Zoek.exe v5.0.0.0 Updated 07-September-2014 Tool run by Joey on ma 08-09-2014 at 9:09:22,68. Microsoft Windows 7 Home Premium 6.1.7600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Joey\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-9-2014 9:13:05 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Nitro PDF deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Freemake deleted successfully C:\PROGRA~3\iolo deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Tunngle deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\PROGRA~3\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} deleted successfully C:\Users\Joey\AppData\Roaming\.# deleted successfully C:\Users\Joey\AppData\Roaming\iolo deleted successfully C:\Users\Joey\AppData\Roaming\My Games deleted successfully C:\Users\Joey\AppData\Roaming\Vso deleted successfully C:\Users\Joey\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Joey\AppData\Local\CutePDF Writer deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3082144556-1874712928-1024902711-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully HKEY_USERS\S-1-5-21-3082144556-1874712928-1024902711-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully HKEY_USERS\S-1-5-21-3082144556-1874712928-1024902711-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_USERS\S-1-5-21-3082144556-1874712928-1024902711-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Users\Joey\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default user.js not found ---- Lines babylon modified from prefs.js ---- user_pref("extensions.enabledItems", "{df3c47d6-c7a9-46ab-9648-8c4627404f87}:1.0,{9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.6,{CAFEEFAC-0016-0000-00 ---- Lines ask.com removed from prefs.js ---- user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics"); user_pref("extentions.y2layers.installId", "54528be2-fe99-4b3b-9b00-5b20228c2aca"); user_pref("extentions.y2layers.lastDnsTest", 371970); ---- Lines yontoo modified from prefs.js ---- user_pref("extensions.enabledItems", "{df3c47d6-c7a9-46ab-9648-8c4627404f87}:1.0,{9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.6,{CAFEEFAC-0016-0000-00 ---- FireFox user.js and prefs.js backups ---- prefs_08-09-2014_0939_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\PROGRA~3\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} not found C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} deleted C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default\extensions\ascsurfingprotection@iobit.com deleted C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66} deleted C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} deleted C:\PROGRA~3\eSellerate deleted C:\Users\Joey\.android deleted C:\PROGRA~2\Alawar.co.nl deleted C:\PROGRA~2\SopCast deleted C:\PROGRA~2\1ClickDownload deleted C:\found.000 deleted C:\Users\Joey\AppData\Roaming\temp.ini deleted C:\Users\Joey\AppData\Roaming\Youdagames deleted C:\PROGRA~3\AlawarWrapper deleted C:\PROGRA~3\ProductData deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Users\Joey\Downloads\adt-bundle-windows-x86_64-20131030.zip deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default\searchplugins\trovi-search.xml deleted C:\Users\Joey\Desktop\4K Video Downloader.lnk deleted "C:\Windows\Installer\63637f.msi" deleted "C:\Users\Joey\AppData\Roaming\Temp" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) (Build 7600) Memory (RAM): 3951 MB CPU Info: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz CPU Speed: 2461,0 MHz Sound Card: luidspreker/Hoofdtelefoon (Real | Display Adapters: ATI Mobility Radeon HD 5470 | ATI Mobility Radeon HD 5470 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter | Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller CD / DVD Drives: 2x (D: | E: | ) D: MATSHITADVD-RAM UJ890AS | E: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 452,4GB Hard Disks - Free: C: 35,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/23/09 | Sony - 20100817 Time Zone: West-Europa (standaardtijd) Motherboard *: Sony Corporation VAIO Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Internet Explorer Version: 9.0.8112.16421 Mozilla Firefox version: 28.0 (x86 nl) Google Chrome version: 37.0.2062.103 Adobe Reader version: 10.1.11.8 Sun Java version: 1.7.0_55 (32-bit) Sun Java version: 1.6.0_45 (64-bit) Flash Player version: 14.0.0.145 Shockwave Player version: 12.1.1r151 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joey\AppData\Local\Temp ==== 2014-09-03 13:19:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-09-03 11:35:32 8625883E2A0656CB58BC54F0E231BBD3 3691008 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\bdcore\nero.bdcore.msi 2014-09-03 11:35:31 EA9427EC579789CFB4AB78688AECE724 1066496 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\dolbyfiles\nero.dolbyfiles.msi 