Zoek.exe v5.0.0.0 Updated 26-February-2015 Tool run by eagle on za 28-02-2015 at 11:53:35,96. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: G:\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28-2-2015 11:56:24 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\eagle\AppData\Roaming\Media Player Classic deleted successfully C:\Users\eagle\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== AMD Accelerated Video Transcoding AMD Catalyst Control Center AMD Catalyst Install Manager Ashampoo Burning Studio 15 v.15.0.2 Ashampoo Movie Shrink & Burn 4 v.4.0.2 Ashampoo Music Studio 5 v.5.0.7 AVG 2015 AVG Web TuneUp Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Classic Shell Command & Conquer The First Decade CyberLink PowerDVD 14 GigaTribe 3.01.007 Google Chrome Google Chrome Packages GrabIt 1.7.3 Beta (build 1010) Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 MPC-HC 1.7.8 (64-bit) Newzbin PowerISO QoQReVerse QuickPar 0.9 Raptr Revo Uninstaller Pro 3.0.8 SpotLite Total Commander 64-bit (Remove or Repair) Tweaking.com - Windows Repair (All in One) vi-view uninstall Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables ==== Running Processes ====================== C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\XTab\ProtectService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe C:\Program Files (x86)\GigaTribe\gigatribe.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\AVG Web TuneUp\vprot.exe C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe C:\Program Files (x86)\Newzbin\Newzbin.exe G:\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.2.0 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\XTab deleted C:\ProgramData\Avg_Update_0215tb deleted C:\Users\eagle\AppData\Local\AVG Web TuneUp deleted C:\Program Files\AVG Web TuneUp deleted C:\Users\eagle\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\AVG Security Toolbar deleted C:\PROGRA~3\IHProtectUpDate deleted C:\PROGRA~3\AVG Secure Search deleted C:\PROGRA~3\WindowsMangerProtect deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\eagle\AppData\LocalLow\AVG Web TuneUp deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted "C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted "C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.2.0\avgdttbx.dll" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0\avgdttbx.dll" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll" deleted "C:\PROGRA~2\Windows Multimedia Platform" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search" deleted "C:\PROGRA~2\AVG Web TuneUp" not deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\18.2.0" deleted "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.2.0" deleted "C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.2.0" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 16383 MB CPU Info: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz CPU Speed: 2695,4 MHz Sound Card: Luidsprekers (High Definition A | Digitale audio (S/PDIF) (High D | Digitale audio (HDMI) (High Def | Display Adapters: AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family-controller | Linksys WMP600N draadloze N-PCI-adapter met Dual-Band CD / DVD Drives: 3x (L: | M: | S: | ) L: | M: | S: HL-DT-STDVDRAM GH22NS50 Ports: COM1 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 74,5GB | D: 742,0GB | E: 931,5GB | F: 931,5GB | G: 189,5GB | H: 181,8GB | I: 97,7GB | J: 59,6GB | K: 327,3GB Hard Disks - Free: C: 39,7GB | D: 131,2GB | E: 838,1GB | F: 135,5GB | G: 65,1GB | H: 97,1GB | I: 49,4GB | J: 47,8GB | K: 84,8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 06/26/12 | 062612 - 20120626 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer INC. P7P55D-E Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Default Browser: Google Chrome 40.0.2214.115 Internet Explorer Version: 11.0.9600.17631 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-02-25 10:19:14 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\WINDOWS\tweaking.com-regbackup-EAGLE10-Windows-8.1-Pro-(64-bit).dat 