Zoek.exe v5.0.0.0 Updated 23-08-2014 Tool run by whirless on za 23-08-2014 at 13:14:55,65. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\whirless\Favorites\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23-8-2014 13:17:11 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\findopolis deleted successfully C:\PROGRA~2\RegClean Pro deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\Paltalk Messenger deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Nokia deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\whirless\AppData\Roaming\Nokia Suite deleted successfully C:\Users\whirless\AppData\Roaming\PerformerSoft deleted successfully C:\Users\whirless\AppData\Roaming\U3 deleted successfully C:\Users\whirless\AppData\Local\cache deleted successfully C:\Users\whirless\AppData\Local\CrashDumps deleted successfully C:\Users\whirless\AppData\Local\MusicPlayer deleted successfully C:\Users\whirless\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{53A7D356-81C9-40CC-93ED-C80E3494F6B5} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7F8E8A96-24EF-48BE-BBDE-1563357AB438} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199} deleted successfully HKEY_CLASSES_ROOT\CLSID\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully ==== Running Processes ====================== C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Zapp\WConnectorProductivity.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe C:\Users\whirless\AppData\Roaming\Massive Media\Twoo.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\whirless\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe C:\Users\whirless\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\fst_nl_61\fst_nl_61.exe C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\whirless\Favorites\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\globalUpdatem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\videodownloadconverter_4zservice deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951199}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14264a21-01fa-455f-a9c4-7c8b3d82b6f6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- "fst_nl_61"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\findopolis not found "C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job,f C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job" not found C:\Program Files (x86)\video MediaPlay-Air deleted C:\Program Files (x86)\SupTab deleted C:\Program Files (x86)\VideoDownloadConverter_4z deleted C:\Program Files (x86)\globalUpdate deleted C:\Users\whirless\AppData\Roaming\newnext.me deleted C:\ProgramData\IePluginServices deleted C:\ProgramData\WindowsMangerProtect deleted C:\Users\whirless\AppData\Roaming\webssearches deleted C:\Users\whirless\AppData\Local\genienext deleted C:\Users\whirless\daemonprocess.txt deleted C:\Users\whirless\.android deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\Vittalia deleted C:\PROGRA~2\Betcat deleted C:\PROGRA~2\OpenIt deleted C:\PROGRA~2\MyFree Codec deleted C:\Program Files\Zapp deleted C:\PROGRA~2\Systweak Support Dock deleted C:\PROGRA~2\Perion deleted C:\Users\whirless\AppData\Roaming\speedanalysis.ico deleted C:\Users\whirless\AppData\Roaming\DigitalSites deleted C:\Users\whirless\AppData\Roaming\FoxTab deleted C:\Users\whirless\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted C:\Users\whirless\AppData\Roaming\SpeedTestAnalysis deleted C:\Users\whirless\AppData\Roaming\Betcat deleted C:\Users\whirless\AppData\Roaming\Web Cake deleted C:\Users\whirless\AppData\Roaming\Babylon deleted C:\Users\whirless\AppData\Roaming\SimplyTech deleted C:\Users\whirless\AppData\Roaming\DSite deleted C:\Users\whirless\AppData\Roaming\Systweak deleted C:\Users\whirless\Qtrax deleted C:\Users\whirless\Music\Qtrax Media Library deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\DSearchLink deleted C:\PROGRA~3\Allmyapps deleted C:\PROGRA~3\IBUpdaterService deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\whirless\AppData\Local\globalUpdate deleted C:\Users\whirless\AppData\Local\VideoDownloadConverter_4z deleted C:\Users\whirless\AppData\Local\SearchProtect deleted C:\Users\whirless\AppData\Local\fst_nl_61 deleted C:\Users\whirless\AppData\Local\IAC deleted C:\Users\whirless\AppData\Local\Local_Weather_LLC deleted C:\Users\whirless\AppData\Local\WebPlayer deleted C:\Users\whirless\AppData\Local\Mobogenie deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! deleted C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PricePeepUpdater.lnk deleted C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie deleted C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts deleted C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk deleted C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\SystemSockets deleted C:\windows\SysNative\Tasks\Browser Updater deleted C:\Windows\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-1.job deleted C:\Windows\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-11.job deleted C:\Windows\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-3.job deleted C:\Windows\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-6.job deleted C:\windows\SysNative\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-1 deleted C:\windows\SysNative\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-11 deleted C:\windows\SysNative\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-3 deleted C:\windows\SysNative\Tasks\41a6a96e-7f2a-46ce-80e8-62725167ce7d-6 deleted C:\windows\SysNative\Tasks\DSite deleted C:\Users\whirless\Searches deleted C:\Users\whirless\AppData\LocalLow\VideoDownloadConverter_4z deleted C:\Users\whirless\AppData\LocalLow\IAC deleted C:\Users\whirless\AppData\LocalLow\Softonic deleted C:\Users\whirless\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\whirless\AppData\LocalLow\SimplyTech deleted C:\windows\SysNative\tasks\QtraxPlayer deleted C:\windows\SysNative\tasks\Digital Sites deleted C:\Windows\tasks\Digital Sites.job deleted C:\Windows\tasks\DSite.