Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Mandy on ma 08-08-2016 at 0:11:21,38. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\mandyyy\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-8-2016 00:17:32 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\kwhwwoce deleted successfully C:\PROGRA~2\New Folder deleted successfully C:\PROGRA~2\p4gfjgck deleted successfully C:\PROGRA~2\wxi5873s deleted successfully C:\PROGRA~2\zb5ksug0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\04d0d9fb-4fd3-0 deleted successfully C:\PROGRA~3\04d0d9fb-71a5-1 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\ec0ae56a-0033-0 deleted successfully C:\PROGRA~3\ec0ae56a-03c3-0 deleted successfully C:\PROGRA~3\ec0ae56a-0505-0 deleted successfully C:\PROGRA~3\ec0ae56a-11b7-0 deleted successfully C:\PROGRA~3\ec0ae56a-1801-0 deleted successfully C:\PROGRA~3\ec0ae56a-1917-0 deleted successfully C:\PROGRA~3\ec0ae56a-1ad1-0 deleted successfully C:\PROGRA~3\ec0ae56a-1c33-0 deleted successfully C:\PROGRA~3\ec0ae56a-1e85-0 deleted successfully C:\PROGRA~3\ec0ae56a-1f97-0 deleted successfully C:\PROGRA~3\ec0ae56a-20c1-0 deleted successfully C:\PROGRA~3\ec0ae56a-2293-0 deleted successfully C:\PROGRA~3\ec0ae56a-2513-0 deleted successfully C:\PROGRA~3\ec0ae56a-2545-0 deleted successfully C:\PROGRA~3\ec0ae56a-29d1-0 deleted successfully C:\PROGRA~3\ec0ae56a-29f3-0 deleted successfully C:\PROGRA~3\ec0ae56a-2a51-0 deleted successfully C:\PROGRA~3\ec0ae56a-2a61-0 deleted successfully C:\PROGRA~3\ec0ae56a-2d57-0 deleted successfully C:\PROGRA~3\ec0ae56a-2ef7-0 deleted successfully C:\PROGRA~3\ec0ae56a-3157-0 deleted successfully C:\PROGRA~3\ec0ae56a-3297-0 deleted successfully C:\PROGRA~3\ec0ae56a-3903-0 deleted successfully C:\PROGRA~3\ec0ae56a-39d3-0 deleted successfully C:\PROGRA~3\ec0ae56a-3d27-0 deleted successfully C:\PROGRA~3\ec0ae56a-3dd7-0 deleted successfully C:\PROGRA~3\ec0ae56a-3e01-0 deleted successfully C:\PROGRA~3\ec0ae56a-3f47-0 deleted successfully C:\PROGRA~3\ec0ae56a-4295-0 deleted successfully C:\PROGRA~3\ec0ae56a-4377-0 deleted successfully C:\PROGRA~3\ec0ae56a-45d1-0 deleted successfully C:\PROGRA~3\ec0ae56a-48f7-0 deleted successfully C:\PROGRA~3\ec0ae56a-4921-0 deleted successfully C:\PROGRA~3\ec0ae56a-4a95-0 deleted successfully C:\PROGRA~3\ec0ae56a-4bb3-0 deleted successfully C:\PROGRA~3\ec0ae56a-4d95-0 deleted successfully C:\PROGRA~3\ec0ae56a-4d97-0 deleted successfully C:\PROGRA~3\ec0ae56a-5277-0 deleted successfully C:\PROGRA~3\ec0ae56a-55c7-0 deleted successfully C:\PROGRA~3\ec0ae56a-55f3-0 deleted successfully C:\PROGRA~3\ec0ae56a-5a53-0 deleted successfully C:\PROGRA~3\ec0ae56a-5a93-0 deleted successfully C:\PROGRA~3\ec0ae56a-5c97-0 deleted successfully C:\PROGRA~3\ec0ae56a-5e83-0 deleted successfully C:\PROGRA~3\ec0ae56a-60a3-0 deleted successfully C:\PROGRA~3\ec0ae56a-6131-0 deleted successfully C:\PROGRA~3\ec0ae56a-6201-0 deleted successfully C:\PROGRA~3\ec0ae56a-62e7-0 deleted successfully C:\PROGRA~3\ec0ae56a-63a5-0 deleted successfully C:\PROGRA~3\ec0ae56a-6427-0 deleted successfully C:\PROGRA~3\ec0ae56a-6433-0 deleted successfully C:\PROGRA~3\ec0ae56a-6ad1-0 deleted successfully C:\PROGRA~3\ec0ae56a-6b21-0 deleted successfully C:\PROGRA~3\ec0ae56a-7353-0 deleted successfully C:\PROGRA~3\ec0ae56a-79f3-0 deleted successfully C:\PROGRA~3\ec0ae56a-7b57-0 deleted successfully C:\PROGRA~3\ec0ae56a-7bc7-0 deleted successfully C:\PROGRA~3\ec0ae56a-7de7-0 deleted successfully C:\PROGRA~3\Office2013 deleted successfully C:\PROGRA~3\uckt deleted successfully C:\PROGRA~3\Uncheckit deleted successfully C:\PROGRA~3\{05b6c88a-612c-1} deleted successfully C:\PROGRA~3\{065b5e46-612c-0} deleted successfully C:\PROGRA~3\{08f1867f-212c-0} deleted successfully C:\PROGRA~3\{09f9e1b4-612c-1} deleted successfully C:\Users\mandyyy\AppData\Local\ActiveSync deleted successfully C:\Users\mandyyy\AppData\Local\EmieSiteList deleted successfully C:\Users\mandyyy\AppData\Local\EmieUserList deleted successfully C:\Users\mandyyy\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3125367378-2140037814-2600998391-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-3125367378-2140037814-2600998391-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe C:\Program Files (x86)\WinZipper\winzipersvc.exe C:\Users\mandyyy\AppData\Roaming\TSv\TSvr.exe C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe C:\Program Files\Lenovo\iMController\SystemAgentService.exe C:\ProgramData\GwinpG\WFini.exe C:\Program Files (x86)\SFK\SSFK.exe C:\windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\WinSaber\WinSaber.exe C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe C:\Program Files (x86)\Popcorn Time\Updater.exe C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe C:\Windows\WebCam\S6000\S6000Mnt.exe C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHeeaWA_protect deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHeeaWA_update deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winzipersvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFK deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1 ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos& user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F24 user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd ---- Lines searchengine removed from user.