F0828457113A0D52542FD0BD1A1E0C90174F342","mfehgcgbbipciphmccgaenjidiccnmng":"AA32FEC9AEC15229515F2B24E8B0108F9FA675E677FE536C77C80EDB75BC0876","mgndgikekgjfcpckkfioiadnlibdjbkf":"D90459263C613341C0ADAD9777FBFC0ECA3A174966B75153E821EB9BEF381C78","mhjfbmdgcfjbbpaeojofohoefgiehjai":"B9D94453D3163719D5E8C13243DD6BD6E52ECF87F1205F7693F4DD1B3376B493","neajdppkdcdipfabeoofebfddakdcjhd":"041742E6F5C6C360F1BBDB7F6A57CA4F2059C961EC4CEE43A4616C560541986E","nkeimhogjdpnpccoofpliimaahmaaome":"13C3E72166D709816D7ABC45970339DD6378C05BA43DEBB4E37EB9521642684C","nmmhkkegccagdldgiimedpiccmgmieda":"7B2C7F2B1974FF21CD42BB9E1C9B9AD4529D9DB5000B74627EF91A451FAF0E8A","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"31EA236BD57F334B7F0B73F4BBF704694915169CF7804DF83B02233767C8D52F","pjkljhegncpnkpknbcohdijeoejaedia":"8443787D4A2F105261FEC76537DD754FA39912ACAE7F1345B335472975847205"}},"google":{"services":{"last_username":"FDE25487BC22D6DCF2A277B27D2180D1C764904BD6407D323B30FDE97D71C64A","username":"5AFD27913946522EBAB2DBDCB0552C6A3EE0686525F3867588E43DBD61DF6D7B"}},"homepage":"38472310DB861150231F58CC8DF1CF04D41F2AD05EDFC3CA78D8493F4C1461ED","homepage_is_newtabpage":"B59D5137735992B8DB1D8FA118723BD633FC4CBBEC6E6A7A0B58DB50DCE63E19","pinned_tabs":"ED55F812558E4907E01A0A21DFFA9083F5FA22B3B75BEE7F72FA0A1B9D02B85D","prefs":{"preference_reset_time":"54DCC8ADD5521259DD14BBCED1947851813001E685D2636242BAB49720D01D0B"},"profile":{"reset_prompt_memento":"04B60F9A6E0701349A6F0BC82D461B4FAD1C9DA7C458A8FA4AC13D11B60AEF7C"},"safebrowsing":{"incidents_sent":"5208DF97867D923BBA689D04BB542251BDFCBE1E5B87F9EEAFC7037A16682A40"},"search_provider_overrides":"0B3DF7D15A614B78274AAB31348BE18AD9536EF96B641586451C3E04B12533CA","session":{"restore_on_startup":"A11DBDFB59479A83CA740EB408DC1DDE0F5C6615959396D3C807DDB2244E8102","startup_urls":"FDA5387FB1791E7F94A7A38787FFDC9097A1CEC9130C5B00BEE5A8AF92EBDA80"},"software_reporter":{"prompt_reason":"F81B6C06400C92DC08FF2BD74916BE3487D654894D29C18812DFBE1A7B5D0798","prompt_seed":"1980F4C7C270F50774EC2324EACA947CB8D7E3A6CA5F2934ED2CDF18D0E6B4D7","prompt_version":"102770AE599F71186D51E847EF0268CDD10C07A476B3BBC77E155D5A2CA58625"},"sync":{"remaining_rollback_tries":"E61478152DA025D75E93B502710863E2E9483F1495B49DD1897056058C5C9B63"}},"super_mac":"E03193545D46DFC5F3FD6D157868D83C0466C1A44DF0BDE20912A7A345425ADC"},"session":{"restore_on_startup":4,"startup_urls":["https://www.google.nl/"]}} ==== Chromium Fix ====================== C:\Users\Robin\AppData\Roaming\Opera Software\Opera Stable\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_acklnhgjphbhhomkneonohbjnbmkclfb_0.localstorage deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_acklnhgjphbhhomkneonohbjnbmkclfb_0.localstorage-journal deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_acklnhgjphbhhomkneonohbjnbmkclfb_0 deleted successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acklnhgjphbhhomkneonohbjnbmkclfb deleted successfully C:\Users\Robin\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Robin\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Robin\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully C:\Users\Robin\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Robin\Desktop\Battlefield 3.lnk - C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe C:\Users\Robin\Desktop\BitTorrent.lnk - C:\Users\Robin\AppData\Roaming\BitTorrent\BitTorrent.exe C:\Users\Robin\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\Users\Robin\Desktop\Customize Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe /FromDesktop C:\Users\Robin\Desktop\Fraps.lnk - C:\Fraps\fraps.exe C:\Users\Robin\Desktop\Microsoft LifeCam.lnk - C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe C:\Users\Robin\Desktop\MSI Afterburner.lnk - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Users\Robin\Desktop\Play Far Cry 4.lnk - C:\Games\Far Cry 4\bin\Launcher.