2015-02-14 19:28:38 7826082B93262AB6460E77B91C61EA30 128512 ----a-w- C:\WINDOWS\splwow64.exe ====== C:\Users\eagle\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-02-14 19:28:41 FE21D836EE5C90F2EFCBDE2F52E25482 19731824 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-02-14 19:28:41 1302567D8675E358C60C59601D0334BF 15158784 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-02-14 19:28:40 75914C685DE3539F3A621B27B9D9F919 1127976 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll 2015-02-14 19:28:39 F96956BBED66937350B360497AAA4EE2 507392 ----a-w- C:\WINDOWS\SysWOW64\untfs.dll 2015-02-14 19:28:39 B98F9F25D0CCA83E1CA79D1F8BAA1075 465408 ----a-w- C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-02-14 19:28:39 A9957240537BEE1988B03A6B1E135773 885760 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-02-14 19:28:39 A81265C9CF12A9CA3F436024C1793936 624640 ----a-w- C:\WINDOWS\SysWOW64\rasapi32.dll 2015-02-14 19:28:39 A2CCF16BF1C4F60914EA2DF0BF484A6E 561664 ----a-w- C:\WINDOWS\SysWOW64\nshwfp.dll 2015-02-14 19:28:39 94743D320BA649382829A5FE8C12DDF1 801584 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2015-02-14 19:28:39 887DBBE8CF300A6AE9D0B5D8FF7C0915 143360 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-02-14 19:28:39 85D880636B8246BD4EF4061F25D84C18 155648 ----a-w- C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-02-14 19:28:39 7DCD4205BEDA8892BBA5755805E74047 723968 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2015-02-14 19:28:39 6F57859B54404D350E525413322F7AA2 169984 ----a-w- C:\WINDOWS\SysWOW64\WinSCard.dll 2015-02-14 19:28:39 6E9C931731AB16217D3A5472B9B442EB 94208 ----a-w- C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-02-14 19:28:39 54091BD386579A661A012D5E77120B2C 786120 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-02-14 19:28:39 001E1E3546EA80D1A97E7E2BF6F72969 555520 ----a-w- C:\WINDOWS\SysWOW64\WSDApi.dll 2015-02-14 19:28:38 C17F3F1EE09758CF9D234B22B80A1006 25600 ----a-w- C:\WINDOWS\SysWOW64\wups.dll 2015-02-14 19:28:38 A2530DC44EB8083A63EB83798E7BBB72 162304 ----a-w- C:\WINDOWS\SysWOW64\rascfg.dll 2015-02-14 19:28:38 92937F1A41E6EC1D89BC4D89AC99035B 1142272 ----a-w- C:\WINDOWS\SysWOW64\vssapi.dll 2015-02-14 19:28:38 8091A1E1F4205EED9C17D17DAB055C81 124928 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2015-02-14 19:28:38 7CC0DD976389300196B2DB4E3F77662C 33280 ----a-w- C:\WINDOWS\SysWOW64\rasmxs.dll 2015-02-14 19:28:38 7AB08744F06F0BDC87DC124F4276A08E 15360 ----a-w- C:\WINDOWS\SysWOW64\eventcls.dll 2015-02-14 19:28:38 75692538076B0402E7236A314A027299 55296 ----a-w- C:\WINDOWS\SysWOW64\vsstrace.dll 2015-02-14 19:28:38 699B5B6ACA78B2380F33478EE8CE4287 29696 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2015-02-14 19:28:38 29A35A031EC84D7D9E393A59BEE37888 39424 ----a-w- C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-02-14 19:28:38 210642D9D287AEDED8BB3123580177D4 22528 ----a-w- C:\WINDOWS\SysWOW64\rasser.dll 2015-02-14 19:28:38 205BDB00F4C032AF45A6BFD18EA7886C 498688 ----a-w- C:\WINDOWS\SysWOW64\dnsapi.dll 2015-02-14 19:28:38 1112C09E14A9824908818944BF026392 81920 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2015-02-14 19:28:38 05761DCCF02CEE514DC3B8E3A7F38DF5 272384 ----a-w- C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-02-14 19:28:38 017E4B714298435849AC02F32A1C6BDA 61440 ----a-w- C:\WINDOWS\SysWOW64\rasdiag.