Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Laurens on wo 03/06/2015 at 15:17:58,34. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Laurens\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 3/06/2015 15:20:12 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\getit4cheaper deleted successfully C:\PROGRA~3\nicedeal deleted successfully C:\Users\Laurens\AppData\Local\Adobe deleted successfully C:\Users\Laurens\AppData\Local\CrashDumps deleted successfully C:\Users\Laurens\AppData\Local\CRE deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{038ff0e2-c6a6-4782-b89e-586a3ddf16c7} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{038ff0e2-c6a6-4782-b89e-586a3ddf16c7} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F2C0DA2E-BC71-40E1-B7A9-AE2F4A185B50} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38DCFC0A-6496-4D4A-B149-4FF18FDC734A} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4219C449-8E27-46B9-BF78-C5FA93FFF8A} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D0933D1-8BB-4364-9EEC-A7E1FEBB42D8} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A226081-4E6E-41BA-89A5-6FFF1CD8E9BC} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F5E4D19-6078-4AE2-BB7F-95AABB6184} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{880AA651-D618-4C7F-BD42-B46FF04573F} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{974FA072-1939-4E60-8475-95F2FDFA31B7} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9814E26F-8C75-41E5-91E1-64C16B7B193} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FE578B9-ACBD-49A9-AD1C-75B0921496CB} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B087D2AB-A691-41C7-AD9C-86A3216BC58C} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF2D805E-1132-4264-8CD2-FFCBAE7F2615} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2534631-F050-42DD-96B4-5BEF6B86AD2} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA26A24B-CCC1-43FA-B2E7-455518C1FE7} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57A9476-DF7E-47D7-B55D-D8824219CB8A} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB9C455-A627-4306-92BD-7BD32DA7AEBA} deleted successfully HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F47435C6-C68F-4516-A3F3-4CFA10A39F8F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{038ff0e2-c6a6-4782-b89e-586a3ddf16c7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038ff0e2-c6a6-4782-b89e-586a3ddf16c7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_CLASSES_ROOT\CLSID\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a04057d1-f46d-4817-b02a-c7158f7f3773} deleted successfully HKEY_CLASSES_ROOT\CLSID\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F2C0DA2E-BC71-40E1-B7A9-AE2F4A185B50} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2C0DA2E-BC71-40E1-B7A9-AE2F4A185B50} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{e6eeb20c-cf4a-4789-becf-64f78340708f} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default user.js not found ---- Lines SourceApp removed from prefs.js ---- user_pref("extensions.SourceApp.aul", "1433337026085"); user_pref("extensions.SourceApp.irl", true); ---- Lines SourceApp modified from prefs.js ---- user_pref("extensions.enabledAddons", "quick_searchff%40gmail.com:5.4.11,faststartff%40gmail.com:4.3.0,firefox%40sourceapp.info:1.0.1,%7Be985a5d2-3bc5 user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"faststartff@gmail.com\":{\"descriptor\":\"C:\\\\Users\\\\Laurens\ ---- FireFox user.js and prefs.js backups ---- prefs_20150306_1531_.backup ProfilePath: C:\Users\Laurens\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\kyzjl1lp.