2014-09-03 11:35:31 E5B656A2A38A3C4FEF4F19661C75A681 2609152 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\corecomponents\nero.corecomponents.msi 2014-09-03 11:35:31 C41F1099DCDCFD1D8074E1D748A85C19 867328 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\blurayplayerhelpchm\nero.blurayplayerhelpchm.msi 2014-09-03 11:35:29 E9380C1635054E792E0BE799276F3E12 867328 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\kwikmediahelpchm\nero.kwikmediahelpchm.msi 2014-09-03 11:35:29 314EEABF14DE2362779ECC95B6FF460E 2050048 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\kwikmedia\nero.kwikmedia.msi 2014-09-03 11:35:28 DCF07996347AE673AED11350505B7E7C 1164800 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\prerequisites\nero.prerequisites.msi 2014-09-03 11:35:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\adobeflash\PRQStarter-1.exe 2014-09-03 11:35:28 A3A276E783DF6E5025F5DC7E7B849EE3 1163264 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\moviethemebase\nero.moviethemebase.msi 2014-09-03 11:35:28 97BF940FED52F8CAE12AA947AC143D6B 3797152 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\adobeflash\install_flash_player_11_active_x_32bit.exe 2014-09-03 11:35:28 484FFB097DA921660C64E414549043FD 1291776 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\update\Nero.Update.msi 2014-09-03 11:35:28 10CEF759A0E65FF7820277F0F941FE87 867328 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\applications\sharedvideocodecs\nero.sharedvideocodecs.msi 2014-09-03 11:35:27 EB701DEF7D0809E8DA765A752AB42BE5 95576 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\DSETUP.dll 2014-09-03 11:35:27 EB701DEF7D0809E8DA765A752AB42BE5 95576 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\DSETUP.dll 2014-09-03 11:35:27 EB701DEF7D0809E8DA765A752AB42BE5 95576 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\DSETUP.dll 2014-09-03 11:35:27 D8FA7BB4FE10251A239ED75055DD6F73 1566040 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\dsetup32.dll 2014-09-03 11:35:27 D8FA7BB4FE10251A239ED75055DD6F73 1566040 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\dsetup32.dll 2014-09-03 11:35:27 D8FA7BB4FE10251A239ED75055DD6F73 1566040 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\dsetup32.dll 2014-09-03 11:35:27 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\DXSETUP.exe 2014-09-03 11:35:27 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\DXSETUP.exe 2014-09-03 11:35:27 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\PRQStarter-1.exe 2014-09-03 11:35:27 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\PRQStarter-1.exe 2014-09-03 11:35:26 EB701DEF7D0809E8DA765A752AB42BE5 95576 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\DSETUP.dll 2014-09-03 11:35:26 EB701DEF7D0809E8DA765A752AB42BE5 95576 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\DSETUP.dll 2014-09-03 11:35:26 D8FA7BB4FE10251A239ED75055DD6F73 1566040 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\dsetup32.dll 2014-09-03 11:35:26 D8FA7BB4FE10251A239ED75055DD6F73 1566040 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\dsetup32.dll 2014-09-03 11:35:26 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\vcredist_x86.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\DXSETUP.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\DXSETUP.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\DXSETUP.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\rebootValidator\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindowsxpX86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindows6.0X86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindows6.0X64\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\PRQStarter-1.exe 2014-09-03 11:35:26 448447E0BA4560CD558EDDB5F5B0809E 3327000 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe 2014-09-03 11:35:25 EC1429338D4C3AD2AA747D231A8EC8F5 738600 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\setup.exe 2014-09-03 11:35:25 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\systemRequirementValidator\PRQStarter-1.exe 2014-09-03 11:35:25 6DBA7AB9D7722805899353168E3CEF17 25197056 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\nero.neromediahomefree.msi 2014-09-03 11:35:25 3FCCD20F89D4D186890128EF3F878366 2566416 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\systemRequirementValidator\NeroOSValidator.