
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by dannywintjens on zo 18-01-2015 at 20:05:00,88.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dannywintjens\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

18-1-2015 20:05:55 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== File Information Results ======================


--- C:\Program Files\Replex\prebuilt_plugin\SLPlugin.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 183296
Created time: 2014-09-06 01:59:28
Modified time: 2014-09-06 01:59:28
MD5: 8F95DD4F48C3E27ADF2ABF9EA8A710FD
SHA1: 4A8213494DA4148FEDAB0E7A270E069F45455E4F


==== Running Processes ======================

C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Razer\Comms\RazerComms.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\dannywintjens\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Users\dannywintjens\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
C:\Windows\SysWOW64\mspaint.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Replex\SLVoice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Replex\prebuilt_plugin\SLPlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Replex\prebuilt_plugin\SLPlugin.exe
C:\Users\dannywintjens\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [AppleOSSMgr] - Apple OS Switch Manager - c:\windows\system32\appleossmgr.exe
R2 - [AppleTimeSrv] - Apple tijdvoorziening - c:\windows\system32\appletimesrv.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [IMFservice] - IMF Service - c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [Razer Game Scanner Service] - Razer Game Scanner - c:\program files (x86)\razer\razer services\gss\gamescannerservice.exe
R2 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
S3 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FirebirdGuardianDefaultInstance] - Firebird Guardian - DefaultInstance - c:\program files (x86)\firebird\firebird_2_5\bin\fbguard.exe
S3 - [FirebirdServerDefaultInstance] - Firebird Server - DefaultInstance - c:\program files (x86)\firebird\firebird_2_5\bin\fbserver.exe
S3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [HideMyIpSRV] - HideMyIpSRV - c:\program files (x86)\hide my ip 6\hidemyipsrv.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NIHardwareService] - NIHardwareService - c:\program files\common files\native instruments\hardware\nihardwareservice.exe
S3 - [OpenVPNService] - OpenVPN Service - c:\program files\openvpn\bin\openvpnserv.exe
S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe [x]
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [Virtual Router] - VirtualRouterService - c:\program files (x86)\virtual router\virtualrouterservice.exe
S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S4 - [aspnet_state] - ASP.NET-statusservice - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [AppleHFS] - AppleHFS - C:\Windows\system32\Drivers\AppleHFS.sys
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Stuurprogramma Server SMB 1.xxx - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Stuurprogramma Server SMB 2.xxx - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [AppleMNT] - AppleMNT - C:\Windows\system32\Drivers\AppleMNT.sys
R0 - [aswNdisFlt] - Avast! Firewall Driver - C:\Windows\system32\Drivers\aswNdisFlt.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - IDE-kanaal - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Stuurprogramma voor schijfstations - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Filterstuurprogramma Bitlocker-stationsvergrendeling - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iusb3hcs] - Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma - C:\Windows\system32\Drivers\iusb3hcs.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Koppelpuntbeheer - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS-systeemstuurprogramma - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partitiebeheer - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus-stuurprogramma - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [SmartDefragDriver] - SmartDefragDriver - C:\Windows\system32\Drivers\SmartDefragDriver.sys
R0 - [speedfan] - speedfan - C:\Windows\system32\Drivers\speedfan.sys [x]
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Schijf - Filterstuurprogramma voor Virtual Machine-busaccelerator - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator-stuurprogramma - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamisch Volumebeheer - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Opslagvolumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPPD deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPPD deleted successfully