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150306_1531_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6eeb20c-cf4a-4789-becf-64f78340708f}] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a04057d1-f46d-4817-b02a-c7158f7f3773}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038ff0e2-c6a6-4782-b89e-586a3ddf16c7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a04057d1-f46d-4817-b02a-c7158f7f3773}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Software Removal Tool"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\getit4cheaper not found C:\Program Files (x86)\SourceApp not found C:\ProgramData\beautydeals not found "C:\Users\Laurens\Downloads\software_removal_tool.exe" not found C:\Users\Laurens\AppData\Roaming\omiga-plus deleted C:\Program Files (x86)\XTab deleted C:\Program Files (x86)\Popcorn Time deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\extension@linkeyproject.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\faststartff@gmail.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\HekGrmz@0Ef9.edu deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\quick_searchff@gmail.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\sonnypenn@aol.com deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\V5@UB2C.net deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\xiiAz@dS6.org deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\{e985a5d2-3bc5-4638-b711-f46b25050696} deleted C:\Users\Laurens\AppData\Roaming\Picexa Viewer deleted C:\ProgramData\WindowsMangerProtect deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\omiga-plus.xml deleted C:\PROGRA~2\gmsd_be_82 deleted C:\Program Files\Zapp deleted C:\Users\Laurens\AppData\Roaming\appdataFr2.bin deleted C:\Users\Laurens\AppData\Roaming\dlg deleted C:\Users\Laurens\AppData\Roaming\AnyProtectEx deleted C:\Users\Laurens\AppData\Roaming\F4EED700-1424881548-815C-31F1-0C54A51952B4 deleted C:\PROGRA~3\Systweak deleted C:\PROGRA~3\IHProtectUpDate deleted C:\PROGRA~3\cheapnenjoy deleted C:\PROGRA~3\deal4deal deleted C:\Users\Laurens\AppData\Local\nsf8003.tmp deleted C:\Users\Laurens\AppData\Local\nsq3384.tmp deleted C:\Users\Laurens\AppData\Local\gmsd_be_82 deleted C:\Users\Laurens\AppData\Local\F4EED700-1424881605-815C-31F1-0C54A51952B4 deleted C:\Users\Laurens\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp deleted C:\Users\Laurens\AppData\Local\Linkey deleted C:\Users\Laurens\AppData\Local\globalUpdate deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\windows\SysNative\Tasks\SystemSockets deleted C:\windows\SysNative\Tasks\Browser Updater deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (1).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (2).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (3).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (4).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (5).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013 (6).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Dec2013.zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Server1 (1).zip deleted C:\Users\Laurens\Downloads\OpenVPN-Certificate-Bundle-Server1.zip deleted C:\Users\Laurens\Downloads\SoftonicDownloader_voor_teamspeak.exe deleted C:\Users\Laurens\AppData\LocalLow\SmartWeb deleted C:\Users\Laurens\AppData\LocalLow\SimplyTech deleted C:\WINDOWS\tasks\PassShow Update.job deleted C:\WINDOWS\Launcher.exe deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\Laurens\Documents\PCSpeedUp deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\searchplugins\default-search.xml deleted C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\firefox@sourceapp.info.xpi deleted "C:\windows\Installer\35f04.msi" deleted "C:\Users\Laurens\AppData\Roaming\CMP" deleted "C:\Users\Laurens\AppData\Roaming\GYISO" deleted "C:\Users\Laurens\AppData\Roaming\KIYHR" deleted "C:\Users\Laurens\AppData\Roaming\VIURF" deleted "C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\delta-homes.xml" deleted "C:\Program Files (x86)\Zapp\stdmfpam.dll" not deleted "C:\Program Files (x86)\Zapp\WBrokerDirect.exe" deleted "C:\Program Files (x86)\Picexa\picexasvc.exe" deleted "C:\PROGRA~2\Zapp\stdmfpam.dll" not deleted "C:\PROGRA~2\Zapp\WBrokerDirect.exe" deleted "C:\Program Files (x86)\Zapp" not deleted "C:\Program Files (x86)\Picexa" not deleted "C:\PROGRA~2\Zapp" not deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Laurens\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-05-15 14:14:47 95B0179BDA907252025DEEA183699FB3 467776 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-05-15 14:14:46 272A62B660A48AEF366F8A1836CED19F 57856 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys 2015-05-15 14:14:34 FE14D249D39368CA62D8DA6BC94AC694 80384 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-05-15 14:14:30 C54B6B2170BF628FD42F799A66956D75 239424 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-05-15 14:14:30 95E295FD19F80B3AD33629B5AEFEC9C7 154432 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2015-05-15 14:14:25 C61EAF8E1E4B2F62BA4FDF457440B2C6 316416 ----a-w- C:\WINDOWS\Sysnative\drivers\udfs.sys 2015-05-15 14:04:46 5E5AB950693F2C6D6ACBEE3A74697ED7 561928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys ====== C:\WINDOWS\Tasks ====== 2015-05-24 17:34:55 DE7E85ED3E39D739EC79B768EC11C4BE 3436 ----a-w- C:\WINDOWS\Sysnative\Tasks\Software Removal Tool post reboot run 2015-05-12 19:56:09 B2E7DECEE64CE95EFD2C97546D2319B3 5050 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for LAURENS-Laurens Laurens ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-05-31 14:03:09 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-06-03 09:46:25 -------- d-----w- C:\PROGRA~2\Dungeon Siege II 2015-05-20 14:07:52 -------- d-----w- C:\PROGRA~2\Picexa ======= C: ===== ====== C:\Users\Laurens\AppData\Roaming ====== ====== C:\Users\Laurens ====== 2015-06-03 09:51:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Siege II 2015-05-31 14:02:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Laurens\Downloads\RSITx64.exe 2015-05-07 12:45:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa ====== C: exe-files == === C: other files == 2015-06-01 14:55:57 083FF7F387E2DBB533C0F83A2C3C3648 19376 ----a-w- C:\Users\Laurens\Downloads\game-of-thrones-fifth-season-2015_HI_english-1125819.zip 2015-05-31 14:16:59 9FB6DEF746B5C72A2D10BF699611B5E2 37090 ----a-w- C:\Users\Laurens\Downloads\prisoners_english-827841.zip 2015-05-30 21:07:22 D691ABF5552E1C9DE87D1C0640F6C09D 46318 ----a-w- C:\Users\Laurens\Downloads\shutter-island_english-542555.zip 2015-05-28 21:01:15 0D1FF0E8810D53327DC01670A0D75616 45916 ----a-w- C:\Users\Laurens\Downloads\american.sniper.(2014).eng.1cd.(6158992).zip 2015-05-28 13:38:17 FC61F291D295428909C7E6C70D41C08F 11700 ----a-w- C:\Users\Laurens\Downloads\vikings.the.wanderer.(2015).eng.1cd.(6060095).zip 2015-05-27 14:51:35 4E6A0544FFB2816CA9393C015C6CB731 175738923 ----a-w- C:\Users\Laurens\Downloads\vragen golven.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart /min" "Spotify Web Helper"="C:\Users\Laurens\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MurGee.com Auto Clicker"="C:\Users\Laurens\AppData\Local\Auto Clicker\AutoClicker.exe :silent" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "start"="C:\Users\Laurens\AppData\Local\Temp\start.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-21-1963141002-4129623413-2237559709-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart /min" "Spotify Web Helper"="C:\Users\Laurens\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MurGee.com Auto Clicker"="C:\Users\Laurens\AppData\Local\Auto Clicker\AutoClicker.exe :silent" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "start"="C:\Users\Laurens\AppData\Local\Temp\start.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-04-27 21:11:55 1157 ----a-w- C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-02-24 16:39:24 2273 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk 2014-02-20 15:10:31 2216 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2015 19:35] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1963141002-4129623413-2237559709-1002Core.job --a-------- C:\Users\Laurens\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/08/2014 22:07] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/01/2015 15:40] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/01/2015 15:40] C:\WINDOWS\tasks\MATLAB R2014a Startup Accelerator.job --a-------- C:\Program Files\MATLAB\R2014a\bin\win64\MATLABStartupAccelerator.exe [29/01/2014 12:39] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Dolby PCEE4\pcee4.