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz&q={searchTerms}"); ---- Lines searches removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0 user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10 user_pref("browser.urlbar.suggest.searches", true); ---- Lines searches removed from user.js ---- user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); ---- FireFox user.js and prefs.js backups ---- user_08-08-2016_0044_.backup prefs_08-08-2016_0044_.backup ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default ---- Lines trovi removed from prefs.js ---- user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D6A0781D-B5D4-4AA8-A8FE-29C027FC33D9&Searc user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D6A0781D-B5D4-4AA8-A8FE-29C027FC33D9&SearchSourc ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd ---- Lines searchengine removed from user.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz&q={searchTerms}"); ---- Lines searches removed from user.js ---- user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- user_08-08-2016_0044_.backup prefs_08-08-2016_0044_.backup ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F user.js not found ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos& user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F24 user_pref("browser.search.searchengine.url", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F2 ---- Lines searches removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos&mode=ffseng" user_pref("browser.search.defaultenginename", "yessearches"); user_pref("browser.search.selectedEngine", "yessearches"); user_pref("browser.startup.homepage", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos&mode=f user_pref("browser.urlbar.suggest.searches", true); ---- FireFox user.js and prefs.js backups ---- prefs_08-08-2016_0044_.backup ProfilePath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 user.js not found ---- Lines trovi removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Trovi"); user_pref("browser.search.selectedEngine", "Trovi"); ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos& user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F24 user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd ---- Lines searches removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0 user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10 user_pref("browser.urlbar.suggest.searches", true); ---- FireFox user.js and prefs.js backups ---- prefs_08-08-2016_0044_.backup ProfilePath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default ---- Lines trovi removed from prefs.js ---- user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D6A0781D-B5D4-4AA8-A8FE-29C027FC33D9&Searc user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D6A0781D-B5D4-4AA8-A8FE-29C027FC33D9&SearchSourc ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd ---- Lines searchengine removed from user.js ---- user_pref("browser.search.searchengine.alias", ""); user_pref("browser.search.searchengine.iconURL", "http://www.nicesearches.com/favicon.ico?t=1"); user_pref("browser.search.searchengine.name", "nice"); user_pref("browser.search.searchengine.ref", ""); user_pref("browser.search.searchengine.ts", "1465908740"); user_pref("browser.search.searchengine.type", ""); user_pref("browser.search.searchengine.uid", "wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10"); user_pref("browser.search.searchengine.url", "http://www.nicesearches.com/search.php?type=ds&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz&q={searchTerms}"); ---- Lines searches removed from user.js ---- user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465908740&from=6b1d0614&uid=wdcxwd3200lpcx-24c6ht0_wd-wx11e44ele10ele10&z=2a0bd059aa880a3593c223eg8z5q3wbtfe3b2q3bcz"); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- FireFox user.js and prefs.js backups ---- user_08-08-2016_0044_.backup prefs_08-08-2016_0044_.backup ProfilePath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F user.js not found ---- Lines searchengine removed from prefs.js ---- user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos& user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F24 user_pref("browser.search.searchengine.url", "http://www.yessearches.com/chrome.php?mode=ffsengext&ptid=cos&q={searchTerms}&ts=AHEqA3EkC3ErAU..&uid=F2 ---- Lines searches removed from prefs.js ---- user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos&mode=ffseng" user_pref("browser.search.defaultenginename", "yessearches"); user_pref("browser.search.selectedEngine", "yessearches"); user_pref("browser.startup.homepage", "http://www.yessearches.com/?ts=AHEqA3EkC3ErAU..&v=20160409&uid=F24EC1D7FAFCD5ED54ADF1922C1C6F87&ptid=cos&mode=f user_pref("browser.urlbar.suggest.searches", true); ---- FireFox user.js and prefs.js backups ---- prefs_08-08-2016_0044_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command] @="c:\\program files (x86)\\mozilla firefox\\firefox.