==== Deleting Files \ Folders ======================

"C:\windows\SysNative\drivers\SPPD.sys" not found
C:\ProgramData\1317548bdcf65ead deleted
"C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default\searchplugins\trovi-search.xml" deleted
"C:\Windows\SYSWOW64\SETF11A.tmp" deleted
"C:\windows\SysNative\SETCE7D.tmp" deleted
"C:\Windows\SYSWOW64\SETDFF6.tmp" deleted
"C:\windows\SysNative\SETC429.tmp" deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 32707 MB
CPU Info: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
CPU Speed: 3387,6 MHz
Sound Card: Hoofdtelefoon (Cirrus Logic CS4 | 
Luidsprekers (Cirrus Logic CS42 | 
Digitale audio (S/PDIF) (Cirrus | 
Luidsprekers (Apowersoft_AudioD | 
Display Adapters: NVIDIA GeForce GTX 680MX | NVIDIA GeForce GTX 680MX | NVIDIA GeForce GTX 680MX | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Algemeen PnP-beeldscherm | Algemeen PnP-beeldscherm | 
Screen Resolution: 2560 X 1440 - 32 bit
Network: Network Present
Network Adapters: TAP-Windows Adapter V9 | TeamViewer VPN Adapter | Microsoft Virtual WiFi Miniport Adapter | Broadcom NetXtreme Gigabit Ethernet | Broadcom 802.11n-netwerkadapter | Bluetooth-apparaat (Personal Area Network)
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  742,3GB
Hard Disks - Free: C:  121,8GB
Manufacturer *: Apple Inc.
BIOS Info: AT/AT COMPATIBLE | 07/29/05 | APPLE  - 0
Time Zone: West-Europa (standaardtijd)
Motherboard *: Apple Inc. Mac-FC02E91DDD3FA6A4
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Firewall: avast! Antivirus disabled
Default Browser: Google Chrome	39.0.2171.99
Internet Explorer Version: 11.0.9600.17501 
Mozilla Firefox version: 34.0.5 (x86 nl)
Google Chrome version: 39.0.2171.99
Adobe Reader version: 11.0.9.29
Flash Player version: 16.0.0.257
Shockwave Player version: 12.1.6r156