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-07 18:44:10 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-09-05 08:12:55 -------- d-----w- C:\PROGRA~2\AMR to MP3 Converter 2014-09-03 12:12:07 -------- d-----w- C:\PROGRA~2\VSO ======= C: ===== ====== C:\Users\Joey\AppData\Roaming ====== 2014-09-03 12:41:44 C94495617C9D8983BF824072D1BDFA08 1059 ----a-w- C:\Users\Joey\AppData\Roaming\vso_ts_preview.xml 2014-09-03 12:12:29 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 ----a-w- C:\Users\Joey\AppData\Roaming\pcouffin.sys 2014-09-03 12:12:29 7F13C6D2AE5F9D8B41E9D7D6CAD16EAA 1167 ----a-w- C:\Users\Joey\AppData\Roaming\pcouffin.inf 2014-09-03 12:12:29 1E7BDB2AC98BCE13AE85C0F6DB1ECCB8 7859 ----a-w- C:\Users\Joey\AppData\Roaming\pcouffin.cat 2014-09-03 12:12:29 16E53BFC96CE14021C0E07EB1C198478 99384 ----a-w- C:\Users\Joey\AppData\Roaming\inst.exe ====== C:\Users\Joey ====== 2014-09-07 18:42:10 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Joey\Desktop\RSITx64.exe 2014-09-05 08:12:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR to MP3 Converter 2014-09-03 12:12:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-09-03 12:12:07 -------- d-----w- C:\ProgramData\VSO 2014-08-30 08:54:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller ====== C: exe-files == 2014-09-07 18:44:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Joey.exe 2014-09-07 18:42:10 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Joey\Desktop\RSITx64.exe 2014-09-05 08:12:56 386F6AFE8D447BA0A761EFDD722C01CF 12433408 ----a-w- C:\Program Files (x86)\AMR to MP3 Converter\ffmpeg.exe 2014-09-05 08:12:55 8ACA607E5E0621BAA813EA25A2003624 722718 ----a-w- C:\Program Files (x86)\AMR to MP3 Converter\unins000.exe 2014-09-05 08:12:55 82B3E6276329588D509B02B5EC0568D6 840192 ----a-w- C:\Program Files (x86)\AMR to MP3 Converter\amrtomp3converter.exe 2014-09-05 08:12:14 29425A984E55DCB05F546930D978F099 4320546 ----a-w- C:\Users\Joey\Documents\Downloads\amrtomp3converter_setup.exe 2014-09-04 07:51:25 A25437F7A68D6B15F0554545000389A5 768592 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.103\37.0.2062.103_37.0.2062.102_chrome_updater.exe 2014-09-03 13:49:41 265CE0AF98A3A675E23EB8B8AAFC1F3F 24244016 ----a-r- C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe 2014-09-03 13:49:38 1F34D2D4C3790CDDAB45216A5191B2B8 6202168 ----a-w- C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe 2014-09-03 13:49:37 9D2D33DED816FCDACD14C4CBA9DE65A6 2280280 ----a-w- C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe 2014-09-03 13:49:27 8B57FCD40426920C389DB6DFA1CFF857 1176904 ----a-w- C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe 2014-09-03 13:37:10 0A6D355F729FEB35003569342062686F 23836976 ----a-w- C:\$Recycle.Bin\S-1-5-21-3082144556-1874712928-1024902711-1000\$R0ORO28\crack + key\ConvertXtoDvd.exe 2014-09-03 13:37:09 6D004DE03DAFA9C611F9D0B66E2A5DBD 35123384 ----a-w- C:\$Recycle.Bin\S-1-5-21-3082144556-1874712928-1024902711-1000\$R0ORO28\vsoConvertXtoDVD5_setup.exe 2014-09-03 13:19:46 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 2014-09-03 12:12:29 16E53BFC96CE14021C0E07EB1C198478 99384 ----a-w- C:\Users\Joey\AppData\Roaming\inst.exe 2014-09-03 12:12:14 814B2E73E67576D35F0DA5E2F24D9F06 1965848 ----a-w- C:\Program Files (x86)\VSO\common\VsoRep\vsorep.exe 2014-09-03 11:35:28 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\adobeflash\PRQStarter-1.exe 2014-09-03 11:35:28 97BF940FED52F8CAE12AA947AC143D6B 3797152 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\adobeflash\install_flash_player_11_active_x_32bit.exe 2014-09-03 11:35:27 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\DXSETUP.exe 2014-09-03 11:35:27 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\DXSETUP.exe 2014-09-03 11:35:27 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx10\PRQStarter-1.exe 2014-09-03 11:35:27 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dcsx\PRQStarter-1.exe 2014-09-03 11:35:26 CEDE02D7AF62449A2C38C49ABECC0CD3 4995416 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\vcredist_x86.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\DXSETUP.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\DXSETUP.exe 2014-09-03 11:35:26 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\DXSETUP.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\rebootValidator\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindowsxpX86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindows6.0X86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindows6.0X64\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\microsoftVcRedist2010Sp1X86\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3dHlslCompiler9.29.952.3111\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx9\PRQStarter-1.exe 2014-09-03 11:35:26 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\direct3d10.1Extensions9.29.952.3111D3dx11\PRQStarter-1.exe 2014-09-03 11:35:26 448447E0BA4560CD558EDDB5F5B0809E 3327000 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\msi4.5ForWindowsxpX86\WindowsXP-KB942288-v3-x86.exe 2014-09-03 11:35:25 EC1429338D4C3AD2AA747D231A8EC8F5 738600 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\setup.exe 