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-02-14 19:28:43 ABDB7997BC550C3B9A5075F6799A86E3 22290560 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-02-14 19:28:42 2F92532B7C872394AA9DEB5CE43B3FDB 18823168 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2015-02-14 19:28:41 4AABC3D611EEB92FDEDD1C741D63C437 4837376 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2015-02-14 19:28:40 FCF3912833E1B7F4EE61F07E79A7BBAC 3558400 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-02-14 19:28:40 F3D051ABE7D5A29B16BC9F8A7A306341 1390928 ----a-w- C:\WINDOWS\Sysnative\msctf.dll 2015-02-14 19:28:40 E66D01726D7B12302CBF3BBF847C9B05 1027584 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2015-02-14 19:28:40 A7F1BC7115123D2F17A4251149984080 962216 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2015-02-14 19:28:40 69C0304BE8E4C58026A0D162AD04BF10 1154048 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe 2015-02-14 19:28:39 F0FD2757C9975EC62C3AFF9DE3415830 514048 ----a-w- C:\WINDOWS\Sysnative\DevicePairing.dll 2015-02-14 19:28:39 E9E186B76AF8F2B705F003CEFE7A4410 1714176 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2015-02-14 19:28:39 E9AE4FAE83FB38A2962F9032B24CEB3C 252416 ----a-w- C:\WINDOWS\Sysnative\dnsrslvr.dll 2015-02-14 19:28:39 E8F017472DAB8350583526184F8FE478 166912 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll 2015-02-14 19:28:39 CCB7FDAA07F104128D5332CD6EF04D97 48128 ----a-w- C:\WINDOWS\Sysnative\kmddsp.tsp 2015-02-14 19:28:39 A7D9C835222913507340E379F6C0E798 894976 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2015-02-14 19:28:39 9B1133CA54B4A3E852756EA174682EC8 211968 ----a-w- C:\WINDOWS\Sysnative\QSHVHOST.DLL 2015-02-14 19:28:39 9925BE7849D66AF04F778B41C9D5C7C1 952896 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2015-02-14 19:28:39 75B6AD9F2BFDFE7E7C7E38F4FDD2FF1E 658432 ----a-w- C:\WINDOWS\Sysnative\WSDApi.dll 2015-02-14 19:28:39 605CC8C83761219B45B1EF271B2A9E0C 420864 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll 2015-02-14 19:28:39 591FB3A6559C393235F6D8A573E4E1B3 1574400 ----a-w- C:\WINDOWS\Sysnative\vssapi.dll 2015-02-14 19:28:39 57C10952ED978E2BF24D904B291C8C0C 558080 ----a-w- C:\WINDOWS\Sysnative\untfs.dll 2015-02-14 19:28:39 57322EBB67A59FB64E228F31A84CA43D 1084416 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL 2015-02-14 19:28:39 3F0D403D47A27134F490B0951826FC37 242176 ----a-w- C:\WINDOWS\Sysnative\WinSCard.dll 2015-02-14 19:28:39 2E3976C857D7230EC8D2B2276E688255 827392 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe 2015-02-14 19:28:39 2DA3DF504868C941D7EFAE6099B73A65 309760 ----a-w- C:\WINDOWS\Sysnative\WSDMon.dll 2015-02-14 19:28:39 2C67494BD2CB71CEE84E3DA4B9DEE979 733696 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll 2015-02-14 19:28:39 22A5582ACF0CEE97268D7868C69F35CE 845312 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL 2015-02-14 19:28:39 17EB5520615744EE8190861C120DFF93 55776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2015-02-14 19:28:39 0B07D6E59605DB58B780655192D7387C 128000 ----a-w- C:\WINDOWS\Sysnative\QSVRMGMT.DLL 2015-02-14 19:28:39 0416FE95E0DC01042B46D9F6B1A1EE61 702464 ----a-w- C:\WINDOWS\Sysnative\rasapi32.dll 2015-02-14 19:28:39 03880AB54F6C9A449B9F8AC8B21472AA 713216 ----a-w- C:\WINDOWS\Sysnative\nshwfp.dll 2015-02-14 19:28:38 F7CEA12E6D22FD6BD303EBF9E08F6AF3 140288 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2015-02-14 19:28:38 D64719E25966885AA991513A66A1A20F 16896 ----a-w- C:\WINDOWS\Sysnative\eventcls.dll 2015-02-14 19:28:38 D06E9DE27BBB41F8AE2A0A2D6FC0F598 422400 ----a-w- C:\WINDOWS\Sysnative\FWPUCLNT.DLL 2015-02-14 19:28:38 CCE7F88AD038494253B485EC1B144EB3 60416 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2015-02-14 19:28:38 A5F199F33C2A919AE9A15997FA7A07FD 77824 ----a-w- C:\WINDOWS\Sysnative\rasdiag.dll 2015-02-14 19:28:38 9FAF67CE7452215ACEDDB517A663454F 43008 ----a-w- C:\WINDOWS\Sysnative\rasmxs.dll 2015-02-14 19:28:38 9766BC2BC08F4ABEA83908B11C154529 182784 ----a-w- C:\WINDOWS\Sysnative\rascfg.dll 2015-02-14 19:28:38 70AC0FA699C9420CB282CCF72993C2E1 51712 ----a-w- C:\WINDOWS\Sysnative\wups2.dll 2015-02-14 19:28:38 4A112AD7D9C7289FE9945D05E97019D0 17408 ----a-w- C:\WINDOWS\Sysnative\wuaext.dll 2015-02-14 19:28:38 3C4FF4AD2F023865F63017F0E6A9C649 30208 ----a-w- C:\WINDOWS\Sysnative\rasser.dll 2015-02-14 19:28:38 3B7F9612439EA47151EC5EAB232C1C3F 1454080 ----a-w- C:\WINDOWS\Sysnative\VSSVC.exe 2015-02-14 19:28:38 25AE2DD8E6F6BBD922C5F6971F124BBD 74752 ----a-w- C:\WINDOWS\Sysnative\vsstrace.dll 