Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Milo on zo 21/06/2015 at 12:15:01,65. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: E:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 21/06/2015 12:57:50 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\1ClickDownload deleted successfully C:\PROGRA~2\predm deleted successfully C:\PROGRA~2\Probit Software deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\2f58e5d000002b5e deleted successfully C:\PROGRA~3\6455b0b200001200 deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Evernote deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\PMS deleted successfully C:\PROGRA~3\T122078ED deleted successfully C:\Users\Milo\AppData\Roaming\systweak deleted successfully C:\Users\Milo\AppData\Roaming\TP deleted successfully C:\Users\Milo\AppData\Roaming\WebExtend deleted successfully C:\Users\Milo\AppData\Local\SwvUpdater deleted successfully C:\Users\Milo\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9C57E8CA-B68D-4158-AFF9-08B64E34F55C} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D4AC13BE-F16E-45A1-B3FE-C563E9D9E668} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F4AE0DC2-FAAE-4166-BF3E-1AEBD13EDB5F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully ==== Running Processes ====================== C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe C:\ProgramData\Csaujeul\1.0.1.0\oamomcla.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe c:\windows\dsz.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files (x86)\XTab\ProtectService.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\mdsz.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\ProgramData\YCqtsYOZSPZ\mRbYKR.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\XTab\cmdshell.exe C:\Program Files (x86)\XTab\HPNotify.exe C:\Users\Milo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\ProgramData\Csaujeul\1.0.1.0\oamomcla.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\ProgramData\{3c7bf633-6a9d-6e63-3c7b-bf6336a9d8cd}\hqghumeaylnlf.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Registry Helper\RegistryHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Optimizer Pro 3.86\OptProReminder.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe E:\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mRbYKR deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mRbYKR deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4abaf598 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\4abaf598 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\831025e8 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\831025e8 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dealplylivem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dealplylivem deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dealplylive deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dealplylive deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Registry Helper Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WindowsMangerProtect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Milo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20152106_1313_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 {87775fdb-6972-41f9-ae51-8326e38cb206} ==== Deleting Files \ Folders ====================== C:\PROGRA~2\1ClickDownload not found C:\PROGRA~2\predm not found C:\PROGRA~2\Probit Software not found {87775fdb-6972-41f9-ae51-8326e38cb206} not found C:\PROGRA~3\Conduit deleted C:\PROGRA~2\broWasseandshhop deleted C:\PROGRA~2\browseuanndshop deleted C:\PROGRA~2\cheap4alul deleted C:\PROGRA~2\CHeeap4alll deleted C:\PROGRA~2\DiscounTLoCiatOOR deleted C:\PROGRA~2\DiusciOunntLocatoR deleted C:\PROGRA~2\fastsalER deleted C:\PROGRA~2\QuueennCuoupoN deleted C:\PROGRA~2\rocokeTdeaal deleted C:\PROGRA~2\LinkModule deleted C:\PROGRA~2\broWseandsahhop deleted C:\PROGRA~2\cheAp4alll deleted C:\PROGRA~2\Do Not Disturb deleted C:\PROGRA~2\Do Share deleted C:\Users\Milo\AppData\Roaming\beWeb deleted C:\PROGRA~2\nitrooDeal deleted C:\PROGRA~2\Instair Speed Dial deleted C:\windows\SysNative\Tasks\Csaujeul deleted C:\windows\SysNative\Tasks\VidMustSee deleted C:\PROGRA~3\{f1b27a77-dd7f-12d5-f1b2-27a77dd7e9df} deleted C:\Users\Milo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\hqghumeaylnlf.lnk deleted C:\PROGRA~3\15491930211503882094 deleted C:\Users\Milo\AppData\LocalLow\Conduit deleted C:\Users\Milo\AppData\LocalLow\uTorrentBar_NL deleted C:\Users\Milo\AppData\LocalLow\WhiteSmoke_New_V6 deleted C:\Users\Milo\SupTab deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\ExpressFiles deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\DealPlyLive deleted C:\PROGRA~2\XTab deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\PROGRA~2\uTorrentBar_NL deleted C:\PROGRA~2\Yontoo deleted C:\PROGRA~2\MixVideoPlayer deleted C:\PROGRA~2\Incredibar.com deleted C:\PROGRA~2\Claro LTD deleted C:\PROGRA~2\WhiteSmoke_New_V6 deleted C:\PROGRA~2\Gophoto.it deleted C:\PROGRA~2\globalUpdate deleted C:\PROGRA~2\SweetIM deleted C:\PROGRA~2\Conduit deleted C:\Program Files\Web Assistant deleted C:\user.js deleted C:\SearchProtect deleted C:\Users\Milo\AppData\Roaming\WB.CFG deleted C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk deleted C:\Users\Milo\AppData\Roaming\istartsurf deleted C:\Users\Milo\AppData\Roaming\ExpressFiles deleted C:\Users\Milo\AppData\Roaming\Babylon deleted C:\Users\Milo\AppData\Roaming\Dealply deleted C:\Users\Milo\AppData\Roaming\Optimizer Pro deleted C:\Users\Milo\AppData\Roaming\OpenCandy deleted C:\Users\Milo\Qtrax deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\DealPlyLive deleted C:\PROGRA~3\IHProtectUpDate deleted C:\PROGRA~3\SweetIM deleted C:\PROGRA~3\Browser deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\Users\Milo\AppData\Local\CRE deleted C:\Users\Milo\AppData\Local\gmsd_be_152 deleted C:\Users\Milo\AppData\Local\globalUpdate deleted C:\Users\Milo\AppData\Local\DealPlyLive deleted C:\Users\Milo\AppData\Local\DirectDownloader deleted C:\Users\Milo\AppData\Local\Installer deleted C:\Users\Milo\AppData\Local\CrashRpt deleted C:\Users\Milo\AppData\Local\Conduit deleted C:\Windows\SysNative\config\systemprofile\AppData\Local\mixvideoplayer deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\BrowserWeb deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\SearchProtect deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Windows\Tasks\Dealply.job deleted C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job deleted C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job deleted C:\Windows\Tasks\SpeedUpMyPC.job deleted C:\windows\SysNative\Tasks\Dealply deleted C:\windows\SysNative\Tasks\DealPlyLiveUpdateTaskMachineCore deleted C:\windows\SysNative\Tasks\DealPlyLiveUpdateTaskMachineUA deleted C:\windows\SysNative\Tasks\DealPlyUpdate deleted C:\windows\SysNative\dmwu.exe deleted C:\Users\Public\Documents\ShopperPro deleted C:\Users\Milo\Downloads\iLividSetup.exe deleted C:\Users\Milo\Downloads\FreeYouTubeToMP3Converter.exe deleted C:\Users\Milo\AppData\LocalLow\SkwConfig.bin deleted C:\Users\Milo\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\Milo\AppData\LocalLow\Incredibar.com deleted C:\Users\Milo\AppData\LocalLow\PriceGong deleted C:\Windows\tasks\QYFBZVT.job deleted C:\windows\SysNative\tasks\QYFBZVT deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\Tasks\Express FilesUpdate deleted C:\windows\SysNative\tasks\ASP deleted C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted C:\windows\SysNative\tasks\Easy Driver Pro Schedule deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\jmdp deleted C:\Windows\Syswow64\ARFC deleted C:\Windows\Syswow64\WNLT deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\SearchProtect deleted C:\Users\Milo\Documents\Optimizer Pro deleted C:\Users\Milo\Documents\Probit Software deleted C:\Users\Public\Desktop\Express Files.lnk deleted C:\Users\Public\Desktop\Registry Helper.lnk deleted C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4} deleted C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted C:\Users\Milo\Desktop\Optimizer Pro.lnk deleted C:\Users\Milo\Desktop\MixVideoPlayer.lnk deleted C:\Users\Milo\AppData\Roaming\QYFBZVT.exe deleted C:\Users\Milo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com deleted "C:\Windows\Installer\8a31b.msi" deleted "C:\Windows\Installer\8a320.msi" deleted "C:\Windows\Installer\8a316.msi" deleted "C:\Users\Milo\AppData\Roaming\QYFBZVT" deleted "C:\Windows\Syswow64\RegistryHelperLM.ocx" deleted "C:\Users\Milo\AppData\Roaming\PMS\PMS.conf" deleted "C:\PROGRA~3\YCqtsYOZSPZ\info.dat" not deleted "C:\PROGRA~3\YCqtsYOZSPZ\mRbYKR.dat" not deleted "C:\PROGRA~3\YCqtsYOZSPZ\mRbYKR.exe" deleted "C:\PROGRA~3\{3c7bf633-6a9d-6e63-3c7b-bf6336a9d8cd}\4be1ead08a7671d8" deleted "C:\PROGRA~3\{3c7bf633-6a9d-6e63-3c7b-bf6336a9d8cd}\861c4c85ada2960c" deleted "C:\PROGRA~3\{3c7bf633-6a9d-6e63-3c7b-bf6336a9d8cd}\hqghumeaylnlf.exe" deleted "C:\PROGRA~2\Uniblue\SpeedUpMyPC\spmonitor.exe" deleted "C:\PROGRA~2\Easy Speed Check\cwebpage.dll" deleted "C:\PROGRA~2\Easy Speed Check\easyspeedcheck.exe" deleted "C:\PROGRA~2\Easy Speed Check\libcurl.dll" deleted "C:\PROGRA~2\Easy Speed Check\libeay32.dll" deleted "C:\PROGRA~2\Easy Speed Check\libgcc_s_dw2-1.dll" deleted "C:\PROGRA~2\Easy Speed Check\libidn-11.dll" deleted "C:\PROGRA~2\Easy Speed Check\libstdc++-6.dll" deleted "C:\PROGRA~2\Easy Speed Check\ssleay32.dll" deleted "C:\PROGRA~2\Easy Speed Check\zlib1.dll" deleted "C:\PROGRA~2\Registry Helper\RegistryHelper.exe" deleted "C:\Users\Milo\AppData\Roaming\Uniblue\SpeedUpMyPC\monitor.log" deleted "C:\Users\Milo\AppData\Roaming\Uniblue\SpeedUpMyPC\monitor.log" deleted "C:\Users\Milo\AppData\Roaming\PMS" deleted "C:\PROGRA~3\YCqtsYOZSPZ" not deleted "C:\PROGRA~3\{3c7bf633-6a9d-6e63-3c7b-bf6336a9d8cd}" deleted "C:\PROGRA~2\Uniblue\SpeedUpMyPC" deleted "C:\PROGRA~2\Easy Speed Check" deleted "C:\PROGRA~2\Registry Helper" deleted "C:\Users\Milo\AppData\Roaming\Uniblue" deleted "C:\Users\Milo\AppData\Roaming\Uniblue\SpeedUpMyPC" deleted "C:\Users\Milo\AppData\Local\mixvideoplayer" deleted "C:\Users\Milo\AppData\Roaming\Uniblue\SpeedUpMyPC" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8044 MB CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPU Speed: 2500,1 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | NVIDIA GeForce 610M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 802.11n Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 447,7GB | Q: 0,0MB Hard Disks - Free: C: 279,0GB | Q: 0,0MB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 03/16/12 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer JE50_HR Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: speed browser 40.0.2214.45 Internet Explorer Version: 11.0.9600.17843 Google Chrome version: 43.0.2357.124 Adobe Reader version: 10.1.5.33 Sun Java version: 1.7.0_45 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Milo\AppData\Local\Temp ==== 2015-06-18 22:19:59 9714BCA07964180DBC9B6494A5BB34FD 6656 ----a-w- C:\Users\Milo\AppData\Local\Temp\Hibiki.dll 2015-06-18 22:19:57 ACB60A65E2CE55DF5AAFF4E54EA1B648 192000 ----a-w- C:\Users\Milo\AppData\Local\Temp\557F.