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Robin\Desktop\Popcorn Time.lnk - C:\Users\Robin\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Robin\Desktop\Rust.lnk - C:\Users\Robin\Documents\Rust\rust.exe C:\Users\Robin\Desktop\SHARKOON Skiller Configurator.lnk - C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe C:\Users\Robin\Desktop\Stranded Deep.lnk - C:\Games\Stranded Deep v0.01.H1\Stranded_Deep_x64.exe C:\Users\Robin\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Robin\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe C:\Users\Robin\Desktop\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Absolute Uninstaller.lnk - C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\Users\Public\Desktop\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk - C:\Program Files (x86)\Sony\Vegas Pro 13.0\vegas130.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk - C:\Users\Robin\AppData\Roaming\BitTorrent\BitTorrent.exe C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk - C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal\Craften Terminal .lnk - C:\Program Files (x86)\Craften Terminal\Craften Terminal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal\Verwijder Craften Terminal.lnk - C:\Program Files (x86)\Craften Terminal\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DTGadget.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.gadget C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft\Absolute Uninstaller\Absolute Uninstaller.lnk - C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Verwijder Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Malwarebytes Anti-Exploit.lnk - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Uninstall Malwarebytes Anti-Exploit.lnk - C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\AUSetting.exe -forcecheck C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Help.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\Xboxhelp.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Status.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia\SHARKOON Drakonia Configuration.lnk - C:\Program Files (x86)\Drakonia Configurator\config.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Drakonia\Uninstall .lnk - C:\Windows\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\SHARKOON Skiller Configurator.lnk - C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{91C25547-9534-41A5-823A-1E54BA16EA3F}\setup.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\MonoDevelop.lnk - C:\Program Files (x86)\Unity\MonoDevelop\bin\MonoDevelop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /x {AEDFE02E-FDDB-40A5-B5A9-5F955A75693F} /L*V "C:\Users\Robin\AppData\Roaming\\SplitMediaLabs\XSplit\xsplit_installer_uninstall.log" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster.lnk - C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk - C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\Robin\AppData\Roaming\BitTorrent\BitTorrent.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1432567763&z=77ff3bc29eacf1e5891b428g9z2c8oaw8qdm5m8qfc&from=cmi&uid=ST500DM002-1BD142_W3TB4TF8XXXXW3TB4TF8 C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== shortcuts After Repair ====================== C:\Users\Robin\Desktop\Play Far Cry 4.lnk - C:\Games\Far Cry 4\bin\Launcher.exe C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HPEKT4Z will be deleted at reboot C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC9LREQ9 will be deleted at reboot C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMSFKYUB will be deleted at reboot C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLMHR1PV will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Robin\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=325 folders=88 37293394 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Robin\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Robin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HPEKT4Z" not found "C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC9LREQ9" not found "C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMSFKYUB" not found "C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLMHR1PV" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on za 30-05-2015 at 13:12:37,39 ======================