2014-09-03 11:35:25 B632F265AF1745A79FF5CF5BEB10F273 165648 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\systemRequirementValidator\PRQStarter-1.exe 2014-09-03 11:35:25 3FCCD20F89D4D186890128EF3F878366 2566416 ----a-w- C:\Users\Joey\AppData\Local\Temp\NeroInstallFiles\NERO20130924145548210\ISSetupPrerequisites\systemRequirementValidator\NeroOSValidator.exe === C: other files == 2014-09-03 13:19:45 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\TDL4.bat 2014-09-03 13:19:45 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\medfos.bat 2014-09-03 13:19:45 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\modules.bat 2014-09-03 13:19:45 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\searchlnk.bat 2014-09-03 13:19:45 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\firefox.bat 2014-09-03 13:19:45 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\ev_clear.bat 2014-09-03 13:19:45 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\runvalues.bat 2014-09-03 13:19:45 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\delorphans.bat 2014-09-03 13:19:45 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\get.bat 2014-09-03 13:19:45 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\prelim.bat 2014-09-03 13:19:45 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\chrome.bat 2014-09-03 13:19:45 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\misc.bat 2014-09-03 13:19:45 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\ask.bat 2014-09-03 13:19:45 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\iexplore.bat 2014-09-03 13:19:45 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\JRT.bat 2014-09-03 13:19:45 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\FWPolicy.bat 2014-09-03 13:19:45 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Joey\AppData\Local\Temp\jrt\delfolders.bat 2014-09-03 12:12:29 AF7CE12C4F3DC8CB2B07685C916BBCFE 82816 ----a-w- C:\Users\Joey\AppData\Roaming\pcouffin.sys 2014-09-01 11:53:04 0A84257B311E26D39779090CA2191B36 34243 ----a-w- C:\Users\Joey\Documents\Downloads\the-big-wedding_dutch-766318.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\Citrix\\ICACLI~1\\RSHook.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\20131121] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="20131121" "hkey"="HKLM" "command"="C:\\Program Files\\AVAST Software\\Avast\\setup\\emupdate\\096d0884-e37d-4615-a930-5aa5bf065847.exe /check" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 5] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 5" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare 5\\ASCTray.exe\" /AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Advanced SystemCare 7" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare 7\\ASCTray.exe\" /Auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Apoint" "hkey"="HKLM" "command"="%ProgramFiles%\\Apoint\\Apoint.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CitrixReceiver] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CitrixReceiver" "hkey"="HKLM" "command"="\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Citrix\\Receiver Updater.lnk\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ConnectionCenter" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DNS7reminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DNS7reminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\NaturallySpeaking11\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\NaturallySpeaking11\\Ereg.ini\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EzPrint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EzPrint" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Lexmark 7100 Series\\ezprint.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Joey\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixCamera] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FixCamera" "hkey"="HKLM" "command"="C:\\Windows\\FixCamera.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISBMgr.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISBMgr.exe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Sony\\ISB Utility\\ISBMgr.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKCU" "command"="C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jing] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Jing" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\TechSmith\\Jing\\Jing.