2015-02-14 19:28:38 1D5D2F632E6DB073F44DACE1859B9039 407552 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2015-02-14 19:28:38 15CCD57C3F2CE870910C2DB4AE418D22 95744 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2015-02-14 19:28:38 0B082D6D7A53D91678E7409DD145E89C 657920 ----a-w- C:\WINDOWS\Sysnative\dnsapi.dll 2015-02-14 19:28:38 0296B6D45A9D582DF0B6B4E6061CE024 35840 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe ====== C:\WINDOWS\Sysnative\drivers ===== 2015-02-14 19:28:40 7EC9376D245D734791AD46738712E7D8 473408 ----a-w- C:\WINDOWS\Sysnative\drivers\netio.sys 2015-02-14 19:28:40 1BD3022FD6E450B00DE560265638FD2A 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys 2015-02-14 19:28:39 F6ECFD6128A16A4851CFE98D4E01B011 551232 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2015-02-14 19:28:39 ED54A75050211DC77F9B98C41E026858 86336 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2015-02-14 19:28:39 DC64B02CD5E21D16215AC20D393D5CE4 153920 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2015-02-14 19:28:39 DC1D9F692C2AD84C214584C28501C1F7 24576 ----a-w- C:\WINDOWS\Sysnative\drivers\ndistapi.sys 2015-02-14 19:28:39 B41F3E5780D97CFD44A717153AD9CF2C 80896 ----a-w- C:\WINDOWS\Sysnative\drivers\wanarp.sys 2015-02-14 19:28:39 AD7F69237480F6CB6294EFD9EE4CD04C 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2015-02-14 19:28:39 8CD840A062F6BDF41DDE3ACB96164B72 32256 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdhid.sys 2015-02-14 19:28:39 7AA01AB1C110916825E6E1389F1B9AF2 39744 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys 2015-02-14 19:28:39 715ABA3DD164D06457A2A3C92F6EA9D5 136512 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys 2015-02-14 19:28:39 5FCBAB60598AE119E02B4C27DE6B99EA 30208 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouhid.sys 2015-02-14 19:28:39 5917AFE4A3F695A54B99C1849C8207FE 59712 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdclass.sys 2015-02-14 19:28:39 49EE0AE9E5B64FFBBD06D55C4984B598 108544 -c--a-w- C:\WINDOWS\Sysnative\drivers\i8042prt.sys 2015-02-14 19:28:39 3EE5097945A7F680E320953271EB2D4F 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2015-02-14 19:28:39 3C2DF97A21A9BBE6355B0A51F288EFFF 2485056 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2015-02-14 19:28:39 389C998C64319CD97625B0550E52ECFA 58176 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys 2015-02-14 19:28:39 27FF998504DEF8D29A771FBB41707C5E 238912 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-02-14 19:28:39 148195AE95D9BC7375A08846439FDAC1 26112 -c--a-w- C:\WINDOWS\Sysnative\drivers\sermouse.sys 2015-02-14 19:28:39 0BBE2FA30BAD58C9ADC01E4F84A3D2A1 72192 ----a-w- C:\WINDOWS\Sysnative\drivers\ndproxy.sys 2015-02-14 19:28:39 08374E4E5B8914DE6067CBA99F61E930 51008 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouclass.sys 2015-02-12 20:23:16 9C3AC71A9934B884FAC567A8807E9C4D 31800 ----a-w- C:\WINDOWS\Sysnative\drivers\revoflt.sys 2015-02-11 19:49:59 3930E508DDA46C1FF68FD963F350AA0A 563504 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2015-02-11 19:49:59 15C8C65CEA018C02EA0F648448C491C5 177984 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-02-27 13:19:46 -------- d-----w- C:\Program Files\trend micro 2015-02-14 19:29:01 -------- d-----w- C:\Program Files\Microsoft Silverlight 2015-02-12 20:23:15 -------- d-----w- C:\Program Files\VS Revo Group 2015-02-03 13:05:50 -------- d-----w- C:\Program Files\Media Player Classic Home Cinema ======= C:\PROGRA~2 ===== 2015-02-25 10:17:17 -------- d-----w- C:\PROGRA~2\Tweaking.com 2015-02-17 09:39:00 -------- d-----w- C:\PROGRA~2\Newzbin 2015-02-14 19:29:01 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight 2015-02-06 12:55:17 -------- d-----w- C:\PROGRA~2\NSIS Uninstall Information 2015-02-06 12:54:47 -------- d-----w- C:\PROGRA~2\CyberLink 2015-02-06 11:55:48 -------- d-----w- C:\PROGRA~2\QoQReverse 2015-02-02 12:44:10 -------- d-----w- C:\PROGRA~2\DAMN NFO Viewer 2015-02-01 