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-06-18 22:35:33 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2015-06-18 22:35:32 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2015-06-18 22:35:32 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2015-06-18 22:35:32 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2015-06-18 22:35:32 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll 2015-06-18 22:33:47 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-06-18 22:33:47 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2015-06-18 22:33:47 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-06-18 22:33:47 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2015-06-18 22:33:46 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-06-18 22:33:46 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-06-18 22:33:46 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-18 22:33:46 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-06-18 22:33:46 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-18 22:33:46 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-06-18 22:33:46 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-06-18 22:33:46 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-06-18 22:33:45 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-06-18 22:33:45 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-06-18 22:33:45 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-06-18 22:33:45 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-06-18 22:33:40 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2015-06-18 22:33:39 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-06-18 22:33:39 6C730482615C97B923B88C648FF554A3 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-06-18 22:33:39 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-06-18 22:33:38 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-06-18 22:33:38 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-06-18 22:33:38 558227F567E977D71B9182013EF03E9C 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-06-18 22:33:37 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-06-18 22:33:37 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-06-18 22:33:37 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-06-18 22:33:36 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-06-18 22:33:35 F81920ADB15012CF4E9FF8238C85686A 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-06-18 22:33:35 F72A9953199EF5807D595AE3694B5D01 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-06-18 22:33:35 D877133532CE090502B1166B360E9516 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-06-18 22:33:35 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-06-18 22:33:35 8C7635292CFF4901F058269454A1D64E 1310744 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-06-18 22:33:35 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-06-18 22:32:37 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2015-06-18 22:28:55 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-06-18 22:28:54 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-06-18 22:28:54 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-06-18 22:28:54 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-18 22:28:52 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-06-18 22:28:52 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-06-18 22:28:52 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-06-18 22:28:52 7C9F8DB66A56306C5BBE97F9FC0F01EF 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-06-18 22:28:50 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-18 22:28:48 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-06-18 22:28:48 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-06-18 22:28:48 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-06-18 22:28:48 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-06-18 22:28:48 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-06-18 22:28:48 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-06-18 22:28:47 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-06-18 22:28:46 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-06-18 22:28:46 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-06-18 22:28:46 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-06-18 22:28:46 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-18 22:28:46 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-06-18 22:28:46 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-06-18 22:28:45 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-06-18 22:28:45 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-06-18 22:28:45 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-18 22:28:45 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-06-18 22:28:45 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-06-18 22:28:45 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-06-18 21:58:20 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-06-18 22:35:30 9D80A82B0BB77AC3EF6A87FA0C534E20 14635008 ----a-w- C:\Windows\Sysnative\wmp.dll 2015-06-18 22:35:30 51ECEE70F33601310DDEF3EEE39550D3 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2015-06-18 22:35:29 834FD7C31EA16D59CC3B2DC60F2F2620 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2015-06-18 22:35:29 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2015-06-18 22:35:29 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2015-06-18 22:35:24 B23AB4C401E2DE02C47B7497D41E2318 757248 