Zoek.exe Version 4.0.0.4 Updated 14-September-2013 Tool run by Suzanne on di 17-09-2013 at 18:32:08,72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Suzanne\AppData\Local\Temp\Rar$EXa0.468\zoek.exe [Script inserted] ==== System Restore Info ====================== 17-9-2013 18:39:27 Zoek.exe System Restore Point Created Succesfully. ==== Creating Sample_17-09-2013_1915.zip ====================== Process chrome.exe killed Copied file C:\ProgramData\lsass.exe to sample\lsass.exe sample\lsass.exe renamed to 51138BEEA3E2C21EC44D0932C71762A8 C:\Users\Public\Desktop\sample_17-09-2013_1915.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{296AA17D-C89E-4242-A5A4-44BFE76914A2} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{296AA17D-C89E-4242-A5A4-44BFE76914A2} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{2d8d9acc-f6d7-4362-8876-a275ca929591} deleted successfully ==== Installed Programs ====================== ęTorrent Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Games Acer Registration Acer ScreenSaver Acer Updater Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) MUI Adobe Shockwave Player 11.6 Agatha Christie - Death on the Nile Alcor Micro USB Card Reader Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver avast Free Antivirus AVG Security Toolbar Backup Manager V3 Bejeweled 2 Deluxe BitGuard BitTorrent Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.0 Canon MP495 series MP Drivers Canon My Printer Canon Solution Menu EX CCleaner Chuzzle Deluxe clear.fi clear.fi Client Crazy Chicken Kart 2 DAEMON Tools Lite De SimsT 3 De SimsT 3 Jaargetijden De SimsT 3 Na Middernacht De SimsT 3 Wereldavonturen Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition eBay Worldwide Evernote v. 4.5.1 Facebook Video Calling 1.2.0.287 FATE Final Drive: Nitro Fooz Kids Fooz Kids Platform Gebruikersregistratie voor Canon MP495 series Giant Savings Google Chrome Google Update Helper Hard Truck 18 Wheels of Steel HiJackThis Hotspot Shield 3.09 Identity Card iLivid Insaniquarium Deluxe Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Java Auto Updater Java(TM) 7 Update 5 JavaFX 2.1.1 Jewel Match 3 Jewel Quest Solitaire John Deere Drive Green Junk Mail filter update Launch Manager ManyCam 3.0.91 (remove only) Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works 2003 Setup starten Microsoft WSE 3.0 Runtime More Games from Acer Games MSVCRT Mystery of Mortlake Mansion MyWinLocker MyWinLocker 4 MyWinLocker Suite newsXpresso Norton Online Backup NTI Media Maker 9 OpenOffice.org 3.4.1 Penguins Picasa 3 Plants vs. Zombies - Game of the Year Pokki Pokki Download Helper Polar Bowler PriceGong 2.6.4 Realtek High Definition Audio Driver Roller Coaster Tycoon 3 Platinum - CarlesNeo Search-Results Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Shredder SkypeT 6.3 Slingo Deluxe Softonic toolbar on IE Speccy Spotify swMSM Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Torchlight Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WebCake 3.00 Wedding Dash Welcome Center WildTangent Games App (Acer Games) Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Upload Tool WinRAR 4.11 (64-bit) Zuma Deluxe ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- ==== Deleting Files \ Folders ====================== "C:\ProgramData\dsgsdgdsgdsgw.pad" deleted "C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted "C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" deleted "C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk" deleted "C:\Windows\wininit.ini" deleted "C:\user.js" deleted "C:\Users\Suzanne\Desktop\CyberLink_YouCam_Downloader.exe" deleted "C:\ProgramData\lsass.exe" deleted "C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe" deleted "C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll" deleted "C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll" deleted "C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe" deleted "C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe" deleted "C:\Program Files (x86)\Hotspot Shield\bin\HssSrvlib.dll" deleted "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" not deleted "C:\Program Files (x86)\Hotspot Shield\bin\zlib1.dll" deleted "C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll" deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\bl" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.settings" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\dm" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\uninstall.exe" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\00" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\01" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\02" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\03" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\10" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\11" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\12" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\13" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\20" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\21" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\22" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\23" not deleted "C:\Program Files (x86)\Softonic" deleted "C:\Program Files (x86)\Search Results Toolbar" not deleted "C:\Program Files (x86)\Giant Savings" deleted "C:\Program Files (x86)\WebCake" deleted "C:\Program Files (x86)\PriceGong" deleted "C:\Program Files (x86)\Hotspot Shield" not deleted "C:\Program Files (x86)\Conduit" deleted "C:\Users\Suzanne\AppData\Roaming\WebCake" deleted "C:\Users\Suzanne\AppData\Roaming\Babylon" deleted "C:\Users\Suzanne\AppData\Roaming\File Scout" deleted "C:\ProgramData\Browser Manager" not deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\APN" deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\IBUpdaterService" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Suzanne\AppData\Local\iLivid" deleted "C:\Users\Suzanne\AppData\Local\CRE" deleted "C:\Users\Suzanne\AppData\Local\APN" deleted "C:\Users\Suzanne\AppData\Local\Babylon" deleted "C:\Users\Suzanne\AppData\Local\Giant Savings" deleted "C:\Users\Suzanne\AppData\Local\Conduit" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield" deleted "C:\Users\Suzanne\AppData\LocalLow\searchresultstb" deleted "C:\Users\Suzanne\AppData\LocalLow\ilividtoolbarguid" deleted "C:\Users\Suzanne\AppData\LocalLow\ilividtoolbarguid" deleted "C:\Users\Suzanne\AppData\LocalLow\Softonic" deleted "C:\Users\Suzanne\AppData\LocalLow\phpnuke" deleted "C:\Users\Suzanne\AppData\LocalLow\FileConverter_1.4" deleted "C:\Users\Suzanne\AppData\LocalLow\DataMngr" deleted "C:\Users\Suzanne\AppData\LocalLow\PriceGong" deleted "C:\Users\Suzanne\AppData\LocalLow\Conduit" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted "C:\Program Files (x86)\Search Results Toolbar\Datamngr" not deleted "C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64" not deleted "C:\Program Files (x86)\Hotspot Shield\bin" not deleted "C:\Program Files (x86)\Hotspot Shield\hsswd" not deleted "C:\Program Files (x86)\Hotspot Shield\HssWPR" not deleted "C:\Program Files (x86)\Hotspot Shield\bin\lang" not deleted "C:\Program Files (x86)\Hotspot Shield\hsswd\default" not deleted "C:\Program Files (x86)\Hotspot Shield\HssWPR\conf" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}" not deleted "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Suzanne\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-09-03 17:04:23 5E75CA03513BF7563F9A6AFCBDC47AC2 49872 ----a-w- C:\Windows\Sysnative\drivers\lfqmsshu.sys 2013-08-21 14:08:00 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2013-08-21 14:07:58 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-09-14 18:21:43 F0E1929518F0D547DC9D32BED4873161 3420 ----a-w- C:\Windows\Sysnative\Tasks\BitGuard ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-08-29 11:39:13 -------- d-----w- C:\Program Files\Speccy ======= C:\Program Files (x86) ===== 2013-08-29 11:47:58 -------- d-----w- C:\Program Files (x86)\Trend Micro ======= C: ===== ====== C:\Users\Suzanne\AppData\Roaming ====== 2013-09-14 18:23:05 -------- d-----w- C:\Users\Suzanne\AppData\Local\avgchrome 2013-09-14 18:21:18 -------- d-----w- C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard 2013-08-28 17:41:14 F84E6B79B6F46AE44A78958B161FC299 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-2206691725-1079391299-2408798529-1000.dat 2013-08-21 13:59:30 2C729E7446C0CD9F651D9BD9F51C96BD 648436 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat ====== C:\Users\Suzanne ====== 2013-09-14 18:20:54 -------- d-----w- C:\ProgramData\BitGuard ====== C: exe-files == 2013-09-14 18:21:18 7F8BECFB26F2655E281406C6C341F416 3029472 ----a-w- C:\ProgramData\BitGuard\2.6.1673.238\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\uninstall.exe 2013-09-14 18:21:09 7F8BECFB26F2655E281406C6C341F416 3029472 ----a-w- C:\ProgramData\BitGuard\2.6.1673.238\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\BitGuard.exe 2013-09-10 18:20:26 CB139AE37B93E21CD858D748B3DF0EEA 34509664 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_chrome_installer.exe === C: other files == 2013-09-17 17:15:27 D92EF83B560C2C682F3C5EC7406B3F0A 20424 ----a-w- C:\Users\Public\Desktop\sample_17-09-2013_1915.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO" "Facebook Update"="C:\Users\Suzanne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "GameTracker"="C:\Program Files (x86)\GameTracker\GTLite.exe" "BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify"="C:\Users\Suzanne\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Pokki"="C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #6"="C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session" "Application Restart #4"="C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "DATAMNGR"="C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO" "Facebook Update"="C:\Users\Suzanne\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "GameTracker"="C:\Program Files (x86)\GameTracker\GTLite.exe" "BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Spotify Web Helper"="C:\Users\Suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Spotify"="C:\Users\Suzanne\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Pokki"="C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #6"="C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session" "Application Restart #4"="C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeMovieService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HotKeysCmds" "hkey"="HKLM" "command"="C:\\Windows\\system32\\hkcmd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ManyCam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ManyCam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\ManyCam\\Bin\\ManyCam.exe\" /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pokki] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Pokki" "hkey"="HKCU" "command"="\"C:\\Users\\Suzanne\\AppData\\Local\\Pokki\\v0.260.6.332\\pokki.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sidebar" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Suzanne\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Suzanne\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" ==== Startup Folders ====================== 2013-01-23 19:11:11 1328 ----a-w- C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk 2012-11-12 15:24:29 1243 ----a-w- C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job --a------ C:\Windows\TEMP\D23D6244-D8CA-41C9-9E75-B3F134C79DD1.exe [] C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job --a------ C:\Windows\TEMP\0AD3FB29-9651-4761-8915-86C000E5BA86.