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job deleted C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore deleted C:\windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA deleted C:\Windows\tasks\FoxTab.job deleted C:\windows\SysNative\tasks\FoxTab deleted C:\END deleted C:\Windows\Launcher.exe deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\whirless\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com deleted "C:\Windows\Installer\828f9.msi" deleted "C:\Program Files (x86)\Zapp\WConnectorProductivity.exe" deleted "C:\Program Files (x86)\fst_nl_61\fst_nl_61.exe" deleted "C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe" deleted "C:\PROGRA~2\fst_nl_61\fst_nl_61.exe" deleted "C:\PROGRA~2\PricePeep\PricePeepUpdater.exe" deleted "C:\PROGRA~2\Zapp\WConnectorProductivity.exe" deleted "C:\Users\whirless\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe" deleted "C:\Users\whirless\AppData\Local\WeatherAlerts\WeatherAlerts.exe" deleted "C:\Program Files (x86)\Zapp" not deleted "C:\Program Files (x86)\fst_nl_61" deleted "C:\Program Files (x86)\PricePeep" deleted "C:\PROGRA~2\fst_nl_61" deleted "C:\PROGRA~2\PricePeep" deleted "C:\PROGRA~2\Zapp" not deleted "C:\Users\whirless\AppData\Local\WeatherAlerts" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 5963 MB CPU Info: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz CPU Speed: 2403,1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 444,0GB Hard Disks - Free: C: 244,2GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Type2 - Board Vendor Name1 VA70_HC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Kaspersky PURE 3.0 On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky PURE 3.0 disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky PURE 3.0 disabled Default Browser: Google Chrome 36.0.1985.143 Internet Explorer Version: 10.0.9200.16580 Google Chrome version: 36.0.1985.143 Adobe Reader version: 9.0.0.2008061200 Sun Java version: 1.7.0_45 (32-bit) Flash Player version: 14.0.0.145 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\whirless\AppData\Local\Temp ==== 2014-08-23 09:55:15 BCB0728F4B117855765CE8FE883B5E9B 1536 ----a-w- C:\Users\whirless\AppData\Local\Temp\NOSEventMessages.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-08-22 08:39:29 3DCC8838C4EF07D17E9191FAB347DD06 78200 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-22 08:39:28 F6C59620B6188A40E986CD2874C810E9 693112 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-23 11:08:16 1FAD005ACDDA357783963706CD1D3C46 3369944 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2014-08-21 17:59:23 AFB0FFB0E349B72EB335BDE6FDFD164B 144896 ----a-w- C:\Windows\Sysnative\tssdisai.dll 2014-08-21 13:00:06 48DA65F29BB4C5AD21EC67C2D64700D6 64856 ----a-w- C:\Windows\Sysnative\klfphc.dll ====== C:\Windows\Sysnative\drivers ===== 2014-08-21 12:59:25 A6B7212B3735C7B4ABD602E78573F970 67344 ----a-w- C:\Windows\Sysnative\drivers\CSVirtualDiskDrv.sys 2014-08-21 12:59:18 8128B65589C944622D6809C144972ECF 98064 ----a-w- C:\Windows\Sysnative\drivers\CSCrySec.sys 2014-08-21 12:58:34 F26A21FE88CB263D4CC327C6C5589F48 627264 ----a-w- C:\Windows\Sysnative\drivers\klif.sys 2014-08-21 12:58:34 848E412FCE7485E2657EDF212E5EDC47 92768 ----a-w- C:\Windows\Sysnative\drivers\klflt.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-21 17:02:55 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-08-21 19:50:01 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2014-08-21 12:58:46 -------- d-----w- C:\PROGRA~2\COMMON~1\InfoWatch 2014-08-21 12:58:44 -------- d-----w- C:\PROGRA~2\Kaspersky Lab 2014-08-08 15:42:17 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype ======= C: ===== ====== C:\Users\whirless\AppData\Roaming ====== ====== C:\Users\whirless ====== 2014-08-21 17:31:13 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\whirless\Downloads\RSITx64 (1).exe 2014-08-21 17:00:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\whirless\Downloads\RSITx64.exe 2014-08-21 12:58:44 -------- d-----w- C:\ProgramData\Kaspersky Lab 2014-08-21 12:44:30 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\whirless\Downloads\pure13.0.2.558nl-nl (3).exe 2014-08-21 09:38:11 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\whirless\Downloads\pure13.0.2.558nl-nl (2).exe 2014-08-21 09:37:25 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\whirless\Downloads\pure13.0.2.558nl-nl (1).exe 2014-08-21 09:31:46 2839BF9E2B335A27EA13434F4CC12242 213549896 ----a-w- C:\Users\whirless\Downloads\pure13.0.2.558nl-nl.exe ====== C: exe-files == 2014-08-23 11:06:07 10B17CBA2BFA40DE1B6F8C5E996172EA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-201003595-3411674417-2857927949-1001\$IX585AV.exe 2014-08-23 10:54:38 AB55DC0DF1DA6712DDF0C6D34A5B8519 648035 ----a-w- C:\$Recycle.Bin\S-1-5-21-201003595-3411674417-2857927949-1001\$RX585AV.exe 2014-08-21 17:03:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\whirless.exe 2014-08-21 16:56:47 C1DEA1E17DCF8CEFF46D3C9573C2B270 16480 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\patch_e.exe 2014-08-21 16:56:39 55EB89C0ABC7189850321723F57FEEAA 2011328 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spuiamanager.exe 2014-08-21 16:56:38 87BDE6928835D34BE2AAE0ED0BEEA9B0 2113216 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spnmhost.exe 2014-08-21 16:56:12 95945D5465BFEB8469634E76F06FFCBF 64192 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\patch_f_nm.exe 2014-08-17 13:17:35 C56CB929FDC62BA6AFA025C0DF95CA73 1836624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe === C: other files == 2014-08-21 16:56:35 5D1971103016CBD45FD6C07EB8127105 90424 ----a-w- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\kpmautofillnm.crx 2014-08-21 16:56:07 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\klflt.sys 2014-08-21 16:56:07 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\klif.sys 2014-08-21 16:56:07 1C6256096A341051509D36AD724830BE 7717984 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\kl1.sys 2014-08-21 16:56:07 1B5B924D27399F41DECD1CC6D706429F 28504 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\602\klim6.sys 2014-08-21 16:56:05 1B5B924D27399F41DECD1CC6D706429F 28504 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\602\p\klim6.sys 2014-08-21 16:56:04 5F247D87B44E26AED440A063A7A4FDB7 625760 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\p\klif.sys 2014-08-21 16:56:03 92EE9BE40D03544C5A99FA0153A5E746 90208 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_f_\drv64\602\p\klflt.sys 2014-08-21 16:56:02 1C6256096A341051509D36AD724830BE 7717984 ----a-w- C:\ProgramData\Kaspersky Lab\PURE13\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kts9\13.0.2.558_e_\drv64\p\kl1.sys 2014-08-21 12:59:25 A6B7212B3735C7B4ABD602E78573F970 67344 -c--a-w- C:\Windows\System32\DRVSTORE\CSVirtualD_774BA42A286DBEC815683B6FC00FE66744D4B93B\win8\amd64\CSVirtualDiskDrv.sys 2014-08-21 12:59:25 A6B7212B3735C7B4ABD602E78573F970 67344 ----a-w- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys 2014-08-21 12:59:18 8128B65589C944622D6809C144972ECF 98064 -c--a-w- C:\Windows\System32\DRVSTORE\CSCrySec_w_774BA42A286DBEC815683B6FC00FE66744D4B93B\win8\amd64\CSCrySec.sys 2014-08-21 12:59:18 8128B65589C944622D6809C144972ECF 98064 ----a-w- C:\Windows\System32\Drivers\CSCrySec.sys 2014-08-21 12:58:34 F26A21FE88CB263D4CC327C6C5589F48 627264 ----a-w- C:\Windows\System32\Drivers\klif.sys 2014-08-21 12:58:34 848E412FCE7485E2657EDF212E5EDC47 92768 ----a-w- C:\Windows\System32\Drivers\klflt.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "Twoo"="C:\Users\whirless\AppData\Roaming\Massive Media\Twoo.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "HP Officejet 4620 series (NET)"="C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe -deviceID CN3BF350JH05RT:NW -scfn HP Officejet 4620 series (NET) -AutoStart 1" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BakupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -k -h" "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup" "Twoo"="C:\Users\whirless\AppData\Roaming\Massive Media\Twoo.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "HP Officejet 4620 series (NET)"="C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe -deviceID CN3BF350JH05RT:NW -scfn HP Officejet 4620 series (NET) -AutoStart 1" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" "Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SupTab\\SEARCH~1.DLL" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MRT"="C:\Windows\system32\MRT.exe /R" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Folders ====================== 2013-10-11 12:35:52 1318 ----a-w- C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk 2014-03-24 17:11:50 1944 ----a-w- C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 4620 series (netwerk).lnk 2013-03-16 15:22:09 1260 ----a-w- C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2012-09-11 17:41:11 2173 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk 2013-10-21 09:55:48 2063 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-07-2014 12:00] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-201003595-3411674417-2857927949-1001Core.job --a-------- C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe [25-11-2013 09:56] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-201003595-3411674417-2857927949-1001UA.job --a-------- C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe [25-11-2013 09:56] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-03-2013 20:26] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12-03-2013 20:26] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-201003595-3411674417-2857927949-1001Core" [C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-201003595-3411674417-2857927949-1001UA" [C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP AR Program Upload - e11d1660b98e447dbc0db67c43df1a83d1b03903f2e946f98925dd31e24adef7" [C:\Program Files\HP\HP Officejet 4620 series\bin\HPRewards.