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-06-18 22:35:23 6F07FC190DBCB42C8A5319235F72F906 423424 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-06-18 22:35:22 52DEF4C743C2EABD6BD3EDC790A0E778 1021440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-06-18 22:35:21 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-06-18 22:35:21 CFF429F2234C1D1A5993E80F46C37CFB 1119232 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-06-18 22:35:21 6E2EB5A36C3CCD917F7FF9BED7C1390E 45568 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-06-18 22:35:21 587BBA3B3959144334700EC48232712F 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-06-18 22:35:20 2DCA988113A02EB9BCB98A5DC2D34E57 700416 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-06-18 22:33:11 FF9BBFAE899091C1FF0D1A3F2C587911 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-06-18 22:33:11 D68690450978D127E030FB14E9B2023B 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-06-18 22:33:11 5A17FF38EDE95B2313E428BF444126D7 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-06-18 22:33:11 2313AF8D5A9CEB4A55400A01DD311A95 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-06-18 22:33:11 20BD408AC3F8576997D6A47F48A1C5B2 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-06-18 22:33:10 8A4EB32C7C948F70EAC6F85063596A39 36864 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2015-06-18 22:33:09 CCB352B939B77B38983DD878C547451F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-06-18 22:33:09 AA5319FA8602676B5D3A2B4A1355896D 1255424 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2015-06-18 22:33:09 66DF73B202105406602941778792FE3D 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2015-06-18 22:33:09 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-06-18 22:33:09 11D5815F0DC571CE3C72213B375860B1 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-06-18 22:33:08 AF557D115972A73964FC8F209300948A 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-06-18 22:33:08 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-06-18 22:33:07 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2015-06-18 22:33:07 AD54856A16B635720B0BE5FAF44526FC 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-06-18 22:33:07 A5F57F4866C2DC7F8215058D7D56BD21 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-06-18 22:33:07 996EE6571ADB880A60846DD02C8D5869 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-06-18 22:33:07 6ECD6D92F43C2DC55099F892978D5BE7 728576 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-06-18 22:33:07 4F90A7A0FCBC0ED18E573917860062FF 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2015-06-18 22:33:07 37DFCC91E419952772E02F2B3BBB2E2B 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-06-18 22:33:07 289D99B0879C6ED5C6D1B3A856CA6DA3 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-06-18 22:33:06 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-06-18 22:33:06 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2015-06-18 22:33:06 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2015-06-18 22:33:06 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2015-06-18 22:33:06 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2015-06-18 22:33:05 837BBE4170D5A75F293BD6F294A8FE34 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-06-18 22:33:05 7C5E375F20F639607376351A8BCC0647 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-06-18 22:33:05 6E882D7CA34073890107559B5A515A24 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-06-18 22:33:05 53042708C242959B3924242FBBE297B1 1728960 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-06-18 22:33:05 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-06-18 22:33:04 6ACFCC28E4D60B5A931D8749332A14E2 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-06-18 22:32:59 A929B9ABA1083AF35ECE7BD63AF3E42F 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-06-18 22:32:59 5EC57AC6DC16CB8A058CA019AA2C188D 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-06-18 22:32:58 93A05407F8E53BC731C42AAD56163F80 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-06-18 22:32:58 6ACD3C75BE449F039E1A4E43424D5B6F 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-06-18 22:32:58 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-06-18 22:32:57 8DCA1C70AF170C3FBCE47A4F49BFC887 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-06-18 22:32:56 6FDF03A3B110C5264F52F979335AE301 1162752 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-06-18 22:32:56 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-06-18 22:32:56 13DE715D959DD502CFD52DC920408B33 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-06-18 22:32:52 4FFD08A01047EF6B58F6EB4E6D001A8D 879104 ----a-w- C:\Windows\Sysnative\advapi32.dll 2015-06-18 22:32:36 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2015-06-18 22:32:27 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-06-18 22:28:44 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-06-18 22:28:44 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-06-18 22:28:44 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-06-18 22:28:44 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-06-18 22:28:43 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-06-18 22:28:42 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-06-18 22:28:42 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-06-18 22:28:41 9E2B8C0601E3D460F78F0233B509CE4F 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-06-18 22:28:41 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-06-18 22:28:41 