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2206691725-1079391299-2408798529-1000Core.job --a------ C:\Users\Suzanne\AppData\Local\Facebook\Update\FacebookUpdate.exe [23-01-2013 21:09] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2206691725-1079391299-2408798529-1000UA.job --a------ C:\Users\Suzanne\AppData\Local\Facebook\Update\FacebookUpdate.exe [23-01-2013 21:09] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-08-2012 21:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26-08-2012 21:22] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx[] cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Suzanne\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] fjoijdanhaiflhibkljeklcghcmmfffh - C:\Program Files (x86)\WebCakeLayers.crx[03-08-2013 20:16] hgfgfchdnkmpdcadgmfgcglocdbkehjo - C:\Users\Suzanne\AppData\Local\CRE\hgfgfchdnkmpdcadgmfgcglocdbkehjo.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Suzanne\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.3.0.11\avg.crx[26-06-2013 18:08] ndkhncnongaclekkbelchmeafffimifj - C:\Users\Suzanne\AppData\Local\Giant Savings\Chrome\Giant Savings.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Suzanne\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] hgfgfchdnkmpdcadgmfgcglocdbkehjo - C:\Users\Suzanne\AppData\Local\CRE\hgfgfchdnkmpdcadgmfgcglocdbkehjo.crx[] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Suzanne\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[] PriceGong - Suzanne - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Web Cake - Suzanne - Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh Doodle Jump - Suzanne - Default\Extensions\hgfgfchdnkmpdcadgmfgcglocdbkehjo Webcam Toy - Suzanne - Default\Extensions\lfbgimoladefibpklnfmkpknadbklade AVG Secure Search - Suzanne - Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Giant Savings - Suzanne - Default\Extensions\ndkhncnongaclekkbelchmeafffimifj ==== Chrome Fix ====================== C:\Program Files (x86)\WebCakeLayers.crx deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adobe-photoshop-cs2.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adobe-photoshop.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hotspot-shield.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_instagrille.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_medal-of-honor-allied-assault.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onsoftware.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_picmonkey-extension.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_skype.nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rss2search.com_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bkomkajifikmkfnjgphkjcfeepbnojok_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfgfchdnkmpdcadgmfgcglocdbkehjo deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgfgfchdnkmpdcadgmfgcglocdbkehjo_0.localstorage deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgfgfchdnkmpdcadgmfgcglocdbkehjo_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage-journal deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0 deleted successfully C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={60FC0440-725B-4BE1-A7CA-7B236D4A5737}&mid=ae6e7e5239e347d09e0439d3c90d9dc9-7e189952288cd6ae228b2eb1d10eaa59852233b4&lang=nl&ds=st011&pr=sa&d=2012-09-26" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_USERS\S-1-5-21-2206691725-1079391299-2408798529-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011441179} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hgfgfchdnkmpdcadgmfgcglocdbkehjo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\hgfgfchdnkmpdcadgmfgcglocdbkehjo deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Suzanne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [GameTracker] C:\Program Files (x86)\GameTracker\GTLite.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Spotify] "C:\Users\Suzanne\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\RunOnce: [Application Restart #6] C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session O4 - HKCU\..\RunOnce: [Application Restart #4] C:\Users\Suzanne\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Suzanne\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: Facebook Messenger.lnk = Suzanne\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\bitguard\261673~1.238\{61d8b~1\bitguard.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.6.1673.238\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\BitGuard.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (file missing) O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE (file missing) O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTSTM3IZ will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Suzanne\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\bl" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.settings" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\dm" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\uninstall.exe" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\00" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\01" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\02" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\03" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\10" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\11" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\12" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\13" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\20" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\21" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\22" not found "C:\ProgramData\Browser Manager\2.6.1519.190\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\23" not found "C:\Program Files (x86)\Search Results Toolbar" not found "C:\Program Files (x86)\Hotspot Shield" not found "C:\ProgramData\Browser Manager" not found "C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTSTM3IZ" not found ==== EOF on di 17-09-2013 at 22:44:52,49 ======================