19:38:05 -------- d-----w- C:\PROGRA~2\SpotLite 2015-01-31 21:12:52 -------- d-----w- C:\PROGRA~2\Ashampoo ======= C: ===== ====== C:\Users\eagle\AppData\Roaming ====== 2015-02-17 09:47:14 -------- d-----w- C:\Users\eagle\AppData\Local\_ 2015-02-17 09:38:26 -------- d-----w- C:\Users\eagle\AppData\Roaming\Newzbin 2015-02-12 20:23:19 -------- d-----w- C:\Users\eagle\AppData\Local\VS Revo Group 2015-02-11 20:44:50 -------- d-----w- C:\Users\eagle\AppData\Local\ElevatedDiagnostics 2015-02-06 12:56:48 -------- d-----w- C:\Users\eagle\AppData\Roaming\CyberLink 2015-02-06 12:55:18 -------- d-----w- C:\Users\eagle\AppData\Local\CyberLink 2015-02-06 09:40:38 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software 2015-02-06 09:40:38 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-02-03 22:48:47 -------- d-----w- C:\Users\eagle\AppData\Local\Apps 2015-02-03 13:18:23 -------- d-----w- C:\Users\eagle\AppData\Roaming\MPC-HC 2015-02-02 20:24:19 -------- d-----w- C:\Users\eagle\AppData\Roaming\PowerISO 2015-02-01 23:12:58 -------- d-----w- C:\Users\eagle\AppData\Local\Ashampoo Movie Shrink & Burn 4 2015-02-01 22:52:54 -------- d-----w- C:\Users\eagle\AppData\Local\QuickPar 2015-02-01 19:38:13 -------- d-----w- C:\Users\eagle\AppData\Local\SpotLite 2015-02-01 19:38:08 -------- d-----w- C:\Users\eagle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpotLite 2015-01-31 21:15:44 -------- d-----w- C:\Users\eagle\AppData\Roaming\Ashampoo 2015-01-31 21:13:33 -------- d-----w- C:\Users\eagle\AppData\Local\ashampoo 2015-01-31 21:12:33 -------- d-----w- C:\Users\eagle\AppData\Local\Programs ====== C:\Users\eagle ====== 2015-02-25 10:58:38 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp 2015-02-25 10:17:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-02-17 09:39:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newzbin 2015-02-14 19:29:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-12 20:23:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2015-02-12 20:23:16 -------- d-----w- C:\ProgramData\VS Revo Group 2015-02-06 12:57:19 -------- d-----w- C:\Users\Public\CyberLink 2015-02-06 12:56:49 -------- d-----w- C:\Users\Public\Documents\CyberLink 2015-02-06 12:55:17 -------- d-----w- C:\ProgramData\PDVD 2015-02-06 12:55:17 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14 2015-02-06 12:54:13 -------- d-----w- C:\ProgramData\Temp 2015-02-06 12:54:12 -------- d-----w- C:\ProgramData\SUPPORTDIR 2015-02-06 12:54:12 -------- d-----w- C:\ProgramData\install_clap 2015-02-06 12:54:12 -------- d-----w- C:\ProgramData\CyberLink 2015-02-03 13:05:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic Home Cinema 2015-02-01 19:38:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpotLite 2015-01-31 21:13:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2015-01-31 21:12:53 -------- d-----w- C:\ProgramData\Ashampoo ====== C: exe-files == 2015-02-27 13:19:46 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\eagle.exe 2015-02-25 10:17:17 FB3CCA8566EFA483A66B2FDA7D9E1802 1367040 ----a-w- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe 2015-02-22 11:33:29 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Users\eagle\AppData\Local\Google\Update\Install\{C9C4F418-1499-40B5-B7F5-392AE771803B}\40.0.2214.115_40.0.2214.111_chrome_updater.exe 2015-02-22 11:33:29 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Users\eagle\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2657430209-3233544591-142891156-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" "StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "PowerDVD14Agent"="C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" ==== Startup Folders ====================== 2015-01-26 21:13:08 1044 ----a-w- C:\Users\eagle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GigaTribe.