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\WINDOWS\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\WINDOWS\SysNative\tasks\MATLAB R2014a Startup Accelerator" [C:\Program Files\MATLAB\R2014a\bin\win64\MATLABStartupAccelerator.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1421076365" [C:\Program Files (x86)\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\Software Removal Tool post reboot run" [C:\Users\Laurens\Downloads\software_removal_tool.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3C83CC43-8B04-4B13-B3B7-DBFAAD6F07E8}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Laurens\AppData\Roaming\OpenVPN Technologies\OpenVPN Client\Profiles\kyzjl1lp.default user_pref("browser.startup.homepage", "resource://webapp/openvpn.html"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "quick_searchff@gmail.com"="C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default\extensions\quick_searchff@gmail.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Laurens\AppData\Roaming\Mozilla\Firefox\Profiles\wd2ijmsu.default 9AE02005247DA91AB1743F5208DBEF76 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Laurens\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin F6D12679B9112358AC705A1308156F59 - C:\Users\Laurens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jlkealnllhajodlnhmfjfmnhelpbaaem - C:\Program Files (x86)\Zapp\chrome\Zapp.crx[] Google Docs - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Invite All (for Facebook) - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih AdBlock - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Hola Better Internet - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio Bookmark Manager - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Google Wallet - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Laurens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia GoHDV25.02 - Laurens\AppData\Roaming\Opera Software\Opera Stable\Extensions\bokijhalndhhhikpnaniimagniglonke ==== Chromium Startpages ====================== C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Preferences 892664EE7D"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"C33BC089EFA40EA4305BCBB729E1A55518E419C858B4D23DF7B39B7F0C948417","aohghmighlieiainnegkcijnfilokake":"AD10A9B7640827EAF945459B97FD33C779073E58A0D40E81917624CB9EFE1ADD","apdfllckaahabafndbhieahigkjlhalf":"4E23BF7A8D16AFBD9986A750045BEEA742952688C4C2BFC3AB73B4E772C56B84","bepbmhgboaologfdajaanbcjmnhjmhfn":"F4914E5CE8D5A1E8867341F9EF477C195C370C26E4169C38043BF8878315FA3C","blpcfgokakmgnkcojhhkbfbldkacnbeo":"255442A60D132BE4B8602786A013686DEBA7CF6F9DABD6376012F1BEFA7916E1","booedmolknjekdopkepjjeckmjkdpfgl":"9E32FEE9DF04B14EBC953D40D7B2E1C8060C5CEDCB7E9DB5BFEF381DC01547C9","coobgpohoikkiipiblmjeljniedjpjpf":"7AA6B1B4ADFA2C0BE6A3D47E26141B66B07F12A2EF157B42ABED1372016255D3","eemcgdkfndhakfknompkggombfjjjeno":"4C076119F7C9CAB002D7792C5F59C559283E151F5A19C3FEE33ADF1056E89F82","ennkphjdgehloodpbhlhldgbnhmacadg":"98752E7BCF6B64BADD7B4700ACB89DF7D0BD3E1A22B4A827AAC8DB21A74116F6","eopekjehpibhfpjjcokfmhcaeiclddih":"4FF21801F31028C0BE2DED4D8F69F2AED5862DB62FA2DF8AFA6E8E20E18AC804","flpcjncodpafbgdpnkljologafpionhb":"60FE835A1000CDFEFF69FEF29FDA5EC050A210F1128071559EDD892025F06AC7","gfdkimpbcpahaombhbimeihdjnejgicl":"FFC42CA548D43072FDD6FEDC17DB75992A86BEE62C7B2F5D631BF81D886B6B84","gighmmpiobklfepjocnamgkkbiglidom":"4BEC00B2BC252733B20C75E9B009AA8DE49EA649B91EB84CDFF4C14FFFBFF830","gkojfkhlekighikafcpjkiklfbnlmeio":"649FA811F9FF2E280ED0BF15064A51CB2023C9F3725F2D1D36D7B3E8EE72764B","gmlllbghnfkpflemihljekbapjopfjik":"02377466AEC4833CBB52984049322199021C251BDEEB6C9B8AAE6442EEDDD8FB","impaepofmnammebeenafgmllpnjaiime":"19248EFFA58AFDCF0D88F6FFA130