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Officejet 4620 series" ["C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\Windows\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [21-08-2014 18:56] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "speedtestanalysis@SpeedAnalysis.com"="C:\Users\whirless\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\whirless\AppData\Roaming\TomTom\HOME\Profiles\k0ax6nu3.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions amafncpnfnbmmcndbaddjfhohmakongn - C:\Program Files (x86)\Zapp\chrome\Zapp.crx[] dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[28-11-2013 12:06] efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[08-05-2014 15:49] kckgnnipheglejoddfhekdjpbdbinhmb - C:\Users\whirless\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx[] lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[] niogeckbkdcabhnapjbkeiklablhjoca - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx[] pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[] pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[28-11-2013 12:06] Zapp - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amafncpnfnbmmcndbaddjfhohmakongn Google Docs - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Kaspersky URL Advisor - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj video MediaPlay-Air - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf Adobe Acrobat - Create PDF - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj Speed Test Analysis - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb PricePeep - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\licjnkifamhpbaefhdpacpmihicfbomb Kaspersky Protection - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh IncrediBar for Chrome\u2122 - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca Google Wallet - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Anti-Banner - whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman ==== Chromium Startpages ====================== C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences "homepage": "http://www.delta-search.com/?babsrc=HP_ss&mntrId=6C9F20689D25A14F&affID=119357&tl=kwdg1y2j8h38&tsp=5024", "startup_urls": [ "http://www.delta-search.com/?babsrc=HP_ss&mntrId=6C9F20689D25A14F&affID=119357&tl=kwdg1y2j8h38&tsp=5024" ], ==== Chrome Fix ====================== C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amafncpnfnbmmcndbaddjfhohmakongn deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kckgnnipheglejoddfhekdjpbdbinhmb_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niogeckbkdcabhnapjbkeiklablhjoca_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_niogeckbkdcabhnapjbkeiklablhjoca_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\licjnkifamhpbaefhdpacpmihicfbomb deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0.localstorage deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\databases\chrome-extension_dnaojefanpmakfgcaliphepgoiiafmpf_0 deleted successfully C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\dnaojefanpmakfgcaliphepgoiiafmpf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NAV&pvid=21.4.0.13" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX&q={searchTerms}" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NAV&pvid=21.4.0.13" "Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX&q={searchTerms}" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX&q={searchTerms}" "Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NAV&pvid=21.4.0.13" "Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX&q={searchTerms}" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=NL&userid=d645784f-5023-4b8f-8205-744d6b2d4f1d&sp=addr&q={searchTerms}&t=b0218" "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=NL&userid=d645784f-5023-4b8f-8205-744d6b2d4f1d&sp=addr&q={searchTerms}&t=b0218" "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" "(Default)"="http://search.certified-toolbar.com?si=64843&st=bs&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.certified-toolbar.com?si=64843&st=newtab&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "newtab"="about:tabs" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://search.certified-toolbar.com?si=64843&st=newtab&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "newtab"="about:tabs" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "SearchAssistant"="http://www.bing.com/search?q={searchTerms}" "Start Page"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=64843&st=home&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA" "Search Bar"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" "Search Page"="http://search.certified-toolbar.com?si=64843&tid=6581&ver=5.5&ts=1388391324137&tguid=64843-6581-1388391324137-24AFF4C61BD16FCCE86C1DA9B99BA4BA&st=chrome&q=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{afdbddaa-5d3f-42ee-b79c-185a7020515b}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NAV&pvid=21.4.0.13" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} Bing Url="http://www.bing.com/search?q={searchTerms}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZEU_nlNL522" {8A244612-A1F7-11E0-95C0-E71F4824019B} Search Url="http://badoo.com/startpage/?source=bsb&q={searchTerms}" {E0C3A313-0E5F-473E-9AB2-10BB29FA93F1} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E0C3A313-0E5F-473E-9AB2-10BB29FA93F1} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-201003595-3411674417-2857927949-1001\Software\mozilla\Firefox\Extensions\speedtestanalysis@SpeedAnalysis.