Zoek.exe v5.0.0.0 Updated 20-September-2014 Tool run by Elinerik on do 23-10-2014 at 22:23:00,94. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: F:\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23-10-2014 22:29:54 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Telltale Games deleted successfully C:\Program Files\trend micro deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\BabylonUpdater deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\Users\Elinerik\AppData\Roaming\Apple Computer deleted successfully C:\Users\Elinerik\AppData\Roaming\Media Player Classic deleted successfully C:\Users\mede8er\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\ProgramData\DatacardService\DCSHelper.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\PixArt\PAP7501\GUCI_AVS.exe C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Elinerik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Users\Elinerik\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe F:\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WajamUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Yontoo Desktop Updater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "7afd99da0000000000000625d3cdbafc"); user_pref("extensions.delta.instlDay", "15846"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.523:31:22"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.id", "7afd99da0000000000000625d3cdbafc"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.instlDay", "15846"); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.523:31:22"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.admin", false); user_pref("extensions.delta_i.babTrack", "affID=119357&tt=gc_"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.srcExt", "ss"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines y2layers removed from prefs.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); user_pref("extentions.y2layers.installId", "84fd024c-59f3-4956-8ba2-e719e0a7fb44"); ---- Lines y2layers removed from user.js ---- user_pref("extentions.y2layers.installId", "84fd024c-59f3-4956-8ba2-e719e0a7fb44"); user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); ---- FireFox user.js and prefs.js backups ---- user_23-10-2014_2242_.backup prefs_23-10-2014_2242_.backup ProfilePath: C:\Users\Elinerik\AppData\Roaming\Philips-Songbird\Profiles\0vj1pdyb.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_23-10-2014_2242_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46735dee-f862-49d1-876d-6382794dc625}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop] ==== Deleting Files \ Folders ====================== C:\Users\Elinerik\AppData\Roaming\DSite deleted C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} deleted C:\Program Files (x86)\ConduitEngine deleted C:\Program Files (x86)\PHPNukeDU deleted C:\Program Files (x86)\uTorrentBar_NL deleted C:\Program Files (x86)\Wajam deleted C:\Program Files (x86)\Yontoo deleted C:\Program Files (x86)\BS_Player deleted C:\Users\Elinerik\AppData\Roaming\Yontoo deleted C:\PROGRA~2\Shareaza deleted C:\PROGRA~2\FoxTabFLVPlayer deleted C:\PROGRA~2\FoxTabVideoConverter deleted C:\PROGRA~2\DAEMON Tools Toolbar deleted C:\PROGRA~2\Registry Mechanic deleted C:\PROGRA~2\Conduit deleted C:\extensions deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Elinerik\AppData\Roaming\BabSolution deleted C:\Users\Elinerik\AppData\Roaming\Babylon deleted C:\Users\Elinerik\AppData\Roaming\File Scout deleted C:\Users\Elinerik\AppData\Roaming\YoudaGames deleted C:\PROGRA~3\BrowserProtect deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Trymedia deleted C:\Users\Elinerik\AppData\Local\CRE deleted C:\Users\Elinerik\AppData\Local\Wajam deleted C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\bprotector web data deleted C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted C:\Users\Elinerik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam deleted C:\windows\SysNative\Tasks\DSite deleted C:\Users\Elinerik\AppData\LocalLow\BS_Player deleted C:\Users\Elinerik\AppData\LocalLow\BabylonToolbar deleted C:\Users\Elinerik\AppData\LocalLow\Delta deleted C:\Users\Elinerik\AppData\LocalLow\PHPNukeDU deleted C:\Users\Elinerik\AppData\LocalLow\uTorrentBar_NL deleted C:\Users\Elinerik\AppData\LocalLow\PriceGong deleted C:\Users\Elinerik\AppData\LocalLow\Conduit deleted C:\Users\Elinerik\AppData\LocalLow\ConduitEngine deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\Tasks\EPUpdater deleted C:\Windows\tasks\DSite.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default\searchplugins\babylon.xml deleted C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default\bProtector_extensions.sqlite deleted C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default\bprotector_prefs.js deleted "C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default\searchplugins\delta.xml" deleted "C:\Users\Elinerik\AppData\Local\{10E1EB0D-98EC-4226-A95D-22D0290A8003}" deleted "C:\Users\Elinerik\AppData\Local\{353C52CA-268A-4FE8-9BE3-5BB81C382E13}" deleted "C:\Users\Elinerik\AppData\Local\{599C6A0F-44F0-4811-9D0D-22E77856A924}" deleted "C:\Users\Elinerik\AppData\Local\{5DFE12D2-D498-4648-8722-A0F69CBF08B5}" deleted "C:\Users\Elinerik\AppData\Local\{747DEA3E-9EFA-40FF-963E-500D5CA2EFBB}" deleted "C:\Users\Elinerik\AppData\Local\{79ADCBF2-4E46-44FF-9251-0BD579D41A36}" deleted "C:\Users\Elinerik\AppData\Local\{C3DF2933-1CED-42C9-87E3-96427EBECD35}" deleted "C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default\searchplugins\delta.xml" deleted "C:\Users\Elinerik\AppData\Roaming\temp\ICON.htm" deleted "C:\Programdata\Windows\ccdxmmde.dat" deleted "C:\Programdata\Windows\drss.dat" deleted "C:\Users\Elinerik\AppData\Roaming\temp" deleted "C:\Programdata\Windows" deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 64-bits Manufacturer: ASUSTeK Computer Inc. - Model: K72Jr Install Date: 19-2-2010 21:05:48 Last Boot: 23-10-2014 22:03:26 Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 3948 MB (free 2425 MB - 61) Computername: DOMMEL Domain: WORKGROUP User: Elinerik (Non-Administrator account) Local Disk: C:\ - NTFS - 116 GB (free 2 GB) Local Disk: D:\ - NTFS - 334 GB (free 137 GB) CD \ DVD Drive: E:\ Removable Disk: F:\ - FAT32 - 15 GB (free 15 GB) Bootdevice: \Device\HarddiskVolume2 Windows update: Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Default Browser: Google Chrome 34.0.1847.131 Internet Explorer Version: 11.0.9600.17105 Mozilla Firefox version: 29.0.1 (x86 nl) Google Chrome version: 34.0.1847.131 Adobe Reader version: 10.1.9.22 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) Flash Player version: 13.0.0.206 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Elinerik\AppData\Local\Temp ==== 2014-10-23 20:04:32 CC40FDD59A832E27F146A62A67FDE75E 41984 ----a-w- C:\Users\Elinerik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2ystip.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-23 20:06:59 1738AF59D7E2D56078A35CD2D2E1D5F4 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-22 19:26:33 F0219B0CCE76A694178B2115D7E191E6 4029952 ----a-w- C:\Windows\Sysnative\drivers\athrx.sys ====== C:\Windows\Tasks ====== 2014-10-22 18:48:54 BE201098DE523ABD4AD59B1C92A4DF7A 3090 ----a-w- C:\Windows\Sysnative\Tasks\WC3 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-23 20:05:26 -------- d-----w- C:\Program Files\Java 2014-10-22 18:59:51 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2014-10-23 20:07:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Elinerik\AppData\Roaming ====== 2014-10-23 20:07:24 -------- d-----w- C:\Users\Elinerik\AppData\Locallow\Oracle ====== C:\Users\Elinerik ====== 2014-10-23 20:06:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-23 20:05:48 -------- d-----w- C:\ProgramData\Oracle 2014-10-22 18:59:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy ====== C: exe-files == 2014-10-23 20:06:49 83A17CFF2CF0E9E02B342F52B5F1EF6C 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-10-23 20:06:49 70CF52440D822C531623014383EB860F 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-10-23 20:06:49 689BF70CD2AAFF5F9853F8AAF69847C0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-10-23 20:06:42 E512E19ABB0905DDD6966D8A285378F1 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2014-10-23 20:06:42 E4637864454A133F78366F9EE8F13DAE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2014-10-23 20:06:42 D2440F16BB04B2BA00E6B7D3B16386B0 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2014-10-23 20:06:42 C1228BDB2C61E626F8E4F3C1D1AA3169 34216 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2014-10-23 20:06:42 B46B4608D10D2999F09F610E1F3598C1 99240 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-10-23 20:06:42 ABE7423B4F03500EE51BCCA239856F75 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2014-10-23 20:06:42 A7812249FF577AE77DC2974C4179C233 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-10-23 20:06:42 A18D9444F006007569AE38BA4BC7587D 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2014-10-23 20:06:42 83A17CFF2CF0E9E02B342F52B5F1EF6C 190888 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2014-10-23 20:06:42 74295D477250AD744520D5C0321D6486 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2014-10-23 20:06:42 70CF52440D822C531623014383EB860F 191400 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2014-10-23 20:06:42 689BF70CD2AAFF5F9853F8AAF69847C0 320936 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2014-10-23 20:06:42 2BF5652B3E0ACABE545186725B47BB7B 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2014-10-23 20:06:42 1C95FFFA46178E256C878AC59501303A 66472 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2014-10-23 20:06:42 19FBC4DF38E7813B541AF6056454ABB6 197544 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2014-10-23 20:06:42 15FC3374508FCDBFA9EE6BCEE79516AE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2014-10-23 20:06:42 15F93809B280128FB304AD7F3480A544 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2014-10-23 20:06:42 147355AED2BC7E5E4AD517F8460F70F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2014-10-23 20:06:42 0D1BED637BC1D3B5EE6A66B1A92005D5 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2014-10-23 20:06:42 0181F6F681D28D596D71FAEBAEBFB9CB 77224 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2014-10-23 20:06:42 0111B4B086BC3FC50A6A2A3BB4FF33B6 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2014-10-22 18:38:16 BF073D4F70CFC81222EA8FF077DA73F6 1047632 ----a-w- C:\WiFi_Intel_1000_Win7_64_1300107\Drivers\DPInst64.exe 2014-10-22 18:38:16 95654C2D6EA3BAAAFAAD1392000CF047 1792272 ----a-w- C:\WiFi_Intel_1000_Win7_64_1300107\Install\Setup.exe 2014-10-22 18:38:16 3CBD1A48A85F0DAF83F4A050E03EA581 399120 ----a-w- C:\WiFi_Intel_1000_Win7_64_1300107\Drivers\iProdifx.exe === C: other files == 2014-10-23 20:06:42 E6188BE460746F84D5F3EAEE736FE1CA 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-10-22 19:26:33 F0219B0CCE76A694178B2115D7E191E6 4029952 ----a-w- C:\Windows\System32\drivers\athrx.sys 2014-10-22 18:38:16 FA3B1E53FF1E503486133DA935A32904 6816256 ----a-w- C:\WiFi_Intel_1000_Win7_64_1300107\Drivers\NETw5v64.sys 2014-10-22 18:38:16 7AC2A00A69B7CA76783D23CBBFC24E4E 6952960 ----a-w- C:\WiFi_Intel_1000_Win7_64_1300107\Drivers\NETw5s64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Spotify Web Helper"="C:\Users\Elinerik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "SkyDrive"="C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Spotify Web Helper"="C:\Users\Elinerik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "SkyDrive"="C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Elinerik\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GUCI_AVS"="C:\Windows\PixArt\PAP7501\GUCI_AVS.