5F8EE9311ECF078CD9426874FFAD660C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-06-18 22:28:39 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-06-18 22:28:38 06A8CE6C3AE6B7916F026B0EFDDCAAA5 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-06-18 22:28:37 16091938F6CDBCCCBA1CBE24600121BC 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-06-18 22:28:35 9DB8E01D5A546FAFCACE95489E351186 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-06-18 22:28:35 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-06-18 22:28:35 3C3E159F284F51D55DB59C3D0B843979 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-06-18 22:28:35 36F3718E67F442F54AB4A39DCDD8FD19 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-06-18 22:28:35 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-06-18 22:28:34 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-06-18 22:28:34 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-06-18 22:28:34 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-06-18 22:28:34 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-06-18 22:28:34 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-06-18 22:28:33 8909A24DA8B5C426CF6595BA843B6CC5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-06-18 22:28:33 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-06-18 22:28:32 D202078FBA3A77B85D39669EE4110DE2 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-06-18 22:28:32 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-06-18 22:28:31 AFF5C12099B87FA645F8867701729894 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-06-18 22:28:31 4BD747AAF01C480901B3E777EC48826B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-06-18 22:28:31 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-06-18 22:28:29 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-06-18 22:28:28 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-06-18 22:20:21 9714BCA07964180DBC9B6494A5BB34FD 6656 ----a-w- C:\Windows\Sysnative\Hibiki.dll 2015-06-18 21:58:20 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll ====== C:\Windows\Sysnative\drivers ===== 2015-06-18 22:32:57 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-06-18 22:32:57 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-18 22:32:04 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys ====== C:\Windows\Tasks ====== 2015-06-18 22:35:16 E335956EB6A4981D45826E30B9EB8F31 2982 ----a-w- C:\Windows\Sysnative\Tasks\{16DAEA42-84C2-47B4-90B7-2AEE721824A7} 2015-06-18 22:20:25 638E19C4B63E7C3EA454589C71657170 320 ----a-w- C:\Windows\Tasks\VidMustSee.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-06-20 19:53:57 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Milo\AppData\Roaming ====== 2015-06-18 22:19:36 -------- d-----w- C:\Users\Milo\AppData\Local\GWX ====== C:\Users\Milo ====== ====== C: exe-files == 2015-06-20 19:53:57 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Milo.exe 2015-06-18 22:35:33 6F139F39295000E6301C0D08F7493CC6 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 2015-06-18 22:35:33 5F7B628B5F10531E8DE3E711ED73AAD7 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2015-06-18 22:35:33 3505E5A7664FD84AC8AE51FE3B545AE1 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe 2015-06-18 22:35:30 E39D7E7FCC5D4B77B8CBA52FEF8753DE 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe 2015-06-18 22:35:30 8D3316795ACCC0EC0DD6A844E046DA68 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2015-06-18 22:35:30 44854DDB738BF2C507FC2162245361D6 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe 2015-06-18 22:33:46 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2015-06-18 22:33:46 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-18 22:33:46 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2015-06-18 22:33:46 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-18 22:33:46 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2015-06-18 22:33:46 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2015-06-18 22:33:46 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2015-06-18 22:33:45 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-06-18 22:33:39 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-06-18 22:33:39 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-06-18 22:33:38 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-06-18 22:33:09 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-06-18 22:33:08 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\Windows\System32\smss.exe 2015-06-18 22:33:07 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\System32\typeperf.exe 2015-06-18 22:33:06 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-06-18 22:33:06 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\System32\relog.exe 2015-06-18 22:33:06 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\System32\tracerpt.exe 2015-06-18 22:33:06 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\System32\logman.exe 2015-06-18 22:33:06 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\System32\diskperf.exe 2015-06-18 22:33:05 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-06-18 22:32:58 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-06-18 22:32:56 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-06-18 22:28:56 29874C10D7D0088CD8743EC8F5DABBE4 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-06-18 22:28:54 2B3CF8F7903266E2AA5C9D9850FAA8F6 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-06-18 22:28:46 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-06-18 22:28:45 9F45DA24EBAE4180F70D03503580E8CA 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-06-18 