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="c:\\program files\\internet explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=- "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"=- "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"=- "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=- “Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=- "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft WINDOWS NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccuac.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keyscrambler.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McCSPServiceHost.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlclient.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\kwhwwoce not found C:\PROGRA~2\New Folder not found C:\PROGRA~2\p4gfjgck not found C:\PROGRA~2\wxi5873s not found C:\PROGRA~2\zb5ksug0 not found C:\ProgramData\Service1291 not found C:\Program Files (x86)\p4gfjgck not found C:\Program Files (x86)\wxi5873s not found C:\ProgramData\ec0ae56a-03c3-0 not found C:\ProgramData\ec0ae56a-7de7-0 not found C:\ProgramData\ec0ae56a-3d27-0 not found C:\ProgramData\ec0ae56a-0505-0 not found C:\ProgramData\ec0ae56a-4a95-0 not found C:\ProgramData\ec0ae56a-63a5-0 not found C:\ProgramData\ec0ae56a-2545-0 not found C:\ProgramData\ec0ae56a-2513-0 not found C:\ProgramData\ec0ae56a-2d57-0 not found C:\ProgramData\ec0ae56a-48f7-0 not found C:\ProgramData\ec0ae56a-45d1-0 not found C:\ProgramData\ec0ae56a-20c1-0 not found C:\ProgramData\ec0ae56a-1917-0 not found C:\ProgramData\ec0ae56a-7bc7-0 not found C:\ProgramData\ec0ae56a-4921-0 not found C:\ProgramData\ec0ae56a-5c97-0 not found C:\ProgramData\ec0ae56a-3e01-0 not found C:\ProgramData\ec0ae56a-39d3-0 not found C:\ProgramData\ec0ae56a-2ef7-0 not found C:\ProgramData\ec0ae56a-1c33-0 not found C:\ProgramData\ec0ae56a-60a3-0 not found C:\ProgramData\ec0ae56a-6427-0 not found C:\ProgramData\ec0ae56a-7b57-0 not found C:\ProgramData\ec0ae56a-1ad1-0 not found C:\ProgramData\ec0ae56a-0033-0 not found C:\ProgramData\ec0ae56a-5e83-0 not found C:\ProgramData\ec0ae56a-2293-0 not found C:\ProgramData\ec0ae56a-6131-0 not found C:\ProgramData\ec0ae56a-1801-0 not found C:\ProgramData\ec0ae56a-7353-0 not found C:\ProgramData\ec0ae56a-4bb3-0 not found C:\ProgramData\ec0ae56a-3dd7-0 not found C:\ProgramData\ec0ae56a-6ad1-0 not found C:\ProgramData\ec0ae56a-1e85-0 not found C:\ProgramData\ec0ae56a-5277-0 not found C:\ProgramData\ec0ae56a-4295-0 not found C:\ProgramData\ec0ae56a-6b21-0 not found C:\ProgramData\ec0ae56a-1f97-0 not found C:\ProgramData\ec0ae56a-3297-0 not found C:\ProgramData\ec0ae56a-29d1-0 not found C:\ProgramData\ec0ae56a-5a93-0 not found C:\ProgramData\ec0ae56a-4d97-0 not found C:\ProgramData\ec0ae56a-2a61-0 not found C:\ProgramData\ec0ae56a-3157-0 not found C:\ProgramData\ec0ae56a-55f3-0 not found C:\ProgramData\ec0ae56a-3903-0 not found C:\ProgramData\ec0ae56a-6433-0 not found C:\ProgramData\ec0ae56a-62e7-0 not found C:\ProgramData\ec0ae56a-79f3-0 not found C:\ProgramData\ec0ae56a-5a53-0 not found C:\ProgramData\ec0ae56a-4d95-0 not found C:\ProgramData\ec0ae56a-29f3-0 not found C:\ProgramData\ec0ae56a-6201-0 not found C:\ProgramData\ec0ae56a-55c7-0 not found C:\ProgramData\ec0ae56a-3f47-0 not found C:\ProgramData\ec0ae56a-2a51-0 not found C:\ProgramData\ec0ae56a-11b7-0 not found C:\ProgramData\uckt not found C:\ProgramData\{08f1867f-212c-0} not found C:\ProgramData\{05b6c88a-612c-1} not found C:\ProgramData\{065b5e46-612c-0} not found C:\ProgramData\{09f9e1b4-612c-1} not found C:\ProgramData\ec0ae56a-4377-0 not found "C:\Users\mandyyy\AppData\Roaming\Mozilla FIREFOX\Profiles\41A66E7E5EE1\searchplugins\nice.xml" not found C:\Program Files (x86)\SearchProtect deleted C:\Program Files (x86)\IHeeaWA deleted C:\Program Files (x86)\Popcorn Time deleted C:\ProgramData\2a8bff15-6b33-0 deleted C:\ProgramData\d7ebc893 deleted C:\ProgramData\{194dadf4-012c-0} deleted C:\ProgramData\{131f6f10-212c-0} deleted C:\ProgramData\{12f31f44-312c-0} deleted C:\ProgramData\{0a0d6931-512c-0} deleted C:\ProgramData\{2d7e27e6-112c-1} deleted C:\ProgramData\{2478f618-612c-1} deleted C:\ProgramData\{1d9eb666-612c-1} deleted C:\ProgramData\{09828fea-412c-1} deleted C:\ProgramData\uwinpu deleted C:\ProgramData\cwinpc deleted C:\ProgramData\ec0ae56a-58f7-0 deleted C:\ProgramData\zwinpz deleted C:\Program Files (x86)\SpeedSearchesbnd deleted C:\ProgramData\942f5d0a deleted C:\windows\SysNative\Tasks\ChelfNotify Task deleted C:\PROGRA~3\28341ff220e0446c9fff27c4493d622e deleted C:\windows\SysNative\tasks\bvyvbvhx deleted C:\Users\mandyyy\AppData\Local\bvyvbvhx deleted C:\WINDOWS\sysWoW64\config\systemprofile\.android deleted C:\PROGRA~2\SFK deleted C:\Users\Public\Pokki deleted C:\PROGRA~3\Pokki deleted C:\PROGRA~3\eBay deleted C:\PROGRA~3\Package Cache deleted C:\Users\Default\AppData\Local\Pokki deleted C:\Users\mandyyy\AppData\Local\BTServer.log deleted C:\Users\mandyyy\AppData\Local\SlimWare Utilities Inc deleted C:\Users\mandyyy\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 deleted C:\Users\mandyyy\AppData\Local\SearchProtect deleted C:\Users\mandyyy\AppData\Local\WebPlayer deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\SearchProtect deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted C:\Users\Public\Documents\dmp deleted C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\SlimCleaner Plus (Scheduled Scan - Mandy).job deleted C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\WINDOWS\AppPatch\nbin\VC32Loader.dll deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWow64\extensions deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\searchinme.