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\DANNYW~1\AppData\Local\Temp ====
2015-01-16 11:40:08	EB4686F6F4BE2B00AA40978D551F66C4	43008	----a-w-	C:\Users\dannywintjens\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq8vlio.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-17 21:53:08	07E1B445583158222C50A39FFA44DB07	364	----a-w-	C:\Windows\SysWOW64\Driver Booster License.txt
2015-01-14 19:03:24	FE48346938C1CDDDF4E4097DB9B99764	52224	----a-w-	C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 19:03:24	92940397DFFB4D237EA5BB22FF912BDC	156672	----a-w-	C:\Windows\SysWOW64\ncsi.dll
2015-01-14 19:02:44	9606307F5E1EABA98ACB61206EFC2127	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2015-01-14 19:02:44	8A289EF0AE709327D6AA9769E108B5A6	3916728	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 19:02:44	2AF481C03C0383ADE09FFEDA0C583140	3971512	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:28:35	E63E3A2B6F4230EFA9FDC851AC205E62	928072	----a-w-	C:\Windows\SysWOW64\NvIFR.dll
2015-01-13 21:28:35	957610A5EB18DDE9739FFFADEC16D71E	906560	----a-w-	C:\Windows\SysWOW64\NvFBC.dll
2015-01-13 21:28:35	509E4D83F9018EA572BE6251FC4B8A65	10770120	----a-w-	C:\Windows\SysWOW64\nvopencl.dll
2015-01-13 21:28:35	2F02871CDFB780A4AC98C1A563875335	399688	----a-w-	C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-01-13 21:28:35	2560A02C9444857E6C8D0A29A04F87B6	346944	----a-w-	C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-01-13 21:28:35	12099B10860EFE72FBC841EE2E61F014	24764232	----a-w-	C:\Windows\SysWOW64\nvoglv32.dll
2015-01-13 21:28:34	B8704ACCDE4B051A570D2EE256AF7750	10710160	----a-w-	C:\Windows\SysWOW64\nvcuda.dll
2015-01-13 21:28:34	762E7349D9700098C5C20D28051EB1AC	3248968	----a-w-	C:\Windows\SysWOW64\nvcuvid.dll
2015-01-13 21:28:34	588CDB5A5963FCDFA5C0BAF25FF3D0FD	20465808	----a-w-	C:\Windows\SysWOW64\nvcompiler.dll
2015-01-13 21:28:33	C988853E70DB9F5B720D8F2D0C3F5AA9	2897824	----a-w-	C:\Windows\SysWOW64\nvapi.dll
====== C:\Windows\SysWOW64\drivers =====
2014-12-30 09:17:12	E5805896A55D4166C20F216249F40FA3	26528	----a-w-	C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
====== C:\Windows\Sysnative =====
2015-01-14 19:03:45	B6A58491307B4CADA572583D863DC602	210432	----a-w-	C:\Windows\Sysnative\profsvc.dll
2015-01-14 19:03:24	8B301D474B478E9A92823BAB50A7BC49	303616	----a-w-	C:\Windows\Sysnative\nlasvc.dll
2015-01-14 19:03:15	2A9C3ADBC3B9D061CACDEFFBED67683C	87040	----a-w-	C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-14 19:02:44	F4846789B3795F14DCB7D92ED1DAF74F	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-01-14 19:02:44	DE595EACC79006E7B15B848BF0831E78	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-01-14 19:02:44	BA6D609BAB615991E8791CA1DFFD034C	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-01-14 19:02:44	0A70B8D78AF95894E221DDAC6482DF6D	5553592	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-01-13 21:28:35	E7D763D1EDC2C5219459F98DB29DB294	496272	----a-w-	C:\Windows\Sysnative\nvEncodeAPI64.dll
2015-01-13 21:28:35	A2FB0D80B72DB34364F86FE008D596EA	968336	----a-w-	C:\Windows\Sysnative\NvIFR64.dll
2015-01-13 21:28:35	8CF1C045485DB01FDC9EC3DEE511090E	391488	----a-w-	C:\Windows\Sysnative\NvIFROpenGL.dll
2015-01-13 21:28:35	519D2A87C0ABB0460F189A0339F5BF28	13288360	----a-w-	C:\Windows\Sysnative\nvopencl.dll
2015-01-13 21:28:35	0E94D479B71E1045C484FF13EBD61EC1	18594432	----a-w-	C:\Windows\Sysnative\nvwgf2umx.dll
2015-01-13 21:28:35	02658872BC9D6CA50ADFF1990957BBDF	1556624	----a-w-	C:\Windows\Sysnative\nvdispgenco6434709.dll
2015-01-13 21:28:35	00507CE20D39DC4C462A1C3B78C5B1DF	942400	----a-w-	C:\Windows\Sysnative\NvFBC64.dll
2015-01-13 21:28:34	2582BB1E900E64990181DB92744A58B2	1895056	----a-w-	C:\Windows\Sysnative\nvdispco6434709.dll
2015-01-13 21:28:34	22095D54C63D13684F0BE36364B5AD99	17264312	----a-w-	C:\Windows\Sysnative\nvd3dumx.dll
2015-01-13 21:28:34	08A8ED47EA37C8FD9200C0B0E93D72ED	3610440	----a-w-	C:\Windows\Sysnative\nvcuvid.dll
2015-01-13 21:28:34	049C810C40E41F62685A162B2578302C	13202520	----a-w-	C:\Windows\Sysnative\nvcuda.dll
2015-01-13 21:28:33	FF8617F9CD86F88C461E675F4A248108	25460552	----a-w-	C:\Windows\Sysnative\nvcompiler.dll
2015-01-13 21:28:23	EB3FB04B32080E715F027D16C2527E4C	1540240	----a-w-	C:\Windows\Sysnative\nvhdagenco64.dll