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001Core.job --a-------- C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe [26-01-2015 14:17] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001UA.job --a-------- C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe [26-01-2015 14:17] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001Core" [C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001UA" [C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{0BB9A818-465F-4895-8B28-1B81C9FEDF33}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Chromium Look ====================== Google Slides - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Magic Actions for YouTube - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif Mp3Skull Toolbar - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda Google Docs - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap AdBlock - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Unblock The Pirate Bay (tpb) - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhcgenolobmcapombjbdieopbaigifd Support - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdamgjggnphclednijodjmaedfmmgn Google Wallet - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\eagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" "Default_Page_URL"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://myhome.vi-view.com/web/?type=ds&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN&q={searchTerms}" "Default_Page_URL"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" "Start Page"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" "Search Page"="http://myhome.vi-view.com/web/?type=ds&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://myhome.vi-view.com/web/?type=ds&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN&q={searchTerms}" "Default_Page_URL"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" "Start Page"="http://myhome.vi-view.com/?type=hp&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN" "Search Page"="http://myhome.vi-view.com/web/?type=ds&ts=1422277838&from=cor&uid=INTELXSSDSA2M080G2GC_CVPO9486033Z080BGN&q={searchTerms}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Startup: GigaTribe.lnk = C:\Program Files (x86)\GigaTribe\gigatribe.exe O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Google Update = "C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Classic Start Menu = "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] vProt = "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [file not found] StartCCC = "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.] Raptr = C:\PROGRA~2\Raptr\raptrstub.exe --startup [Raptr, Inc] PWRISOVM.EXE = C:\Program Files\PowerISO\PWRISOVM.EXE -startup [Power Software Ltd] PowerDVD14Agent = "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" [CyberLink Corp.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {449D0D6E-2412-4E61-B68F-1CB625CD9E52}\(Default) = (no title provided) -> {HKLM...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] {EA801577-E6AD-4BD5-8F71-4BE0154331A4}\(Default) = (no title provided) -> {HKLM...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {449D0D6E-2412-4E61-B68F-1CB625CD9E52}\(Default) = (no title provided) -> {HKLM...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ExplorerBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] {EA801577-E6AD-4BD5-8F71-4BE0154331A4}\(Default) = (no title provided) -> {HKLM...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicIEBHO Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [IvoSoft] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ShareOverlay\(Default) = {594D4122-1F87-41E2-96C7-825FB4796516} -> {HKLM...CLSID} = ShareOverlay Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ShareOverlay\(Default) = {594D4122-1F87-41E2-96C7-825FB4796516} -> {HKLM...Wow...CLSID} = ShareOverlay Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension -> {HKLM...CLSID} = DisplayCplExt Class \InProcServer32\(Default) = C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext.dll [Alexander Roshal] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO -> {HKLM...CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [Power Software Ltd] {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] {D120D80B-BD26-4A74-8E43-2C2AF0966139} = QuickPar ContextMenu extension -> {HKLM...Wow...CLSID} = QuickParContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\QuickPar\QuickParShlExt.dll [Peter B Clements] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM...CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [Power Software Ltd] Quick Par\(Default) = {D120D80B-BD26-4A74-8E43-2C2AF0966139} -> {HKLM...Wow...CLSID} = QuickParContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\QuickPar\QuickParShlExt.dll [Peter B Clements] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext32.dll [Alexander Roshal] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM...CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [Power Software Ltd] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ ClassicCopyExt\(Default) = {8C83ACB1-75C3-45D2-882C-EFA32333491C} -> {HKLM...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] PowerISO\(Default) = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} -> {HKLM...CLSID} = PowerISO \InProcServer32\(Default) = C:\Program Files\PowerISO\PWRISOSH.DLL [Power Software Ltd] RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] StartMenuExt\(Default) = {E595F05F-903F-4318-8B0A-7F633B520D2B} -> {HKLM...CLSID} = StartMenuExt \InProcServer32\(Default) = C:\WINDOWS\system32\StartMenuHelper64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = StartMenuExt \InProcServer32\(Default) = C:\WINDOWS\SysWow64\StartMenuHelper32.dll [IvoSoft] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ ClassicCopyExt\(Default) = {8C83ACB1-75C3-45D2-882C-EFA32333491C} -> {HKLM...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] -> {HKLM...Wow...CLSID} = ClassicCopyExt Class \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR5\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\eagle\AppData\Roaming\Microsoft\Windows Photo Viewer\Achtergrond van Windows Photo Viewer.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\ssText3d.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ASHAshampoo_Burning_Studio_15AUTHORINGBDONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-authoringbd HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-authoringbd\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay "%l" -authoringbd [Ashampoo] ASHAshampoo_Burning_Studio_15AUTHORINGDVDONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-authoringdvd HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-authoringdvd\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay "%l" -authoringdvd [Ashampoo] ASHAshampoo_Burning_Studio_15BURNCRYPTONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-burncrypted HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-burncrypted\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay -selectdrive "%l" -crypteddatadisc [Ashampoo] ASHAshampoo_Burning_Studio_15BURNONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-burn HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay "%l" -burndatacd [Ashampoo] ASHAshampoo_Burning_Studio_15COPYONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-copy HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay -selectdrive "%l" -copy [Ashampoo] ASHAshampoo_Burning_Studio_15EXTERNALDEVICEONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-externaldevice HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-externaldevice\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay -backupexternaldevices [Ashampoo] ASHAshampoo_Burning_Studio_15RIPONARRIVAL\ Provider = Ashampoo Burning Studio 15 InvokeProgID = Ashampoo.BurningStudio15 InvokeVerb = autoplay-rip HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio15\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 15\burningstudio15.exe" -autoplay -selectdrive "%l" -rip [Ashampoo] MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] PowerDVD14.0MixedContentOnArrival\ Provider = PowerDVD 14 InvokeProgID = MixedContent InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" LOCALAUTOPLAY MIXCONTENT "%L" [CyberLink Corp.] PowerDVD14.0PlayBluRayOnArrival\ Provider = PowerDVD 14 InvokeProgID = BluRay InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" AUTOPLAY BD "%L" [CyberLink Corp.] PowerDVD14.0PlayCDAudioOnArrival\ Provider = PowerDVD 14 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PowerDVD14.0PlayDVDMovieOnArrival\ Provider = PowerDVD 14 InvokeProgID = EnDVD InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] PowerDVD14.0PlayMusicFilesOnArrival\ Provider = PowerDVD 14 InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" LOCALAUTOPLAY AUDIO "%L" [CyberLink Corp.] PowerDVD14.0PlaySuperVideoCDMovieOnArrival\ Provider = PowerDVD 14 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD14.0PlayVideoCDMovieOnArrival\ Provider = PowerDVD 14 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD14.0PlayVideoFilesOnArrival\ Provider = PowerDVD 14 InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" LOCALAUTOPLAY VIDEO "%L" [CyberLink Corp.] PowerDVD14.0ShowPicturesOnArrival\ Provider = PowerDVD 14 InvokeProgID = Picture InvokeVerb = PlayWithPowerDVD14.0 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerDVD14.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD14\PDVDLP.exe" LOCALAUTOPLAY PHOTO "%L" [CyberLink Corp.] Startup items in "eagle" & "All Users" startup folders: ------------------------------------------------------- C:\Users\eagle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} GigaTribe -> shortcut to: C:\Program Files (x86)\GigaTribe\gigatribe.exe -system:startup [null data] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001Core -> launches: C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2657430209-3233544591-142891156-1001UA -> launches: C:\Users\eagle\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] User_Feed_Synchronization-{0BB9A818-465F-4895-8B28-1B81C9FEDF33} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\WINDOWS\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION /FIRSTTIME [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2657430209-3233544591-142891156-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {553891B7-A0D5-4526-BE18-D3CE461D6310} = (no title provided) -> {HKLM...CLSID} = Classic Explorer Bar \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer64.dll [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {553891B7-A0D5-4526-BE18-D3CE461D6310} = (no title provided) -> {HKLM...Wow...CLSID} = Classic Explorer Bar \InProcServer32\(Default) = C:\Program Files\Classic Shell\ClassicExplorer32.dll [IvoSoft] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {56753E59-AF1D-4FBA-9E15-31557124ADA2}\ MenuText = Classic IE Settings Exec = C:\Program Files\Classic Shell\ClassicIE_32.exe [IvoSoft] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {56753E59-AF1D-4FBA-9E15-31557124ADA2}\ MenuText = Classic IE Settings Exec = C:\Program Files\Classic Shell\ClassicIE_32.exe [IvoSoft] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AMD External Events Utility, AMD External Events Utility, C:\WINDOWS\system32\atiesrxx.exe [AMD] AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> SystemEventsBroker, Service <> PEVSystemStart, Service ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\eagle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\eagle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\eagle\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\eagle\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\eagle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=400 folders=162 132737882 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\eagle\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\eagle\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\AVG Web TuneUp" not found ==== EOF on zo 01-03-2015 at 8:13:58,76 ======================