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\nuesearch.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\piesearch.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\nuesearch.xml deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\piesearch.xml deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\searchplugins\Web Search.xml deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\extensions\abs@avira.com deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\extensions\abs@avira.com deleted C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\abs@avira.com deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\abs@avira.com deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\extensions\abs@avira.com deleted C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\abs@avira.com deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe" deleted "C:\WINDOWS\tasks\PAIOYTGGIDLLPQTS.job" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\searchplugins\trovi.xml" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\d6f7007239bc95aaafcdd9d90837aefd.exe" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe" deleted "C:\PROGRA~2\WinZipper\wzShellctx64.dll" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\1ea26074a12fc219940785426fea2a51\dlqwfu.dll" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\1ea26074a12fc219940785426fea2a51\dlqwfu.dll" deleted "C:\Users\mandyyy\AppData\Roaming\Hola" deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f" not deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f" not deleted "C:\PROGRA~2\WinZipper" not deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\1ea26074a12fc219940785426fea2a51" not deleted "C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\1ea26074a12fc219940785426fea2a51" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3979 MB CPU Info: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz CPU Speed: 2169,2 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC | Microsoft Wi-Fi Direct Virtual Adapter CD / DVD Drives: No optical drives found. Ports: COM1 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 256,1GB | D: 25,0GB Hard Disks - Free: C: 164,3GB | D: 15,9GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | | LENOVO - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: LENOVO Lenovo B50-30 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Default Browser: Firefox 47.0 Internet Explorer Version: 11.494.10586.0 Mozilla Firefox version: 44.0.2 (x86 nl) Google Chrome version: 51.0.2704.103 Flash Player version: 22.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2016-07-13 13:55:16 E396258CFD8F84E8F2C24930E6D88C67 4515256 ----a-w- C:\WINDOWS\explorer.exe 2016-07-13 13:53:36 430DE1635CE173440D34ABA1676113D7 994816 ----a-w- C:\WINDOWS\HelpPane.exe ====== C:\Users\mandyyy\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2016-08-04 11:52:50 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358261296.html 2016-08-04 11:52:49 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358260562.html 2016-08-04 11:52:49 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358260453.html 2016-08-04 11:52:48 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358259656.html 2016-08-04 11:52:48 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358259546.html 2016-08-04 11:52:45 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358256015.html 2016-08-04 11:52:45 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358255843.html 2016-08-04 11:52:44 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358255078.html 2016-08-04 11:52:44 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358254953.html 2016-08-04 11:52:39 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358250625.html 2016-08-04 11:52:39 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358250500.html 2016-08-04 11:52:28 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358239265.html 2016-08-04 11:52:28 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358239156.html 2016-08-04 11:52:27 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358238531.html 2016-08-04 11:52:27 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358238421.html 2016-08-04 11:52:15 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\nl_358225984.html 2016-08-04 11:52:15 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_358226468.html 2016-08-01 10:19:38 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93469046.html 2016-08-01 10:19:37 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93468234.html 2016-08-01 10:19:37 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93468093.html 2016-08-01 10:19:36 