22:28:43 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-06-18 22:28:42 52956B4DD1899CB09BB50FB939F6E99D 490496 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-06-18 22:28:41 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-06-18 22:28:35 8D4E75DEAA0FFBEFB5F366A4770D9644 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-06-18 22:28:35 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-06-18 22:28:35 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-06-18 22:28:28 FF9877ABCA06D539264275321C97BB07 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-06-18 22:24:10 7408FF1DCC6B8AB8824A1148EC0BCBFD 2134688 ----a-w- C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHZLXYUK\t41j4MUUJyrOiN[1].exe 2015-06-18 22:23:43 CE8CA78AC541F9BCA8F36CED1486F6E8 2134616 ----a-w- C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7AN380W2\5vjuYPXbdMd5xS[1].exe 2015-06-18 22:23:16 B9DF985894AC3C39423DC0E4E85BB374 2134651 ----a-w- C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V31J6INA\hSMu8n01heZdT9[1].exe 2015-06-18 22:22:44 57692CC1158CE599F991B1BA5DF5C47D 2134583 ----a-w- C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SXESDUAK\IpXn7d385D5EFL[1].exe 2015-06-18 22:22:08 88E2D4F39501936EB5C8D76A52D78498 2134667 ----a-w- C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHZLXYUK\DzT2N7ODnWK0kR[1].exe 2015-06-18 22:19:57 ACB60A65E2CE55DF5AAFF4E54EA1B648 192000 ----a-w- C:\Users\Milo\AppData\Local\Temp\557F.exe 2015-06-18 21:59:02 E9E39FDA16E98FFB4722A24D572E0250 42089552 ----a-w- C:\Program Files (x86)\Google\Update\Install\{3FA97334-4FE2-4119-B0BF-E87226475F6D}\43.0.2357.124_chrome_installer.exe 2015-06-18 21:59:01 E9E39FDA16E98FFB4722A24D572E0250 42089552 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_chrome_installer.exe 2015-06-18 11:17:24 8E79852AEC2334EC864C63C48DDBBFB3 7907408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{9DDCCE1D-1FD4-4EF9-B391-679093D384BC}\43.0.2357.124_42.0.2311.135_chrome_updater.exe 2015-06-18 11:17:24 8E79852AEC2334EC864C63C48DDBBFB3 7907408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.124\43.0.2357.124_42.0.2311.135_chrome_updater.exe 2015-06-18 11:17:13 0333BFF2A307566E8D4B0E4DDE35BE23 141312 ----a-w- C:\ProgramData\dsz\16E43275533041F4AE503322D430E013\setup.exe === C: other files == 2015-06-18 22:32:57 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-06-18 22:32:57 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-06-18 22:32:27 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\System32\win32k.sys 2015-06-18 22:32:04 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\System32\drivers\stream.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "Spotify Web Helper"="C:\Users\Milo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Spotify"="C:\Users\Milo\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "BackgroundContainerV2"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Milo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN457120SJ060F:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "EasySpeedCheck"="C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe" "Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ROC_roc_ssl_v12"="C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "20131121"="C:\Program Files\AVAST Software\Avast\setup\emupdate\dabf3ca1-5ae1-46b9-afc4-0d11440d0ee2.exe /check" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" "Spotify Web Helper"="C:\Users\Milo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Spotify"="C:\Users\Milo\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "BackgroundContainerV2"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Milo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll,DllRun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN457120SJ060F:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "EasySpeedCheck"="C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe" "Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/06/2015 23:58] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4061696626-464123969-1809320236-1001Core.job --a------ C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe [23/12/2012 20:17] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4061696626-464123969-1809320236-1001UA.job --a------ C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe [23/12/2012 20:17] C:\Windows\tasks\VidMustSee.job --a------ C:\programdata\f1b27a77-dd7f-12d5-f1b2-27a77dd7e9df\557f.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-4061696626-464123969-1809320236-1001Core" [C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-4061696626-464123969-1809320236-1001UA" [C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\Inst_Rep" [C:\Users\Milo\AppData\Local\Installer\Install_19379\ytdiegut_gutdc_setup.exe] "C:\Windows\SysNative\tasks\LaunchPreSignup" [C:\Program Files (x86)\OLBPre\OLBPre.exe] "C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D43FD7AD-2905-419A-AF83-8A56D5B19612}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{16DAEA42-84C2-47B4-90B7-2AEE721824A7}" [C:\Program Files (x86)\speed browser\Application\browser.