2015-01-13 21:28:23	748A35F7E19D0703BCB220F8AA2BA033	30536	----a-w-	C:\Windows\Sysnative\nvhdap64.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-14 19:03:35	AE3334958D8F631FF14A0AEB3D7EFB3A	141312	----a-w-	C:\Windows\Sysnative\drivers\mrxdav.sys
2015-01-13 21:28:35	ED4D88A04D22E6B00DB6BC8FACDBAFED	10345280	----a-w-	C:\Windows\Sysnative\drivers\nvlddmkm.sys
2015-01-13 21:28:23	7E4355930B28C2798D9F09AB9F81151F	195728	----a-w-	C:\Windows\Sysnative\drivers\nvhda64v.sys
2015-01-13 21:28:08	9042E630FE102F1A2436EE05857CD139	125952	----a-w-	C:\Windows\Sysnative\drivers\TeeDriverx64.sys
2014-12-23 23:18:22	70988118145F5F10EF24720B97F35F65	119296	----a-w-	C:\Windows\Sysnative\drivers\tdx.sys
====== C:\Windows\Tasks ======
2015-01-17 21:31:29	E3C45AA4A72235E1A6BAE6AF9D3E70F2	3182	----a-w-	C:\Windows\Sysnative\Tasks\ASC8_PerformanceMonitor
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-18 15:36:47	--------	d-----w-	C:\Program Files\trend micro
2015-01-15 20:20:13	--------	d-----w-	C:\Program Files\Replex
2015-01-13 01:25:23	--------	d-----w-	C:\Program Files\TAP-Windows
2015-01-13 01:25:21	--------	d-----w-	C:\Program Files\OpenVPN
======= C:\PROGRA~2 =====
2014-12-31 16:40:58	--------	d-----w-	C:\PROGRA~2\Ubisoft
2014-12-22 01:54:58	--------	d-----w-	C:\PROGRA~2\N-Optix SnapShot
======= C: =====
====== C:\Users\dannywintjens\AppData\Roaming ======
2015-01-15 20:21:09	--------	d-----w-	C:\Users\dannywintjens\AppData\Local\Replex64
2015-01-03 13:22:50	--------	d-----w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2015-01-03 13:22:35	--------	d-----w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 13:06:56	--------	d-----w-	C:\Users\dannywintjens\AppData\Local\IsolatedStorage
2014-12-31 16:41:02	--------	d-----w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-12-31 16:41:00	--------	d-----w-	C:\Users\dannywintjens\AppData\Local\Ubisoft Game Launcher
2014-12-30 09:17:13	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\IObit
2014-12-30 09:17:04	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-12-25 19:17:29	--------	d-----w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-22 22:04:34	--------	d-----w-	C:\Users\dannywintjens\AppData\Locallow\Unity
2014-12-22 22:04:34	--------	d-----w-	C:\Users\dannywintjens\AppData\Local\Unity
2014-12-22 01:55:33	--------	d-----w-	C:\Users\dannywintjens\AppData\Local\noptixclient
====== C:\Users\dannywintjens ======
2015-01-18 15:36:04	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\dannywintjens\Desktop\RSITx64.exe
2015-01-18 04:18:02	AB1D5473E2BE34629AED5F33969CDCF6	4359432	----a-w-	C:\Users\dannywintjens\Downloads\gb3.4-setup.exe
2015-01-18 04:12:36	534F3E0D66985D38C5BD83DBA56F5594	15971616	----a-w-	C:\Users\dannywintjens\Downloads\iobituninstaller (2).exe
2015-01-18 04:12:11	449751F4C1ECAE6E649BFF6C5AAA6E52	10604648	----a-w-	C:\Users\dannywintjens\Downloads\driver_booster_setup (1).exe
2015-01-18 04:11:56	C97343118D0DD2C5B8789588E5CB156B	44931728	----a-w-	C:\Users\dannywintjens\Downloads\advanced-systemcare-setup.exe
2015-01-18 04:11:38	DDCCF75551DA2D1A6E598AA2416A2135	4978536	----a-w-	C:\Users\dannywintjens\Downloads\avast_premier_antivirus_setup_online.exe
2015-01-15 20:20:41	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Replex (64 bit) Viewer
2015-01-15 20:18:47	89FDF12BF5DE1CF8926463788E378062	31429734	----a-w-	C:\Users\dannywintjens\Downloads\Replex_1-0-0-6229_x86-64_Setup (1).exe
2015-01-15 20:18:28	89FDF12BF5DE1CF8926463788E378062	31429734	----a-w-	C:\Users\dannywintjens\Downloads\Replex_1-0-0-6229_x86-64_Setup.exe
2015-01-13 20:05:32	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2015-01-13 20:04:57	534F3E0D66985D38C5BD83DBA56F5594	15971616	----a-w-	C:\Users\dannywintjens\Downloads\iobituninstaller (1).exe
2015-01-13 01:25:23	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-13 01:25:22	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-01-13 01:24:55	566A3DEEBDF0B264250CE095FC984856	1798416	----a-w-	C:\Users\dannywintjens\Downloads\openvpn-install-2.3.6-I601-x86_64.exe
2015-01-13 01:24:45	02DFB9900B5B19E347DF05C0D50D263B	1811608	----a-w-	C:\Users\dannywintjens\Downloads\openvpn-install-2.3.6-I001-x86_64.exe
2015-01-05 01:05:21	376AED4E0DB4AB0D28D26D4FF389341D	847872	----a-w-	C:\Users\dannywintjens\Desktop\LSLEditor.exe
2014-12-25 19:17:29	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-22 01:54:59	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\N-Optix SnapShot