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93467078.html 2016-08-01 10:19:36 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93466906.html 2016-08-01 10:19:35 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93466328.html 2016-08-01 10:19:35 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93466171.html 2016-08-01 10:19:31 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93462484.html 2016-08-01 10:19:31 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93462359.html 2016-08-01 10:19:20 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93450968.html 2016-08-01 10:19:20 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93450812.html 2016-08-01 10:19:19 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93450375.html 2016-08-01 10:19:19 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93450203.html 2016-08-01 10:19:09 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\nl_93439703.html 2016-08-01 10:19:09 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_93440156.html 2016-07-25 13:47:20 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_201000.html 2016-07-25 13:47:19 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_200140.html 2016-07-25 13:47:19 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_199984.html 2016-07-25 13:47:18 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_199046.html 2016-07-25 13:47:18 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_198906.html 2016-07-25 13:47:17 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_198140.html 2016-07-25 13:47:17 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_197937.html 2016-07-25 13:47:12 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_193546.html 2016-07-25 13:47:12 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_193390.html 2016-07-25 13:46:53 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_174312.html 2016-07-25 13:46:53 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_174046.html 2016-07-25 13:46:52 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_173031.html 2016-07-25 13:46:52 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_172765.html 2016-07-25 13:45:55 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\nl_115328.html 2016-07-25 13:45:55 4BB916DA5A7EA9B96D7626FB84D59AB7 3 ----a-w- C:\WINDOWS\SysWOW64\EN_116250.html 2016-07-25 13:45:31 675D021359FA8F03E16F161FF2888A22 3114948 ----a-w- C:\WINDOWS\SysWOW64\nl1.exe ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-07-13 13:56:19 97BFC3BD9F910B24EB956FF3387C71CF 1987936 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2016-07-13 13:56:00 91A2D07C017068FD2F11414E8D676EC5 577376 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys 2016-07-13 13:55:37 66FDDD2004332EED0A8262E9762EB457 393568 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2016-07-13 13:55:13 EF94E21C3220AE3F8539542EC0B3FF06 331616 ----a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2016-07-13 13:55:13 5DFF4CF4DF7FD11AE5A1DAD8C67619D2 161632 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2016-07-13 13:55:13 309E3CFC5309CECD9317A69990716A87 604928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2016-07-13 13:55:04 549DFD8240CF20BFBD88AD9D89325DBF 530432 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2016-07-13 13:53:20 2D54FE808BAF96666D0CE9B05B8C768F 954368 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2016-07-13 13:52:43 33110D78697A1B771E1B30675B39CE46 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys 2016-07-13 13:52:34 B32316BCF974882E715A3459C953AD56 84992 ----a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2016-07-13 13:52:03 CF63BF6AAEDF721E37F9E216FD321B8E 2403168 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2016-07-13 13:51:45 1CDA6D0A2345AA589949AE9C83853913 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-08-06 18:57:00 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-08-04 13:49:58 -------- d---a-w- C:\PROGRA~2\Firefox 2016-08-04 11:52:48 -------- d-----w- C:\PROGRA~2\483439ee973f587d9bb1ffe33f27b80f 2016-08-01 10:19:04 2983895 ----a-w- C:\PROGRA~2\SSFK.exe ======= C: ===== ====== C:\Users\mandyyy\AppData\Roaming ====== 2016-08-07 22:26:27 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:35:16 -------- d-----w- C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet 2016-07-28 18:27:14 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps ====== C:\Users\mandyyy ====== 2016-08-06 18:56:23 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\mandyyy\Desktop\RSITx64.exe 2016-08-04 11:52:27 -------- d-----w- C:\ProgramData\GwinpG 2016-07-28 19:48:28 098CCE2BBE141B6C5FBB0F1D23E9EEB1 2427820 ----a-w- C:\Users\mandyyy\Downloads\GrabIt172b6.exe 2016-07-28 18:33:23 2A9EA98BE493343FB180443BDD57B908 166208 ----a-w- C:\Users\mandyyy\Downloads\Spotnet.2.0-setup.exe 2016-07-27 14:01:33 -------- d-----w- C:\ProgramData\ChelfNotify ====== C: exe-files == 2016-08-07 22:02:27 C3A7A0F3A4B7BED6CAEBD7C4648A2DF4 96 ----a-w- C:\$Recycle.Bin\S-1-5-21-3125367378-2140037814-2600998391-1001\$IV2KD4T.exe 2016-08-07 21:55:46 7EA0260488F304D68067A50B33A23AC2 1309184 ----a-w- C:\$Recycle.Bin\S-1-5-21-3125367378-2140037814-2600998391-1001\$RV2KD4T.exe 