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Milo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions user_pref("browser.search.defaultenginename", "AVG Secure Search"); user_pref("browser.search.selectedEngine", "AVG Secure Search"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"="C:\Program Files\Web Assistant\Firefox" [] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ExtDir: C:\Users\Milo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\Milo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Milo\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx[] kekfoodhbhpjhjcdecjngamojfhknooc - C:\Users\Milo\AppData\Roaming\iPumper\extension_chrome.crx[] kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Windows\SysWOW64\jmdp\SweetNT.crx[] pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[] pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Milo\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] kfecnpmgnlnbmipaogfhoacoioifjgko - No path found[] uTorrentBar_NL - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb DealPly French - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi Bookmark Manager - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Do Not Disturb - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia QuueennCuoupoN - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jianjgdcfhjejbiondfggjmecpcilnjj WebProtector - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko Google Wallet - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda SweetPacks Chrome Extension - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Do Share - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf GoPhoto.it - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk OneClickDownload - Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Google Wallet - Milo\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda uTorrentBar_NL - Milo\AppData\Local\Torch\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Babylon Toolbar - Milo\AppData\Local\Torch\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Web Assistant - Milo\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Do Not Disturb - Milo\AppData\Local\Torch\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia QuueennCuoupoN - Milo\AppData\Local\Torch\User Data\Default\Extensions\jianjgdcfhjejbiondfggjmecpcilnjj SharaGet download helper - Milo\AppData\Local\Torch\User Data\Default\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc Ask Video Search - Milo\AppData\Local\Torch\User Data\Default\Extensions\khfhickdpicdaakidammlhdmhhpgfmkc Torch Helper - Milo\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Ask Image Search - Milo\AppData\Local\Torch\User Data\Default\Extensions\maenakfpbfmdigldjpegddiphokaodjh Do Share - Milo\AppData\Local\Torch\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf GoPhoto.it - Milo\AppData\Local\Torch\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk OneClickDownload - Milo\AppData\Local\Torch\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo uTorrentBar_NL - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Babylon Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda SweetPacks Chrome Extension - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj GoPhoto.it - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia OneClickDownload - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ==== Chromium Startpages ====================== C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS", C:\Users\Milo\AppData\Local\Torch\User Data\Default\Preferences "homepage": "http://home.torchbrowser.com/?systemid=406&appid=435&ua=Torch", C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com", "urls_to_restore_on_startup": [ "http://www.google.com" ] ==== Chromium Fix ====================== C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.incredibar.com_0.localstorage-journal deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\http_static.ak.facebook.com_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage-journal deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jianjgdcfhjejbiondfggjmecpcilnjj deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\jianjgdcfhjejbiondfggjmecpcilnjj deleted successfully C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf deleted successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Search Page"="http://www.istartsurf.com/web/?type=dspp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" "Default_Search_URL"="http://www.istartsurf.com/web/?type=dspp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1428858282&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Start Page"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1428858282&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1428858282&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" "Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Start Page"="http://www.istartsurf.com/?type=hppp&ts=1428858368&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS" "Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1428858282&from=tugs&uid=TOSHIBAXMQ01ABD050_22F3FYBXSXX22F3FYBXS&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C8EFE94-4B9A-4DE7-8B8E-6AA755E4281C} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D5BEAF4-29CD-44BB-AFAF-D6C8C55FF439} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140459CC-76AD-4A14-BABE-52937E78CBA9} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_CLASSES_ROOT\CLSID\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F354A29-FA1F-49F2-8E50-53BC46A8CBE4} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C4F6ECC-D68A-4667-B704-CB7B6723ED24} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E61A0A3-FB47-4C91-8798-B4A55F61C6A5} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A14021E9-587D-40A0-AFB4-D8076B8C00F0} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8B27C5D-1E0B-4145-9DBE-0F6F137EB67E} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_CLASSES_ROOT\CLSID\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB7934EF-F23C-4319-837A-8C1BD1EF6049} deleted successfully HKEY_CLASSES_ROOT\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_USERS\S-1-5-21-4061696626-464123969-1809320236-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{DA7F5AE1-3BE3-43C0-8098-C1D183616E97} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ntfdsaftsfdfdxx@mozilla.org deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Milo\Desktop\Google Chrome.