====== C: exe-files ==
2015-01-18 15:36:59	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\dannywintjens.exe
2015-01-18 14:00:19	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Program Files (x86)\IObit\Advanced SystemCare 8\Toolbox_Download\GameBooster.exe
2015-01-17 21:31:19	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Program Files (x86)\IObit\Advanced SystemCare 8\Toolbox_Download\Sur13_WinFix.exe
2015-01-16 03:40:34	BA7DC0C9141BE7292CA7E744B6F19F26	897104	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-15 20:20:44	20DD26D11D0D4871E2C5F121E88584A2	460783	----a-w-	C:\Program Files\Replex\uninst.exe
2015-01-15 02:12:11	D846B50808FDCF88450FB07C2A7E4DA4	834752	----a-w-	C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
2015-01-14 22:08:05	B23D139B4870496ED392167084AF1E81	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IG6B859.exe
2015-01-14 22:08:05	2D054582CA9B6C02D2A4C533A3542713	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IWBJHC9.exe
2015-01-14 22:07:55	F8EB299DA22BFA4C4BC5FFA93C468636	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IXP61FB.exe
2015-01-14 21:46:20	4CAE8866AC39E9200096058A550E9034	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$I0ICJSQ.exe
2015-01-14 21:46:20	37979575E99FF4FFA9FC380A5C55B40A	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$INZOEZX.exe
2015-01-14 21:46:20	3491E179189787355A418B713089BBFF	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IYSHLUH.exe
2015-01-14 21:46:20	221478A6886BE40430C5340043FB71B0	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IQWPUEG.exe
2015-01-14 21:37:12	F67AFD41D6F1FFC323E543CE9323A204	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$ISPDXDG.exe
2015-01-14 21:23:52	8B83652B1F6F016F8454EA77745D1CE7	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IP9N8CO.exe
2015-01-14 21:23:51	89986FB1E87D5874C595452D746A7CB6	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IFZ7643.exe
2015-01-14 21:23:51	414BBBEC9259790087A1DE70717711A4	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-2480803176-3389462879-1122066420-1000\$IPKNCOU.exe
2015-01-14 21:12:00	32127E2CF112F2EEDBD4D1922FB89B12	2359072	----a-w-	C:\Program Files (x86)\IObit\Advanced SystemCare 8\Sua12_ClonedFilesScanner.exe
2015-01-13 21:28:33	4EB3D5AFD65263545A60685FA389791C	447120	----a-w-	C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe
2015-01-13 21:25:11	58F1D8E95E8D061EEAC3A04E4CBD1DB0	1197376	----a-w-	C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
2015-01-13 20:05:29	28CA7D1BB9FBFCA2B529D885E61491D8	933664	----a-w-	C:\Program Files (x86)\IObit\IObit Uninstaller\PPUninstaller.exe
2015-01-13 01:26:08	39D8354E8CCC1B8E5C33A77B043D8297	118998	----a-w-	C:\Program Files\OpenVPN\Uninstall.exe
2015-01-13 01:26:01	E036CB861E98CB967C7F57FA985EE9FC	83811	----a-w-	C:\Program Files\TAP-Windows\Uninstall.exe
=== C: other files ==
2015-01-13 01:25:23	81433CEC4B6DD4648F0FC75C8B5945F4	202	----a-w-	C:\Program Files\TAP-Windows\bin\deltapall.bat
2015-01-13 01:25:23	19119C8C004D7848D00A86FC0530CD92	169	----a-w-	C:\Program Files\TAP-Windows\bin\addtap.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2480803176-3389462879-1122066420-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Razer Comms"="C:\Program Files (x86)\Razer\Comms\RazerComms.exe --cache-path=C:\Users\dannywintjens\AppData\Local\Temp\razercomms"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /auto"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Razer Comms"="C:\Program Files (x86)\Razer\Comms\RazerComms.exe --cache-path=C:\Users\dannywintjens\AppData\Local\Temp\razercomms"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /auto"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe"
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
"hkey"="HKLM"
"item"="AdobeAAMUpdater-1.0"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCEPServiceManager]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CEPServiceManager4\\CEPServiceManager.exe\" -launchedbylogin"
"hkey"="HKLM"
"item"="AdobeCEPServiceManager"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSKAppManager]
"hkey"="HKLM"
"item"="ADSKAppManager"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apple_KbdMgr]
"command"="C:\\Program Files\\Boot Camp\\Bootcamp.exe"
"hkey"="HKLM"
"item"="Apple_KbdMgr"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]
"command"="\"c:\\program files (x86)\\origin\\origin.exe\" -autostart"
"hkey"="HKCU"
"item"="EADM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IObit Malware Fighter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"hkey"="HKLM"
"item"="LogMeIn Hamachi Ui"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup"
"hkey"="HKLM"
"item"="PWRISOVM.EXE"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"command"="\"c:\\users\\dannywintjens\\appdata\\roaming\\utorrent\\utorrent.exe\"  /minimized"
"hkey"="HKCU"
"item"="uTorrent"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\XboxStat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="XboxStat"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Xbox 360 Accessories\\XboxStat.exe\" silentrun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]