A6DFA5B9E695A34247BCBDD2BD68E4B7C857","jlkealnllhajodlnhmfjfmnhelpbaaem":"F9E4A0CD033235C3C88F0D8069F7423E718EF30D9917900EE325CF6E6D52D659","kmendfapggjehodndflmmgagdbamhnfd":"16B9C39EE40CB205DAACCAF1FD5854B388283B2C2B60F67EE4C3D4241EBADC59","lojpenhmoajbiciapkjkiekmobleogjc":"651525F821349E1AE3E2F2BD2C0A866DB50F9B5AC8FFDFED47B663E606A274C4","mfehgcgbbipciphmccgaenjidiccnmng":"EBFA6313991640D270FEA7245EFD4258AA19677FC84D945D05A01DECABE778A2","mgndgikekgjfcpckkfioiadnlibdjbkf":"F79FB9E54D41DE223517469AA450818298A22A25C1D69ABE1A2DFF0B7C8BA534","mhjfbmdgcfjbbpaeojofohoefgiehjai":"CD4BD0C459BE730258BA24624B2429195EEE05B5947D39EE7682AC1A2251A111","neajdppkdcdipfabeoofebfddakdcjhd":"605BA26543E25DCEE4D950BD059BB0C89AED548F19BF6CAC000C9F11AE7E6E9B","nkeimhogjdpnpccoofpliimaahmaaome":"5AF46F2F1ABCACCB5712A3B53812C1124C4E445E3552A58FC73594AB7E4165B0","nmmhkkegccagdldgiimedpiccmgmieda":"F72F7F39842DD3DE319BE6548E60F527DAA136B3C0174D956C6D1D92EEA24348","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"0CD92EC4DA44E3EEC7B70A39FD458C270EC9360CF01AD42EBDF1BA6D7079FEC3","pjkljhegncpnkpknbcohdijeoejaedia":"DCB9E254C7AB96E7E9C22C189F18583C42DDA407E45CCC37BDF361A1367878E6"}},"google":{"services":{"last_username":"501E0893B1DB649DF424A6B210CA117613B22663785FADC21A743A484A058CD5","username":"B387CCD1D37816CBAC0B3F8ADFCFBD79F529D12D89D4C76D4F673296D5FA3976"}},"homepage":"75D2317D7A2951D113DF97C1A3FDFFAE67A5BE9998DEB27C4663A0B675738987","homepage_is_newtabpage":"D612DFB1568F4A9F9E8CBE9B7D6635C49F590745D8BB97C8C10022C52E15658C","pinned_tabs":"D6DA309CEE4F1D1F3C20F79753A4CC82ED1B785C146CFF645EC6A97F9214E98D","prefs":{"preference_reset_time":"660ECF0CB2DB91F810103EF14D79DBE7B24FA715EFAF139AB01747F267B97D6E"},"profile":{"reset_prompt_memento":"D48D9FDB2503D307B5F46EE2BDE26A0AFFD31603F2156DB63C580CDCA2E5FE06"},"safebrowsing":{"incidents_sent":"43301DA2506A216CFC36EDC733D3DD0E007AB153FDFEE27473666420E51292E8"},"search_provider_overrides":"2107A02DDFB86E3196A8BA31D47F7E9B8E4809BD47C44EC22805C5A3A21489F8","session":{"restore_on_startup":"425CFAEA200A543ECDF987CF270B643DB79392AF3136C696E8D6E69B5DA733FF","startup_urls":"1DC0445FA87F136719C2233220F8E793FE70F0732034AD8147A7F8396E7935A8"},"software_reporter":{"prompt_reason":"2F30BE3937FC58318B0F57AFE58273FFFF740EFC655DE780DC57464F188BB576","prompt_seed":"D66E107D4E051B86790A3975F4B01DC9DA5B13A697894E1AF816EAE713C04B6E","prompt_version":"45500F094384D4213272EAADD627CF25B48D8B48C185326B0E24B2B3A611BB8B"},"sync":{"remaining_rollback_tries":"B7D8C008F5A123E043D3433D0A67A6E829CFA4900FAF1216D13542752A9821EF"}},"super_mac":"A17E5D39AE37D99D94683DFEEA4A302794181B2DBE98F77E43F49BECF8F47FFB"},"session":{"restore_on_startup":4,"startup_urls":["http://google.be/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.thepresentfinder.co.uk_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.thepresentfinder.co.uk_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jlkealnllhajodlnhmfjfmnhelpbaaem_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://isearch.omiga-plus.com/web/?type=dspp&ts=1421069068&from=smt&uid=ST500LT012-9WS142_S0VB1JSWXXXXS0VB1JSW&q={searchTerms}" "Default_Search_URL"="http://isearch.omiga-plus.com/web/?type=dspp&ts=1421069068&from=smt&uid=ST500LT012-9WS142_S0VB1JSWXXXXS0VB1JSW&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Laurens\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Laurens\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully C:\Users\Laurens\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\faststartff@gmail.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\quick_searchff@gmail.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Laurens\Desktop\IsoBuster.lnk - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe C:\Users\Laurens\Desktop\Popcorn Time.lnk - C:\Users\Laurens\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Laurens\Desktop\Spotify.lnk - C:\Users\Laurens\AppData\Roaming\Spotify\Spotify.exe C:\Users\UpdatusUser\Desktop\TimeComX.lnk - C:\Program Files\Bitdreamers\TimeComX Basic\TimeComX.