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5008 C:\Users\Milo\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5008 C:\Users\Milo\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\Users\Milo\Desktop\Spotify.lnk - C:\Users\Milo\AppData\Roaming\Spotify\spotify.exe C:\Users\UpdatusUser\Desktop\MixVideoPlayer.lnk - C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayer.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Benodigdheden kopen - HP ENVY 4500 series.lnk - C:\Program Files (x86)\HP\HP ENVY 4500 series\Bin\hpqDTSS.exe C:\Users\Public\Desktop\clear.fi Tutorial.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe "c:\Users\Public\Videos\clear.fi_tutorial.wmv" /fullscreen C:\Users\Public\Desktop\clear.fi.lnk - C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5005 C:\Users\Public\Desktop\HP ENVY 4500 series.lnk - C:\Program Files (x86)\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe -Start UDCDevicePage C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe http://go.acer.com/?id=13421 C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\PS3 Media Server.lnk - C:\Program Files (x86)\PS3 Media Server\PMS.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\speed browser.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5008 C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktopoem /dp acerlt ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser\speed browser.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5008 ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5005 C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5003 C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5005 C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\speed browser\Application\browser.exe --c=5003 C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Milo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Koop online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kekfoodhbhpjhjcdecjngamojfhknooc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B54A674B-5B6E-A4E6-4E71-FB7182E9D18F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AEC2288-82D5-C6CE-CC6F-213FE715E4E5} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E0D1F60C-E9D9-15B6-AAE9-066CD1EC25A2} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{831025e8} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20188537-BC86-1F4B-6B72-1AA2EC4E9C93} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CF663D34-D239-8E23-0994-A44C0EC65ADE} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Registry Helper deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixVideoPlayer deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dealply deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IECT3311268 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D3EA14DD-1476-4A6F-8A6D-8204BAED6F81} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\DD41AE3D6741F6A4A8D62840ABDEF618 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\dabf3ca1-5ae1-46b9-afc4-0d11440d0ee2.exe /check O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Milo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Milo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Spotify] "C:\Users\Milo\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Milo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN457120SJ060F:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [EasySpeedCheck] C:\Program Files (x86)\Easy Speed Check\easyspeedcheck.exe O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.86\OptProLauncher.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4061696626-464123969-1809320236-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-4061696626-464123969-1809320236-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: dsz - Unknown owner - c:\windows\dsz.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: mdsz - Unknown owner - c:\windows\mdsz.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Milo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Milo\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Milo\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Milo\AppData\Local\speed browser\User Data\Default\Cache emptied successfully C:\Users\Milo\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3875 folders=987 351417234 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Milo\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Milo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~3\YCqtsYOZSPZ\info.dat" not found "C:\PROGRA~3\YCqtsYOZSPZ\mRbYKR.dat" not found "C:\PROGRA~3\YCqtsYOZSPZ" not found "C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb" not found "C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb" not found "C:\Users\Milo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BB9A2VEL\folders.bartsmit.com" not found "C:\Users\Milo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BB9A2VEL\static.muzu.tv" not found "C:\Users\Milo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BB9A2VEL\www.ketnet.be" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 21/06/2015 at 13:29:04,38 ======================