==== Startup Folders ======================

2014-11-30 15:32:36	1351	----a-w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bootcamp.exe.lnk
2014-12-05 13:29:52	1065	----a-w-	C:\Users\dannywintjens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16-01-2015 12:40]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-01-2014 14:49]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17-01-2014 14:49]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-wintjens-dannywintjens" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe]
"C:\Windows\SysNative\tasks\ASC8_SkipUac_dannywintjens" ["C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (dannywintjens)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (SYSTEM)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMMJPMHMGMMJNJKJHMCNLJMJMJKMCNLMJMMMNMCNHMIMIMMMCNPMOJJJMMLJPMLMOMNMPMMMOMJNJICMIMCNGMCNOMOMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMNMMMOMJNHICMEKMICNJJCKJNBJCMLJOJBJBJGIIIGJBJLIFJKJBJMIJNKJCMJNNICMJNDJCMBJDJJNMJCMPMFMHMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_dannywintjens" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-07-26 00:50:38	--------	d-----w-	C:\PROGRA~3\firebird
2014-07-29 18:50:30	--------	d-----w-	C:\PROGRA~3\AirParrot
2014-09-14 21:42:34	--------	d-----w-	C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-22 08:31:01	--------	d-----w-	C:\PROGRA~3\Gyazo
2014-09-24 21:13:27	--------	d-----w-	C:\PROGRA~3\Systweak
2014-09-25 19:20:59	--------	d-----w-	C:\PROGRA~3\Native Instruments
2014-09-25 19:21:01	--------	dc-h--w-	C:\PROGRA~3\{C6A355F5-168B-4EEC-AB7C-75594F783EDB}
2014-09-25 19:21:39	--------	dc-h--w-	C:\PROGRA~3\{57B31BE2-3175-4425-9722-D2AC5F68C7BD}
2014-09-25 19:22:09	--------	dc-h--w-	C:\PROGRA~3\{AF79C86B-2321-4D47-A168-2A24BA2B6A73}
2014-09-25 19:22:23	--------	dc-h--w-	C:\PROGRA~3\{9F570B21-E27A-40BE-A508-292899A7D042}
2014-09-25 19:22:35	--------	dc-h--w-	C:\PROGRA~3\{EB21323D-3F46-4EF0-B849-B096B7705C69}
2014-09-25 19:23:16	--------	dc-h--w-	C:\PROGRA~3\{219191E6-6846-4329-889D-7956C487D9A6}
2014-09-25 19:23:31	--------	dc-h--w-	C:\PROGRA~3\{5EE4F9B1-7274-48A2-9C25-C287604C3058}
2014-09-25 19:23:45	--------	dc-h--w-	C:\PROGRA~3\{662EAAEC-9E9A-4C69-A658-884E51E909BB}
2014-09-25 19:23:59	--------	dc-h--w-	C:\PROGRA~3\{0CC85DFF-E70A-4AB0-968A-F1F98F4D0C67}
2014-09-25 19:24:25	--------	dc-h--w-	C:\PROGRA~3\{D2030082-F62A-402A-9456-8009276FD896}
2014-09-25 19:24:40	--------	dc-h--w-	C:\PROGRA~3\{4682E4CB-7209-4099-8AA1-580ABCCCE731}
2014-09-25 19:24:57	--------	dc-h--w-	C:\PROGRA~3\{033B4844-E9C3-45D2-88D9-34DDF3F91100}
2014-09-25 19:28:17	--------	dc-h--w-	C:\PROGRA~3\{05C334F7-C2A4-418A-9BC8-1542AE38D62B}
2014-09-28 11:04:54	--------	dc-h--w-	C:\PROGRA~3\{95684022-A736-4575-ABB0-5B7388BB873D}
2014-09-28 11:44:57	--------	dc-h--w-	C:\PROGRA~3\{BED8681D-E6A2-4463-8EEA-09588F09C890}
2014-10-19 00:44:32	--------	d-----w-	C:\PROGRA~3\NCH Software
2014-10-22 09:09:56	--------	d-----w-	C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-01 21:44:30	--------	d-----w-	C:\PROGRA~3\Microsoft OneDrive
2014-11-04 01:47:56	--------	d-----w-	C:\PROGRA~3\REVOLT
2014-11-12 15:52:34	--------	d-----w-	C:\PROGRA~3\HP
2014-12-12 23:46:23	--------	d-----w-	C:\PROGRA~3\Razer