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesHelper" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LXBXCATS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LXBXCATS" "hkey"="HKLM" "command"="rundll32 C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\LXBXtime.dll,RunDLLEntry" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lxbxmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxbxmon.exe" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Lexmark 7100 Series\\lxbxmon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Online Backup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PMBVolumeWatcher" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Plugin Install] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Plugin Install" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\QuickTime\\Plugins\\DeleteMe1.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE3 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART Board Service] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMART Board Service" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\SMART Technologies\\SMART Board Drivers\\SMARTBoardService.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMART SNMP Agent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SMART SNMP Agent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe -e" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snpstd3] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="snpstd3" "hkey"="HKLM" "command"="C:\\Windows\\vsnpstd3.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TkBellExe" "hkey"="HKLM" "command"="\"c:\\program files (x86)\\real\\realplayer\\update\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tsnpstd3] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tsnpstd3" "hkey"="HKLM" "command"="C:\\Windows\\tsnpstd3.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Joey\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] "backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe " "item"="Bluetooth" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk] "backup"="C:\\Windows\\pss\\SMART Board Tools.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\SMARTT~1\\SMARTB~1\\SMARTB~2.EXE " "item"="SMART Board Tools" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Joey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Joey\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe " "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService5] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-07-2014 20:37] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3082144556-1874712928-1024902711-1000Core.job --a------ C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [12-07-2012 11:40] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3082144556-1874712928-1024902711-1000UA.job --a------ C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe [12-07-2012 11:40] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-08-2010 14:58] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-08-2010 14:58] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC4_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe] "C:\Windows\SysNative\tasks\ASC7_SkipUac_Joey" ["C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe" /SkipUac] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3082144556-1874712928-1024902711-1000Core" [C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3082144556-1874712928-1024902711-1000UA" [C:\Users\Joey\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3082144556-1874712928-1024902711-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3082144556-1874712928-1024902711-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\USER_ESRV_SVC" ["C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{176B8248-2767-4A71-A15C-A2BFFA88435C}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{77D4558A-5CAF-4F84-B933-2C8789015F5D}" [C:\Program Files (x86)\SPMT\SPMT.exe] "C:\Windows\SysNative\tasks\{909525CB-E281-46BA-A167-06592953FA60}" [C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe] "C:\Windows\SysNative\tasks\{C88F1824-5CF4-4FB2-819A-D3BB91452A82}" [C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\SONY\Remote Keyboard with PlayStation 3\Remote Keyboard with PlayStation 3" ["%ProgramFiles%\Sony\Remote Keyboard with PlayStation 3\VBTKBUtil.exe"] "C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Daily" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe] "C:\Windows\SysNative\tasks\SONY\SUS-BCF\Level4Month" [C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\StartExecuteProxy" ["%programfiles%\Sony\VAIO Gate\ExecutionProxy.exe"] "C:\Windows\SysNative\tasks\SONY\VAIO Gate\VAIO Gate" [C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Logon Start" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Session Change" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Power Management\VPM Unlock" [C:\Program Files\Sony\VAIO Power Management\SPMgr.exe] "C:\Windows\SysNative\tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool" [C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\CheckSystemInfo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\DeployCRMflag" ["%ProgramFiles%\Sony\VAIO Care\DeployCRMflag.