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Age of Mythology Extended Edition.lnk - C:\Program Files (x86)\Age of Mythology Extended Edition\aomx.exe C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\Users\Public\Desktop\OpenVPN Client.lnk - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\prism\openvpn-client.exe C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Public\Desktop\Picexa.lnk - C:\Program Files (x86)\Picexa\Picexa.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe C:\Users\Public\Desktop\The Battle for Middle-earth(tm).lnk - C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth(tm)\lotrbfme.exe C:\Users\Public\Desktop\The Battle for Middle-earth™ II.lnk - C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Laurens\AppData\Roaming\Spotify\Spotify.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Laurens\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Laurens\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Siege II\Dungeon Siege II.lnk - C:\Program Files (x86)\Dungeon Siege II\DungeonSiege2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Siege II\Uninstall Dungeon Siege II.lnk - C:\Program Files (x86)\Dungeon Siege II\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Database Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Spreadsheet Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa\Picexa.lnk - C:\Program Files (x86)\Picexa\Picexa.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa\uninstall.lnk - C:\Program Files (x86)\Picexa\uninstall.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CyberGhost 5.lnk - C:\Program Files\CyberGhost 5\CyberGhost.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1421069024&from=smt&uid=ST500LT012-9WS142_S0VB1JSWXXXXS0VB1JSW C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk - C:\Program Files (x86)\Vuze\Azureus.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Device Fast-lane.lnk - C:\Program Files (x86)\Acer\Acer Device Fast-lane\DeviceFastLaneUI.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Power Button.lnk - C:\Program Files (x86)\Acer\Acer Power Management\ePowerButton.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\clear.fi Media.lnk - C:\Program Files (x86)\Acer\clear.fi Media\ClearfiMedia.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1421069024&from=smt&uid=ST500LT012-9WS142_S0VB1JSWXXXXS0VB1JSW C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type=sc&ts=1421069024&from=smt&uid=ST500LT012-9WS142_S0VB1JSWXXXXS0VB1JSW C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk - C:\Users\Laurens\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Volume Mixer.lnk - C:\Windows\System32\SndVol.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Laurens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jlkealnllhajodlnhmfjfmnhelpbaaem deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{447f77b7-9433-4a8b-b657-79e1c71898f6}_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Laurens\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Laurens\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Laurens\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Laurens\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Laurens\AppData\Local\Mozilla\Firefox\Profiles\wd2ijmsu.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Laurens\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Laurens\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1057 folders=252 239355111 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Laurens\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Laurens\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Zapp\stdmfpam.dll" not found "C:\PROGRA~2\Zapp\stdmfpam.dll" not found "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Program Files (x86)\Zapp" not found "C:\Program Files (x86)\Picexa" not found "C:\PROGRA~2\Zapp" not found ==== EOF on wo 03/06/2015 at 15:51:41,93 ======================