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ATKMEDIA" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Media\\DMedia.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ATKOSD2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKOSD2\\ATKOSD2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boingo Wi-Fi] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Boingo Wi-Fi" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Boingo\\Boingo Wi-Fi\\Boingo.lnk\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenuEx" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] "command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe" "hkey"="HKLM" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EeeStorageBackup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EeeStorageBackup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\SERVICE\\AsusWSService.exe MySyncFolder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDWare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ETDWare" "hkey"="HKLM" "command"="C:\\Program Files\\Elantech\\ETDCtrl.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure Manager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="F-Secure Manager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Internetbeveiliging\\Common\\FSM32.EXE\" /splash" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\F-Secure TNB] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="F-Secure TNB" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Internetbeveiliging\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN" "hkey"="HKCU" "command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (news)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN (news)" "hkey"="HKCU" "command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /n" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN (update)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN (update)" "hkey"="HKCU" "command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /u" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUCI_AVS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GUCI_AVS" "hkey"="HKLM" "command"="C:\\Windows\\PixArt\\PAP7501\\GUCI_AVS.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HControlUser" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\HControlUser.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HW_OPENEYE_OUC_Mobile Partner] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HW_OPENEYE_OUC_Mobile Partner" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Mobile Partner\\UpdateDog\\ouc.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScanUtility] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScanUtility" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBKeyScan" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Philips Device Listener] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Philips Device Listener" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Philips\\Philips Songbird Resources\\Autolauncher\\PhilipsDeviceListener.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Setwallpaper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Setwallpaper" "hkey"="HKLM" "command"="c:\\programdata\\SetWallpaper.cmd" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "command"="\"C:\\Users\\Elinerik\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "command"="\"C:\\Users\\Elinerik\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer] "command"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StartCCC" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SysTrayApp" "hkey"="HKLM" "command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Update" "hkey"="HKCU" "command"="C:\\Users\\Elinerik\\AppData\\Roaming\\hj8ol0.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateLBPShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdateP2GoShortCut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zune Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Zune Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FancyStart daemon.lnk" "backup"="C:\\Windows\\pss\\FancyStart daemon.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\\_C4A2FC3E3722966204FDD8.exe -d" "item"="FancyStart daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Wi-Fi MediaConnect.lnk" "backup"="C:\\Windows\\pss\\Wi-Fi MediaConnect.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Philips\\WI-FIM~1\\WI-FIM~1.EXE " "item"="Wi-Fi MediaConnect" ==== Startup Folders ====================== 2014-04-06 08:54:55 1054 ----a-w- C:\Users\Elinerik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce87d4b6b7a58b.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-07-2010 20:05] C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce87d4b734516e.