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\GetPOTInfo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\UpdateSolution" ["%ProgramFiles%\Sony\VAIO Care\Solution.Updater.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\UploadPOT" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VAIO Care" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCCheckIolo" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCMetrics" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCOneClick" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCRLog" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Care\VCSelfHeal" ["%ProgramFiles%\Sony\VAIO Care\VCSystemTray.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\Launch Application" [C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update" ["C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe"] "C:\Windows\SysNative\tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair" [C:\Program Files\Sony\VAIO Update\VUSR.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09-07-2014 07:05] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\g8pbeof4.default 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash E37EAD09D28AE19D8A39B6A95F47513A - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll - Shockwave for Director / Shockwave for Director F6D12679B9112358AC705A1308156F59 - C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Joey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 10737B44923217BC0E67D26A9FC1F0AA - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) 2645990C521342DCD08963D2DF6CD0D2 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09-07-2014 07:05] jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[24-05-2012 20:04] YouTube - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Video Downloader professional - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil AdBlock - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom avast Online Security - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage deleted successfully C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal deleted successfully C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Search Bar"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== shortcuts on Users Desktops ====================== C:\Users\Joey\Desktop\Age of Empires Online.lnk - C:\Users\Joey\Desktop\Any Video Converter 5.lnk - C:\Program Files (x86)\AnvSoft\Any Video Converter 5\AVCFree.exe C:\Users\Joey\Desktop\Any Video Converter.lnk - C:\Program Files (x86)\AnvSoft\Any Video Converter\VideoConverter.exe C:\Users\Joey\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Joey\Desktop\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe C:\Users\Joey\Desktop\Dropbox.lnk - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Joey\Desktop\eclipse - Snelkoppeling.lnk - C:\Users\Joey\Documents\Uitgepakte adt-bundle\adt-bundle-windows-x86_64-20131030\eclipse\eclipse.exe C:\Users\Joey\Desktop\exe-1.04.0.lnk - C:\Program Files (x86)\exe\exe.exe C:\Users\Joey\Desktop\Freez FLV to MP3 Converter.lnk - C:\Program Files (x86)\Smallvideosoft\Freez FLV to MP3 Converter\flv2mp3.exe C:\Users\Joey\Desktop\GemistDownloader.lnk - C:\Program Files (x86)\GemistDownloader\GemistDownloader.exe C:\Users\Joey\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.google.nl C:\Users\Joey\Desktop\HousecallLauncher.lnk - C:\Users\Joey\Documents\Downloads\HousecallLauncher64.exe C:\Users\Joey\Desktop\KeepTube.lnk - C:\Program Files (x86)\KeepTube\KeepTube.exe C:\Users\Joey\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Joey\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Joey\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Joey\Desktop\Mp4Gain.lnk - C:\Program Files (x86)\Mp4Gain\Mp4Gain.exe C:\Users\Joey\Desktop\MWSnap 3.lnk - C:\Program Files (x86)\MWSnap\MWSnap.exe C:\Users\Joey\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Joey\Desktop\Sons-Of-Anarchy - Snelkoppeling.lnk - C:\Users\Public\Documents\Sons-Of-Anarchy.jpg C:\Users\Joey\Desktop\SopCast.lnk - C:\Program Files (x86)\SopCast\SopCast.exe C:\Users\Joey\Desktop\SPMT.