2016-08-06 18:57:01 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mandy.exe 2016-08-04 13:49:59 E7EE976A9615251800FDC094EB74626C 256896 ----a-w- C:\Program Files (x86)\Firefox\bin\Firefox_helper.exe 2016-08-04 13:49:59 E5841E40B876632AD443F3CAE8FE8446 499072 ----a-w- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe 2016-08-04 13:49:59 CA35C42190EB06FB78AC1E9813034D1F 253824 ----a-w- C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe 2016-08-04 13:49:59 A697EA199F064771D6624F7BC5FA3144 843648 ----a-w- C:\Program Files (x86)\Firefox\bin\Firefox_crashreporter.exe 2016-08-04 13:49:59 99A19D3083E6ADD817ACF9F96EF7E35B 865664 ----a-w- C:\Program Files (x86)\Firefox\bin\Firefox_crashreporterx64.exe 2016-08-04 13:49:59 7AF42111A78C87B9D00AC5E40E7E61AA 371584 ----a-w- C:\Program Files (x86)\Firefox\bin\FirefoxUM.exe 2016-08-04 13:49:59 62FCFDE8672F1E39D7E77C5F7D274B62 436608 ----a-w- C:\Program Files (x86)\Firefox\bin\FirefoxCloud.exe 2016-08-04 13:49:59 09FE73D168363F632E5DE99BC1C6685C 890816 ----a-w- C:\Program Files (x86)\Firefox\uninstall\helper.exe 2016-08-04 13:49:58 AF480F345A823D7C5D28DFF3E59494D7 144768 ----a-w- C:\Program Files (x86)\Firefox\maintenanceservice.exe 2016-08-04 13:49:58 96FDA93620216426E92D168C1174676E 153856 ----a-w- C:\Program Files (x86)\Firefox\maintenanceservice_installer.exe 2016-08-04 13:49:58 7DE73076D97ADF23532FC34847A757AF 281984 ----a-w- C:\Program Files (x86)\Firefox\plugin-container.exe 2016-08-04 13:49:58 6856BAB1DCFD414127655CA42D6F4678 169856 ----a-w- C:\Program Files (x86)\Firefox\plugin-hang-ui.exe 2016-08-04 13:49:58 577239D72CA707AEEF4BE74CDF9357E2 105344 ----a-w- C:\Program Files (x86)\Firefox\wow_helper.exe 2016-08-04 13:49:58 3BC3CC37CA4C3ECF3829C40984B9114E 383872 ----a-w- C:\Program Files (x86)\Firefox\Firefox.exe 2016-08-04 13:49:58 2B27A7FEECF0F128DB4C9E84B0151BD9 293760 ----a-w- C:\Program Files (x86)\Firefox\crashreporter.exe 2016-08-04 13:49:58 2AA48AE7A6629262BB07545F9936614C 232320 ----a-w- C:\Program Files (x86)\Firefox\webapprt-stub.exe 2016-08-04 13:49:58 2474180FF6381136D54962A2718D74C3 289664 ----a-w- C:\Program Files (x86)\Firefox\updater.exe 2016-08-04 13:49:58 08F1CB444A733331AC77B4340D81EB7F 85264 ----a-w- C:\Program Files (x86)\Firefox\webapp-uninstaller.exe 2016-08-04 11:52:27 DA70B69E5794EAB370C922894B2EF2F3 564456 ----a-w- C:\ProgramData\GwinpG\WFini.exe 2016-08-01 10:19:04 DCCE4D88F19C4AFDC784D8886B95E5C7 2983895 ----a-w- C:\Program Files (x86)\SSFK.exe === C: other files == 2016-08-04 14:09:42 2E0CC83C23BA3526F92C13873E2CE5E3 426940 ----a-w- C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\extensions\langpack-en-US@firefox.mozilla.org.xpi 2016-08-04 13:49:59 FFC4C57E5E75CB7323A0896E543A967A 671042 ----a-w- C:\Program Files (x86)\Firefox\browser\features\firefox@getpocket.com.xpi 2016-08-04 13:49:59 D92D2A2DBB762ADE6CD417E0188B1246 2217 ----a-w- C:\Program Files (x86)\Firefox\browser\features\e10srollout@mozilla.org.xpi 2016-08-04 13:49:59 7E00F111D6D1135BCF5BC62A8D548336 4867 ----a-w- C:\Program Files (x86)\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi 2016-08-04 13:49:59 475A2D1FB83A934C6D81CB226682E1BF 1651353 ----a-w- C:\Program Files (x86)\Firefox\browser\features\loop@mozilla.org.xpi 2016-08-02 13:33:01 417BA47553AC0CE74D9FA040801313B3 10542 ----a-w- C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3125367378-2140037814-2600998391-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify Web Helper"="C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_USERS\S-1-5-21-3125367378-2140037814-2600998391-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify Web Helper"="C:\Users\mandyyy\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Spotify"="C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\VC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" "RtHDVBg_LENOVO_DOLBYDRAGON"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_DOLBYDRAGON" "RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /LENOVO_MICPKEY" "S6000Mnt"="C:\WINDOWS\WebCam\S6000\S6000Mnt.exe" "PasswordManager"="C:\Program Files\Lenovo\Password Manager\password_manager.exe" "PhoneCompanion"="C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe" "Energy Manager"="C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe" "Lenovo Utility"="C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\VC64Loader.dll" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13-07-2016 15:17] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-06-2016 01:36] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-06-2016 01:36] C:\WINDOWS\tasks\LSCHardwareScan.job --a-------- C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [17-08-2015 09:37] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Browser Updater Task(Core)" [""C:\Program Files (x86)\TXQQBrowser\Update\111B510E147A776C2F3213A69E8A2B5B\Update\BrowserUpdate.exe""] "C:\WINDOWS\SysNative\tasks\DolbySelectorTask" [%ProgramFiles%\Dolby Digital Plus\ddp.