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedtestanalysis@SpeedAnalysis.com deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Photoshop Elements 11.lnk - C:\Program Files (x86)\Adobe\Elements 11 Organizer\Photoshop Elements 11.0.exe C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Benodigdheden kopen - HP Officejet 4620 series.lnk - C:\Program Files (x86)\HP\HP Officejet 4620 series\Bin\hpqDTSS.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\HP Officejet 4620 series.lnk - C:\Program Files (x86)\HP\HP Officejet 4620 series\Bin\HP Officejet 4620 series.exe -Start UDCDevicePage C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe C:\Users\Public\Desktop\Lightroom 3.2 64-bits.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 3.2\lightroom.exe C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Public\Desktop\Systweak Support Dock.lnk - C:\Program Files (x86)\Systweak Support Dock\SystweakDock.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -gui_starter C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Download Manager.lnk - C:\Users\Public\Downloads\Norton\{NBRT50-B26-Retail-4abb-B07C-C084B04B4F12}\NBRT-Retail-Downloader.exe C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Installation Files.lnk - C:\Users\Public\Downloads\Norton\{NBRT50-B26-Retail-4abb-B07C-C084B04B4F12} C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 4620 series (netwerk).lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3BF350JH05RT;CONNECTION=NW;MONITOR=1; ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Disk Recovery.lnk - C:\Program Files (x86)\Advanced Disk Recovery\HighestAvailable.exe C:\Program Files (x86)\Advanced Disk Recovery\AdvancedDiskRecovery.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Cleaner.lnk - C:\Program Files (x86)\PC Cleaner\PCCleaner.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Systweak Support Dock.lnk - C:\Program Files (x86)\Systweak Support Dock\SystweakDock.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 1" C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Device Fast-lane.lnk - C:\Program Files (x86)\Acer\Acer Device Fast-lane\DeviceFastLaneUI.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Power Button.lnk - C:\Program Files (x86)\Acer\Acer Power Management\ePowerButton.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Libraries C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1405326636&from=tugs&uid=HitachiXHTS545050A7E380_TEJ51239HR1ABXHR1ABXX C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -gui_starter C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\whirless\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\whirless\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\amafncpnfnbmmcndbaddjfhohmakongn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kckgnnipheglejoddfhekdjpbdbinhmb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{c4b22070-e532-4443-b84b-930325e6dcc2}_is1 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D14143D5782BEE842A45208B63A8E465 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [BakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\whirless\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [Twoo] "C:\Users\whirless\AppData\Roaming\Massive Media\Twoo.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3BF350JH05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\whirless\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Facebook Messenger.lnk = whirless\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe O4 - Startup: Inktwaarschuwingen controleren - HP Officejet 4620 series (netwerk).lnk = ? O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\whirless\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\whirless\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Geïmporteer 30e\AppData\Local\Microsoft\Windows\Temporary I 4e4\Content.IE5 emptied successfully C:\Users\whirless\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Geïmporteer 30e\AppData\Local\Microsoft\Windows\Temporary I 4e4\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\whirless\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YGK1L4P will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\whirless\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2192 folders=424 276020609 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\whirless\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\whirless\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Zapp" not found "C:\PROGRA~2\Zapp" not found "C:\Users\whirless\AppData\Local\WeatherAlerts" not found "C:\Users\whirless\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9YGK1L4P" not found ==== EOF on za 23-08-2014 at 13:37:16,96 ======================