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{A2C3A640-2B29-4772-BC76-AA5989FFB532}\_6E2F7D377706695E4376AD.exe C:\Users\Joey\Desktop\Spotify.lnk - C:\Users\Joey\AppData\Roaming\Spotify\spotify.exe C:\Users\Joey\Desktop\Subtitle Workshop.lnk - C:\Program Files (x86)\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe C:\Users\Joey\Desktop\SyncBackFree.lnk - C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe C:\Users\Joey\Desktop\vReveal Full version.lnk - C:\Program Files (x86)\vReveal\vRevealR.exe C:\Users\Joey\Desktop\WebCallDirect.lnk - C:\Program Files (x86)\WebCallDirect.com\WebCallDirect\WebCallDirect.exe C:\Users\Joey\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2012.lnk - C:\Program Files (x86)\Belastingdienst\Aangifte inkomstenbelasting\2012\ib2012.exe C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 3.0\DigitalEditions.exe C:\Users\Public\Desktop\Adobe Reader X .lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual C:\Users\Public\Desktop\AMR to MP3 Converter.lnk - C:\Program Files (x86)\AMR to MP3 Converter\amrtomp3converter.exe C:\Users\Public\Desktop\avast Free Antivirus.lnk - C:\Users\Public\Desktop\Convert VOB to AVI.lnk - C:\Program Files (x86)\Convert VOB to AVI\convertvobtoavi.exe C:\Users\Public\Desktop\Deeper Dungeons.lnk - C:\GOG Games\Dungeon Keeper Gold\DOSBOX\DOSBox.exe -conf "..\dosboxDK.conf" -conf "..\dosboxDK_addon.conf" -noconsole -c exit C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk - C:\Windows\Installer\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}\NatSpeakD_Shortcut_EFFA53BC8C042E213D90A13B1697B0CA.exe C:\Users\Public\Desktop\Dungeon Keeper Gold.lnk - C:\GOG Games\Dungeon Keeper Gold\DOSBOX\DOSBox.exe -conf "..\dosboxDK.conf" -conf "..\dosboxDK_single.conf" -noconsole -c exit C:\Users\Public\Desktop\Geďntegreerde softwarepakketten van Lexmark - 7100 Series.lnk - C:\Users\Public\Desktop\GIMP 2.lnk - C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe C:\Users\Public\Desktop\Horse Racing Fantasy 3.lnk - C:\Users\Joey\AppData\Roaming\Hrsim\Hrfan\Hrfanwin.exe C:\Users\Public\Desktop\Hotel Giant.lnk - C:\Program Files (x86)\JoWood\Hotel Giant\Hotel.exe C:\Users\Public\Desktop\ImgBurn.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.google.nl C:\Users\Public\Desktop\Notebook-software 10.lnk - C:\Program Files (x86)\SMART Technologies\Notebook Software\Notebook.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files (x86)\real\realplayer\RealPlay.exe /launch:desktop C:\Users\Public\Desktop\RescuePRO.lnk - C:\Program Files (x86)\RescuePRO\RescuePRO.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\Steam.lnk - C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe C:\Users\Public\Desktop\WD Drive Utilities.lnk - C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /toolbox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /turboboost C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Verwijder Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR to MP3 Converter\AMR to MP3 Converter.lnk - C:\Program Files (x86)\AMR to MP3 Converter\amrtomp3converter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMR to MP3 Converter\Uninstall.lnk - C:\Program Files (x86)\AMR to MP3 Converter\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Verwijder HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\l glp license.lnk - C:\Program Files (x86)\VSO\ConvertX\5\lgpl-2.1.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Translate ConvertXToDVD 5.lnk - C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Verwijder ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Stuurprogramma’s\ Verwijder Stuurprogramma (Compatibiliteits Modus).lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Stuurprogramma’s\ Controleer.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Stuurprogramma’s\ Installeer.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk - C:\Program Files (x86)\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.google.nl ==== shortcuts After Repair ====================== C:\Users\Joey\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FCCC6B633C793CB488092A7E870C30E7 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{36B6CCCF-97C3-4BC3-8890-A2E778C0037E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FCCC6B633C793CB488092A7E870C30E7 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.battle-strategy.com O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O20 - AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Energy Server Service (ESRV_SVC) - Intel Corporation - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro 3.7 Crusader (HitmanPro37Crusader) - SurfRight B.V. - C:\Program Files\HitmanPro\HitmanPro.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: lxbx_device - - C:\Windows\system32\lxbxcoms.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service for Sony (McComponentHostServiceSony) - McAfee, Inc. - C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: User Energy Server Service (USER_ESRV_SVC) - Intel Corporation - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\vuagent.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Joey\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=691 folders=146 794893125 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Joey\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joey\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on ma 08-09-2014 at 9:59:06,10 ======================