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\IHeeaWABrowserUpdateCore" [C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe] "C:\WINDOWS\SysNative\tasks\IHeeaWABrowserUpdateUA" [C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe] "C:\WINDOWS\SysNative\tasks\Maxthon Update" ["C:\Program Files (x86)\Maxthon\Bin\mxup.exe"] "C:\WINDOWS\SysNative\tasks\PDVDServ Task" [C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE] "C:\WINDOWS\SysNative\tasks\SweetLabs App Platform" [%LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\WINDOWS\SysNative\tasks\WinTsks" ["C:\Program Files (x86)\WinTsks\WinTsks\WinTsks.exe"] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Lenovo\Dependency Package Auto Update" [C:\Program Files\Lenovo\iMController\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64 35" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"] "C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSCService.exe] "C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan] "C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScanPostpone" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1 user_pref("browser.search.defaultenginename", "nice"); user_pref("browser.search.selectedEngine", "nice"); ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default user_pref("browser.search.defaultenginename", "nuesearch"); user_pref("browser.search.selectedEngine", "nuesearch"); ProfilePath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default user_pref("browser.search.defaultenginename", "nuesearch"); user_pref("browser.search.selectedEngine", "nuesearch"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "arthurj8283@gmail.com"="C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\extensions\arthurj8283@gmail.com" [30-06-2016 20:20] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{F74D5734-46F5-4B16-96F0-1E7FBF41B750}"="C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12" [09-10-2014 20:47] ==== Firefox Extensions ====================== ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1 - SimilarWeb - %ProfilePath%\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi - English US Language Pack - %ProfilePath%\extensions\langpack-en-US@firefox.mozilla.org.xpi ProfilePath: C:\Users\mandyyy\AppData\Roaming\Firefox\Firefox\Profiles\5yxv98rx.default - xRocket Toolbar - C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default\extensions\arthurj8283@gmail.com - xRocket Toolbar - %ProfilePath%\extensions\arthurj8283@gmail.com - Nederlands NL Language Pack - %ProfilePath%\extensions\langpack-nl@firefox.mozilla.org.xpi ProfilePath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default - xRocket Toolbar - %ProfilePath%\extensions\arthurj8283@gmail.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 62D98B286C805E193568037B70D936D2 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash F4D73ED8F22532B7650639248351E848 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll - Hola VLC Web Plugin EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll - Shockwave Flash Profilepath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\5yxv98rx.default F4D73ED8F22532B7650639248351E848 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll - Hola VLC Web Plugin EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll - Shockwave Flash Profilepath: C:\Users\mandyyy\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F F4D73ED8F22532B7650639248351E848 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll - Hola VLC Web Plugin EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Users\mandyyy\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] geempcnjhccnoepfmahaeemnnfnignab - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx[09-01-2014 23:44] Lenovo Password Manager - mandyyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab Chrome Web Store Payments - mandyyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - mandyyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Baboom Search - mandyyy\AppData\Local\IHeeaWA\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe Chrome Adr - mandyyy\AppData\Local\IHeeaWA\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil Chrome Web Store Payments - mandyyy\AppData\Local\IHeeaWA\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.coupontime00.coupontime.co_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_www.yessearches.com_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_www.yessearches.com_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_search.newtab-mediasearch.com_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\http_search.newtab-mediasearch.com_0.localstorage-journal deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Extensions\gehmndecgbcffhmfjkenpamdgechcgpe deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\chrome-extension_gehmndecgbcffhmfjkenpamdgechcgpe_0.localstorage deleted successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Local Storage\chrome-extension_gehmndecgbcffhmfjkenpamdgechcgpe_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" "Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" "Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}" "Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}" "Start