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\DANNYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default
user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M6F95EFD3-71A8-48E6-8E8C-6DB51F7CCC6B&SearchSource=55&CUI=&UM=6&UP=SP723F71E7-04DF-4020-852F-40388AB9A103&SSPV=");
user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M6F95EFD3-71A8-48E6-8E8C-6DB51F7CCC6B&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP723F71E7-04DF-4020-852F-40388AB9A103");
user_pref("browser.search.selectedEngine", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19-11-2014 04:19]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [19-11-2014 04:19]

==== Firefox Extensions ======================

ProfilePath: C:\Users\DANNYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default
- Advanced SystemCare Surfing Protection - C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default\extensions\iobitascsurfingprotection@iobit.com
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - iobitascsurfingprotection@iobit.com
- Undetermined - wrc@avast.com
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\dannywintjens\AppData\Roaming\Mozilla\Firefox\Profiles\c3sqde0w.default
5950D438CD3DDF2DD50D9FA4E07A6C1C	- C:\Users\dannywintjens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
ABE2E50533899C45DFA03E1D8767648F	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll -	Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Torch Found
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\dannywintjens\AppData\Local\Torch Found
Fake profile C:\Users\dannywintjens\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\dannywintjens\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Gast\AppData\Local\Torch Found
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch Found
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome Found
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\UpdatusUser\AppData\Local\Torch Found
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome Found
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon Found

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx[04-08-2014 11:17]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21-11-2014 13:52]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14-07-2014 18:22]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[19-11-2014 00:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[20-03-2014 17:06]

safeweeB - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweab - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjejnahbaakdphoopjpenmcjcfalgmgf
safeweeB - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Administrator\AppData\Local\Torch\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - dannywintjens\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - dannywintjens\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - dannywintjens\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
Google Slides - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Dislike button - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjnlnfmhgbmfdemkbknebhfjfahhfki
Google Docs - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Google Sheets - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock Premium - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj
Avast Online Security - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
RoboForm - dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob
safeweeB - dannywintjens\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - dannywintjens\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - dannywintjens\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - dannywintjens\AppData\Local\Torch\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - dannywintjens\AppData\Local\Torch\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - dannywintjens\AppData\Local\Torch\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - Gast\AppData\Local\Torch\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - Gast\AppData\Local\Torch\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb
safeweeB - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\bdlmbomfgckonokpgphfmjcdkameejhe
Pixlr Grabber Screen capture image grabbing - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn
YoutubeAdblocker - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\fmhdjoohahekalodedfnbmpipfcgckdb

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?ocid=iehp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="server2.privateconnection.net:3128"
"ProxyOverride"="*.local;www.facebook.com;www.youtube.com;www.youtube.be;www.youtube.nl;<local>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Comms\RazerComms.exe "--cache-path=C:\Users\dannywintjens\AppData\Local\Temp\razercomms"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'Default user')
O4 - Startup: Bootcamp.exe.lnk = C:\Program Files\Boot Camp\Bootcamp.exe
O4 - Startup: Dropbox.lnk = dannywintjens\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Formulieren Invullen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Formulieren opslaan - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Menu aanpassen - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Apple tijdvoorziening (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3705RZP will be deleted at reboot
C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIO0BL4C will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\dannywintjens\AppData\Local\Mozilla\Firefox\Profiles\c3sqde0w.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\dannywintjens\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1258 folders=167 126668093 bytes)

==== Empty Temp Folders ======================

C:\Users\dannywintjens\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted
"C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3705RZP" deleted
"C:\Users\dannywintjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIO0BL4C" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on zo 18-01-2015 at 20:31:57,68 ======================