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-07-2010 20:05] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4227194595-628899820-3950280293-1001Core1ce87d4a56bbda9.job --a------ C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe [24-02-2010 23:57] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4227194595-628899820-3950280293-1001UA1ce87d4a61853e0.job --a------ C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe [24-02-2010 23:57] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeFlashPlayerUpdate 2" [C:\Windows\SysWOW64\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1ce87d4b6b7a58b" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1ce87d4b734516e" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4227194595-628899820-3950280293-1001Core1ce87d4a56bbda9" [C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4227194595-628899820-3950280293-1001UA1ce87d4a61853e0" [C:\Users\Elinerik\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\SysNative\tasks\{0807D76C-88CA-435A-BF83-00666F443F40}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{2EA984CF-3DC8-4FCF-9901-61444A842333}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{5EF56B12-D1FB-45C2-A025-D0DD00491191}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{7F6B3553-9BA3-49C6-9090-6BD95B9F61DA}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{8053E71A-22AE-4786-A12E-A8812A07AF85}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{A8E0B34C-45FF-4533-BEBA-D2333EAAF785}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{AF27959E-3BA6-4086-BA21-300AA8D43915}" [C:\Users\Elinerik\Downloads\Hentai Anime Strip Poker\hentaianime\ENGLISH\POKER.EXE] "C:\Windows\SysNative\tasks\{B4B8CE75-871E-454D-98B2-4C0AAEE6D344}" [C:\Grabit\Real Girls Strip Poker\RealGirls CD\SETUP.EXE] "C:\Windows\SysNative\tasks\{B634BD53-653A-45A4-810E-06C44FC9A617}" [C:\Users\Elinerik\Downloads\Hentai Anime Strip Poker\hentaianime\ENGLISH\POKER.EXE] "C:\Windows\SysNative\tasks\{BABA89A7-EF4A-4AB7-BD22-E9B762BEE095}" [C:\Users\Elinerik\Downloads\Hentai Anime Strip Poker\hentaianime\ENGLISH\POKER.EXE] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [21-05-2013 23:37] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Elinerik\AppData\Roaming\Philips-Songbird\Profiles\0vj1pdyb.default - 7digital Music Store - C:\Program Files (x86)\Philips\Philips Songbird\extensions\7digital@songbirdnest.com - Artwork Extras - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com - CD Rip Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com - Concerts - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com - AAC Decoding Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com - MP3 Encoding Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com - File association - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com - Philips GoGear Device Manager - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com - gonzo - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com - Fornecedor da pesquisa de metadados Gracenote - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com - Dutch nl Language Pack - C:\Program Files (x86)\Philips\Philips Songbird\extensions\langpack-nl@songbirdnest.com - mashTape - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com - MSC Device Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com - MTP Device Support - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com - Philips addon manager - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com - Philips Branding - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com - LikeMusic - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com - Philips auto msc-mtp switch - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com - Philips Promotions - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com - Philips Skin - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com - Philips UI - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com - Purple Rain - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com - Windows Media Playback - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com - QuickTime Playback - %ProfilePath%\extensions\quicktime@songbirdnest.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Elinerik\AppData\Roaming\Mozilla\Firefox\Profiles\zhgyjy8d.default 785105A23650755A8F7A72405EB0D923 - C:\Users\Elinerik\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update 9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash CE3D390F8BC1FECF847ABAA6E887931E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ajabgmkadchiibcnkdghiihchmlfjnmc - C:\Users\Elinerik\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx[] eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Elinerik\AppData\Roaming\BabSolution\CR\Delta.crx[] jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Elinerik\AppData\Local\Wajam\Chrome\wajam.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06-05-2013 10:12] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ajabgmkadchiibcnkdghiihchmlfjnmc - C:\Users\Elinerik\AppData\Local\CRE\ajabgmkadchiibcnkdghiihchmlfjnmc.crx[] WiseConvert 1.4 - Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc Delta Toolbar - Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Wajam - Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Skype Click to Call - Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl DivX Plus Web Player HTML5 \u003Cvideo> - Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm ==== Chromium Fix ====================== C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage deleted successfully C:\Users\Elinerik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=U218DHP&pc=U218" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/?ocid=U218DHP&pc=U218" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{B09BB60D-8D4C-44FD-8858-D917AB6839D2}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" {B09BB60D-8D4C-44FD-8858-D917AB6839D2} Bing Url="http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-4227194595-628899820-3950280293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{46735dee-f862-49d1-876d-6382794dc625} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ajabgmkadchiibcnkdghiihchmlfjnmc deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_NL Toolbar deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update deleted successfully ==== HijackThis Entries ====================== C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Increase performance and video formats for your HTML5