Page"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" "Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}" "Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10&q={searchTerms}" "Start Page"="http://www.nuesearch.com/?type=hp&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{D36DE5FC-1A2A-4CD5-949C-22DF8EAD50F9} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB HKLM\Wow6432Node\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{D36DE5FC-1A2A-4CD5-949C-22DF8EAD50F9} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} HKCU\SearchScopes\{D36DE5FC-1A2A-4CD5-949C-22DF8EAD50F9} - No_Url_Value ==== Reset Google Chrome ====================== C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Preferences was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Secure Preferences was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Secure Preferencesgbak was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully C:\Users\mandyyy\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Web Data was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Web Data-journal was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Web Data.tmp was reset successfully C:\Users\mandyyy\AppData\Local\IHeeaWA\User Data\Default\Web Datagbak was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe C:\Users\mandyyy\Desktop\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\Desktop\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\Desktop\Word 2013.lnk - C:\windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\Users\mandyyy\Desktop\PC\Absolute Data Protect.lnk - C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe C:\Users\mandyyy\Desktop\PC\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe C:\Users\mandyyy\Desktop\PC\Lenovo Photo Master.lnk - C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMaster.exe C:\Users\mandyyy\Desktop\PC\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe C:\Users\mandyyy\Desktop\PC\Lenovo SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe C:\Users\mandyyy\Desktop\PC\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\mandyyy\Desktop\PC\Lenovo Updates.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe C:\Users\mandyyy\Desktop\PC\Lenovo VeriFace Pro.lnk - C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConfig.exe C:\Users\mandyyy\Desktop\PC\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe C:\Users\mandyyy\Desktop\PC\Microsoft Office 2013 Activation.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM C:\Users\mandyyy\Desktop\PC\Nitro Pro 9.lnk - C:\Program Files (x86)\Nitro\Pro 9\NitroPDF.exe C:\Users\mandyyy\Desktop\PC\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe C:\Users\mandyyy\Desktop\PC\Password Manager.lnk - C:\Program Files (x86)\lenovo\Password Manager\password_manager.exe /manage C:\Users\mandyyy\Desktop\PC\Phone Companion.lnk - C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe LS C:\Users\mandyyy\Desktop\PC\User Manuals.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\LayOut 2016.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2016\LayOut\LayOut.exe C:\Users\Public\Desktop\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\Public\Desktop\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\Public\Desktop\SketchUp 2016.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2016\SketchUp.exe C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe C:\Users\Public\Desktop\Style Builder 2016.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2016\Style Builder\Style Builder.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\mandyyy\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\mandyyy\AppData\Roaming\Spotify\Spotify.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk - C:\Program Files (x86)\Lenovo\Lenovo Updates\PopToastProcess.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Energy Manager.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Manager\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Manager\Dut.chm C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotnet\Spotnet.lnk - C:\Users\mandyyy\AppData\Local\Spotnet\Update.exe --processStart Spotnet.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive voor Bedrijven 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Verzenden naar OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Hulpprogramma's van Office 2013\Lync opnamebeheer.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\Uninstall.lnk - C:\Program Files (x86)\WinZipper\wzUninstall.exe ==== shortcuts in Quick Launch ====================== C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.nuesearch.com/?type=sc&ts=1470046755&z=24841e136f77e0b84e96336g5zam9e5e9z9q5mcw0e&from=ihpm0722&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.eu.lnk - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\qksee.lnk - C:\Program Files (x86)\qksee\qksee.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe http://www.nuesearch.com/?type=sc&ts=1468232558&z=9c9b02589f27791b1d815bag0z0qabfo3c9ofw1waw&from=wpm0616&uid=WDCXWD3200LPCX-24C6HT0_WD-WX11E44ELE10ELE10 ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\IHeeaWA\IHeeaWA\chrome.exe C:\Users\mandyyy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully