Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Kevin on Wed 07/29/2015 at 10:59:27.69. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kevin\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 7/29/2015 11:00:37 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Hi-Rez Studios deleted successfully C:\PROGRA~3\Trusted Publisher deleted successfully C:\Users\Kevin\AppData\Roaming\Atari deleted successfully C:\Users\Kevin\AppData\Roaming\Awesomium deleted successfully C:\Users\Kevin\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Kevin\AppData\Local\Ubisoft Game Launcher deleted successfully C:\Users\Kevin\AppData\Local\WarThunder deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ęTorrent 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Content Viewer Adobe Default Language CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 18 ActiveX Adobe Flash Player 18 NPAPI Adobe Fonts All Adobe Help Manager Adobe Help Viewer CS3 Adobe Illustrator CS6 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe InDesign CS5.5 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Alternative Look for Yennefer ANNO 2070 Apple Application Support Apple Mobile Device Support Apple Software Update Arma 2 ARMA 2: British Armed Forces - Data cache removal Arma 2: British Armed Forces Arma 2: DayZ Mod Arma 2: Operation Arrowhead AutoHotkey 1.0.48.05 Ballad Heroes - Neutral Gwent Card Set BatmanT: Arkham Knight Battle.net Battlefield 3T Battlelog Web Plugins BattlEye for OA Uninstall Beard and Hairstyle Set Belgium e-ID middleware 4.0.7 (build 7466) BioShock Infinite Borderlands 2 Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack Borderlands: The Pre-Sequel Broadcom NetLink Controller Call of Duty: Advanced Warfare - Multiplayer Call of Duty: Advanced Warfare Call of Duty: Black Ops Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 2 Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG3200 series MP Drivers Canon MG3200 series On-screen Manual Canon MG3200 series User Registration Canon My Image Garden Canon My Image Garden Design Files Canon My Printer Canon Quick Menu CCleaner CDBurnerXP Cheat Engine 6.2 Cheat Engine 6.3 Cheat Engine 6.4 ConvertXtoDVD 4.2.0.0 Core Temp 1.0 RC5 Counter-Strike: Global Offensive Counter-Strike: Source D-Link DWA-131 Wireless N Nano USB Adapter DAEMON Tools Lite DayZ DayZ Commander DayZ Unleashed Debut Video Capture Software Definition Update for Microsoft Office 2010 (KB3054883) 64-Bit Edition DirectX 9 Runtime DivX Setup DVD Shrink 3.2 Elite Crossbow Set Express Burn Face Filter Fallout 3 - The Pitt Fallout 3 Fallout Mod Manager 0.13.21 Fallout New Vegas Far Cry 3 Far Cry 4 Fraps (remove only) FXAA Post Process Injector GamersFirst LIVE GOG Galaxy Google Chrome Google Update Helper Grand Theft Auto V Gtk# for .Net 2.12.10 HD Tune 2.55 HiJackThis iCloud Instalaci¢n de DivX Insurgency Intel(R) Processor Graphics iTunes Java 8 Update 51 Java Auto Updater Kepard Logitech Gaming Software Logitech Gaming Software 8.45 Mafia II Malwarebytes Anti-Malware version 2.1.6.1022 Metro Last Light Microsoft .NET Framework 4.5.1 RC Microsoft ASP.NET MVC 4 Runtime Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Office 32-bit Components 2010 Microsoft Office PowerPoint 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft PowerPoint 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 38.0.5 (x86 en-US) Mozilla Maintenance Service New Quest - Contract Missing Miners New Quest - Fool's Gold Nexus Mod Manager Nilfgaardian Armor Set NVIDIA 3D Vision Controller Driver 352.65 NVIDIA 3D Vision Driver 353.30 NVIDIA Control Panel 353.30 NVIDIA GeForce Experience 2.4.5.60 NVIDIA GeForce Experience Service NVIDIA Graphics Driver 353.30 NVIDIA HD Audio Driver 1.3.34.3 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX System Software 9.15.0428 NVIDIA ShadowPlay 2.4.5.60 NVIDIA Stereoscopic 3D Driver NVIDIA Update 2.4.5.60 NVIDIA Update Core NVIDIA Virtual Audio 1.2.28 Open Broadcaster Software Origin Path of Exile PDF Settings PDF Settings CS5 PDF Settings CS6 PriceMinus Prism Video File Converter QuickTime Razer Game Booster RBVirtualFolder64Inst Realm of the Mad God Realtek High Definition Audio Driver RocketDock 1.3.5 Rockstar Games Social Club Roxio BackOnTrack Roxio BackOnTrackPE Roxio Burn - Secure Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2012 Pro Roxio System Rollback Roxio System Rollback Recovery Disk Roxio Video Capture USB Samsung Data Migration Samsung Magician SHIELD Streaming SHIELD Wireless Controller Driver SketchUp Pro 8 SkypeT 7.6 SmartSound Quicktracks 5 SpeedRunners Steam SteelSeries Engine TeamSpeak 3 Client TechPowerUp GPU-Z Temerian Armor Set The Elder Scrolls V Skyrim 1.0.2 The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 The Witcher 3 - Wild Hunt Titan Quest Titan Quest: Immortal Throne TomTom HOME TQ Defiler.NET Tunngle Update for Microsoft Office 2010 (KB2553347) 64-Bit Edition VC80CRTRedist - 8.0.50727.6195 VD64Inst VideoPad Video Editor VLC media player 2.0.5 War Thunder Watch Dogs Windows Driver Package - Fedict SmartCard (04/30/2014 4.0.7.5) Windows Live ID Sign-in Assistant Windows Media Encoder 9 Series x64 Edition WinSoftMEsti ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe D:\WlanWpsSvc.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe D:\Program Files\Steam\Steam.exe C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe D:\wirelesscm.exe D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe D:\Program Files\Steam\bin\steamwebhelper.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Kevin\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\f4hrtl0g.default user.js not found ---- Lines extensions.F4avFJL9MnvssMUT removed from prefs.js ---- user_pref("extensions.F4avFJL9MnvssMUT.epoch", "1435063494"); user_pref("extensions.F4avFJL9MnvssMUT.url", "http://good-links.org/sync2/?q=hfZ9ofbJBNrMCyVUojsErdw9tMqLDe49CNU0nUkMCMlNhd9Fqja7rTaFpjk7rTCMBzqUojw8r ---- Lines extensions.KpsfiWJtStUTMse2 removed from prefs.js ---- user_pref("extensions.KpsfiWJtStUTMse2.epoch", "1435063495"); user_pref("extensions.KpsfiWJtStUTMse2.url", "http://guardsetstarr.info/sync2/?q=hfZ9ofV9CShEAen0rTaErjnMg708BNmGWj8cmihGheDUojw8rdgGrdw4qjCGqShIC7n0r ---- FireFox user.js and prefs.js backups ---- prefs_20150729_1109_.backup ProfilePath: C:\Users\Kevin\AppData\Roaming\TomTom\HOME\Profiles\soz6r5po.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150729_1109_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\bestadblocker deleted C:\PROGRA~2\PriceMinus deleted C:\PROGRA~2\PrIceMiNuso deleted C:\PROGRA~3\kanachinphahhnipifppdhbgeeiekfnd deleted C:\PROGRA~3\{73ac1ed1-6905-b290-73ac-c1ed16907b45} deleted C:\PROGRA~3\839256699709748837 deleted C:\Users\Kevin\AppData\Roaming\WB.CFG deleted C:\Users\Kevin\AppData\Roaming\Mipony deleted C:\Users\Kevin\AppData\Roaming\SpeedRunnersLog.txt deleted C:\Users\Kevin\AppData\Roaming\TorrentB deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony deleted C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted "C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted "C:\PROGRA~2\Bonjour" not deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8079 MB CPU Info: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz CPU Speed: 3393.9 MHz Sound Card: Speakers (2- USB PnP Sound Devi | Realtek Digital Output (Realtek | Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | NVIDIA GeForce GTX 980 Ti | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 2560 X 1440 - 32 bit Network: Network Present Network Adapters: TAP-Win32 Adapter V9 (Tunngle) | TAP-Win32 Adapter V9 | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 4x (E: | F: | G: | H: | ) E: TSSTcorpCDDVDW SH-224BB | F: ROXIO DVD-ROM EMULATOR | G: DTSOFT BDROM | H: WXMDMB MJSXU3C1I Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 111.7GB | D: 1863.0GB Hard Disks - Free: C: 23.3GB | D: 602.6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/13/12 | ACRSYS - 1072009 Time Zone: Romance Standard Time Motherboard *: ASRock Z77 Extreme4 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Firefox 38.0.5 Internet Explorer Version: 11.0.9600.17126 Mozilla Firefox version: 38.0.5 (x86 en-US) Google Chrome version: 43.0.2357.124 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_51 (32-bit) Sun Java version: 1.8.0_51 (64-bit) Flash Player version: 18.0.0.209 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kevin\AppData\Local\Temp ==== ====== Java Cache ===== 2015-07-29 08:57:38 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-725d3f19 2015-07-29 08:57:38 AF4B6FEF6FAB71DD963235FEE2C0BC65 100 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-07-29 08:57:37 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-6054cf02 2015-07-29 08:57:43 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47c58863-272b2258 2015-07-29 08:57:38 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-5b1aab0d ====== C:\Windows\SysWOW64 ===== 2015-07-23 09:14:11 858EB73F68B20A2A5C66B6C000D1C0DD 102608 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-07-23 09:10:16 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll 2015-07-23 09:08:11 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\SysWOW64\infocardapi.dll 2015-07-23 09:08:11 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe 2015-07-23 09:08:09 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\SysWOW64\icardres.dll 2015-07-23 09:08:00 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-23 09:02:38 CB773DEED66ECE1B9CFF826773BBF543 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-07-23 09:02:38 C7E2E098A96CC67B6E2F53299B2BEADD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-07-23 09:02:38 C0AAD567C8868D75A2E4B12B9B76B1B6 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-07-23 09:02:38 A14A226FBF88944D0CBC117521370852 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-07-23 09:02:38 6E1039FD5DC9CE93E234464A09F3FA41 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-07-23 09:02:38 5497DEEDB238CC233B4B71B56A82262A 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-07-23 09:02:38 42C3F28C43CB8094D4954212AAE0648D 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-07-23 09:02:38 2D9B2E8EB69C42B04D4EA8752BA37D16 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-07-23 09:02:38 1AF6FA56A9F909366D9DC984FA194918 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-07-23 09:02:38 0934C6E35B242FCE1CA3247A20122DAB 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-07-23 09:02:38 085CC33BC38B08E4EE66DCF0A0686D8D 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-07-23 09:02:37 77133DCC0B19AB1B279A74326E93F519 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-07-23 09:02:37 545605679CED0384D1ACBFBDACCE397F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-07-23 09:02:37 1623451E8A5D7AC2D2383FFB7F4D547E 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-07-23 09:02:37 124F6D637448868A7DA5E86B424CBEE7 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-07-23 09:02:22 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-07-23 09:02:22 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe 2015-07-23 09:02:21 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\SysWOW64\certenc.dll 2015-07-23 09:02:21 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-07-23 09:02:21 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-07-23 09:02:20 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2015-07-23 09:02:19 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2015-07-23 09:02:19 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2015-07-23 09:02:11 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\SysWOW64\cryptdlg.dll 2015-07-23 09:01:57 A3B1D1312602280839A4A2AFBDFD066E 163840 ----a-w- C:\Windows\SysWOW64\scrrun.dll 2015-07-23 09:01:57 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe 2015-07-23 09:01:57 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe 2015-07-23 09:01:57 09F65975C1C9793B923BB52A7FA83453 121856 ----a-w- C:\Windows\SysWOW64\wshom.ocx 2015-07-23 09:01:55 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll 2015-07-23 09:01:41 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll 2015-07-23 09:01:41 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2015-07-23 09:00:51 DCA2C6E7990771209CDD8E9DA90ED0E2 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll 2015-07-23 09:00:51 D3E8C7FADB758E5D222C639CC65790AD 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll 2015-07-23 09:00:51 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-07-23 09:00:21 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2015-07-23 09:00:16 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2015-07-23 09:00:14 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\Windows\SysWOW64\scesrv.dll 2015-07-23 09:00:12 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll 2015-07-23 09:00:12 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll 2015-07-23 09:00:10 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-07-23 09:00:06 F5142E9A99F44F9CC19A8AF31761F7F9 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2015-07-23 09:00:06 B3AC14EA18DD0EE517703A86963AED18 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2015-07-23 08:59:58 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2015-07-23 08:59:47 8229618C90801E957BADC332CE32A6C5 2048 ----a-w- C:\Windows\SysWOW64\iologmsg.dll 2015-07-23 08:59:37 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2015-07-23 08:56:30 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-07-23 08:56:30 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll 2015-07-23 08:56:30 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll 2015-07-23 08:56:30 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-07-23 08:56:30 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll 2015-07-23 08:56:05 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2015-07-23 08:56:00 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-07-23 08:56:00 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-07-23 08:55:59 97B7E7E3356F7F7FE5B948AB3ED707DD 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-07-23 08:55:55 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\Windows\SysWOW64\msctf.dll 2015-07-23 08:55:49 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-07-23 08:55:47 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\SysWOW64\win32spl.dll 2015-07-23 08:55:44 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll 2015-07-23 08:49:58 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-07-23 08:49:57 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll 2015-07-23 08:49:05 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-07-23 09:14:11 189FB45D7442083AE8A2E4E612233EF7 124112 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-07-23 09:10:16 3469B9FAE899139FEE7356E91693376A 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2015-07-23 09:08:11 9C44FB5B3A8A192FCE1103AC9BA4E576 171160 ----a-w- C:\Windows\Sysnative\infocardapi.dll 2015-07-23 09:08:11 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\Sysnative\icardagt.exe 2015-07-23 09:08:09 EE415EC9288182BCFB6E6896A376EA53 8856 ----a-w- C:\Windows\Sysnative\icardres.dll 2015-07-23 09:08:00 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe 2015-07-23 09:04:03 3A88F81FDCAB1AF6D2508449A88DFE87 130333168 ----a-w- C:\Windows\Sysnative\MRT.exe 2015-07-23 09:02:39 A3124003371DF6CF6B1F0BD9B81E8184 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-07-23 09:02:38 FCCD46F56DD641ED856FC0E65757B4FD 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-07-23 09:02:38 D9FF963957A0B0295CC78DF8E0CCD6E7 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-07-23 09:02:38 D90D7EC33D45DCA0307C9884E8A4D528 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-07-23 09:02:38 D2AED50315D1B4FC6A37456CA69E41D6 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-07-23 09:02:38 D01F96221F0C87E1BC8E10BAA778635B 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-07-23 09:02:38 CA2513DF06D588CDA163D9365D290641 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-07-23 09:02:38 A9FBA3049431EF63F5B451204F3BBE60 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-07-23 09:02:38 7056E7F8321E613B850145AA18E28A9F 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-07-23 09:02:38 6D6208B927C0FF8062737AC9D42AEAD7 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-07-23 09:02:38 65F0EFD62296DBC13813ACCE92E1F84D 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-07-23 09:02:38 533A98E9906183CC78E21C3936627D44 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-07-23 09:02:38 388BAF83ED4559912AF9A3CB807F8989 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-07-23 09:02:38 228D948ECE24D9DF8438D14151A6697B 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-07-23 09:02:38 21A159E71CA565BCC2DFFC8AA2A566D3 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-07-23 09:02:37 D1A479A30B1554DA25AF65AC1A73BAD9 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-07-23 09:02:37 C1D8B90B89BA7CD5819FD260FAD46C03 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-07-23 09:02:37 81D7FF431907AC004DB40E0548E2D9B3 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-07-23 09:02:22 D8129C49798CBBFB2E4351D4B7B8EF9C 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-07-23 09:02:22 A96D5ECA5742603E0E345C4F6B801F5E 1464320 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-07-23 09:02:22 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\Sysnative\certutil.exe 2015-07-23 09:02:22 2C4C22EA1735F21F355EB1A39832F7DF 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-07-23 09:02:21 189B0BAE1B0EDD51CEF1CD3F4CDEE02E 52224 ----a-w- C:\Windows\Sysnative\certenc.dll 2015-07-23 09:02:20 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2015-07-23 09:02:19 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2015-07-23 09:02:19 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2015-07-23 09:02:19 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2015-07-23 09:02:19 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2015-07-23 09:02:11 C06FAAF13E37CE482F612AFF2D2331F3 30720 ----a-w- C:\Windows\Sysnative\cryptdlg.dll 2015-07-23 09:01:57 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\Sysnative\cscript.exe 2015-07-23 09:01:57 731131A477F69476F2D739B0DB6A9281 202752 ----a-w- C:\Windows\Sysnative\scrrun.dll 2015-07-23 09:01:57 05D80FF3483BD8F268B01703C859198A 150016 ----a-w- C:\Windows\Sysnative\wshom.ocx 2015-07-23 09:01:57 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\Sysnative\wscript.exe 2015-07-23 09:01:55 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll 2015-07-23 09:01:55 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys 2015-07-23 09:01:42 8CEBD9D0A0A879CDE9F36F4383B7CAEA 455168 ----a-w- C:\Windows\Sysnative\winlogon.exe 2015-07-23 09:01:42 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe 2015-07-23 09:01:41 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll 2015-07-23 09:01:41 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll 2015-07-23 09:01:41 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2015-07-23 09:00:51 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe 2015-07-23 09:00:51 83BFCCAC53795E8A5055A93672D0C46C 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll 2015-07-23 09:00:51 7E21D3072EB20D5400919D435D549A9B 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll 2015-07-23 09:00:51 31D260ADAF1CCFEFC49DB9FBCE9986DA 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll 2015-07-23 09:00:21 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2015-07-23 09:00:16 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2015-07-23 09:00:14 FE72C89986E1BA32AD926A820491F23F 406528 ----a-w- C:\Windows\Sysnative\scesrv.dll 2015-07-23 09:00:12 AD662B34B161198B9D66A564EDDA7D43 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll 2015-07-23 09:00:12 23B001185B7C3CB1F4BDEB143E6B45B7 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll 2015-07-23 09:00:10 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-07-23 09:00:10 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-07-23 09:00:06 2A25F5ACA9DCAF9AE9570DED13A8E078 3722752 ----a-w- C:\Windows\Sysnative\mstscax.dll 2015-07-23 08:59:58 0A4D03A4C0F908B15B8A4C48FB18F197 1424896 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2015-07-23 08:59:47 1F34470A484B001CC95B66CFE4753960 2048 ----a-w- C:\Windows\Sysnative\iologmsg.dll 2015-07-23 08:59:38 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\Sysnative\charmap.exe 2015-07-23 08:56:30 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\Windows\Sysnative\WSManMigrationPlugin.dll 2015-07-23 08:56:30 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\Windows\Sysnative\WsmSvc.dll 2015-07-23 08:56:30 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\Windows\Sysnative\WsmAuto.dll 2015-07-23 08:56:30 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll 2015-07-23 08:56:30 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\Sysnative\WSManHTTPConfig.exe 2015-07-23 08:56:12 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-07-23 08:56:12 D236055773550118989C0C81CBE79A29 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-07-23 08:56:12 BBA5CB528CB7482E118D0FEAF808987A 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-07-23 08:56:12 782C216AFEE0561680706698F70B2A93 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-07-23 08:56:12 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2015-07-23 08:56:12 658B5EC540CD94D76889D0E8390B1C04 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-07-23 08:56:12 5D507961F680D0A0392CC5EB6515E70A 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-07-23 08:56:12 474EA5201E3883F747D540D3EF57C1F2 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-07-23 08:56:12 0919F433ED64E6CD1912C016F1E80BE7 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-07-23 08:56:11 5663847B3DCC8382B1D1F1EEB4A92994 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-07-23 08:56:05 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2015-07-23 08:56:01 9819614CA9EFB5A96493B379170B9D89 5554112 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-07-23 08:56:00 0147AA370862201A443752351F135D31 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-07-23 08:55:59 F7A3018D8F1825427BC11E912D5287CD 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-07-23 08:55:59 D6CDCAF84810641D1D2B455750825ACA 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-07-23 08:55:55 E88A78273D429554B6B2D2BDA945ED9B 1067520 ----a-w- C:\Windows\Sysnative\msctf.dll 2015-07-23 08:55:50 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-07-23 08:55:50 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-07-23 08:55:49 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-07-23 08:55:47 67CF11E00D026A5C0C88EA5F84D501E5 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll 2015-07-23 08:55:44 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll 2015-07-23 08:49:58 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2015-07-23 08:49:58 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll 2015-07-23 08:49:58 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2015-07-23 08:49:07 56661BB55AE4633677F846FFCD080ECA 461312 ----a-w- C:\Windows\Sysnative\scavengeui.dll 2015-07-23 08:49:05 CBA2694BFC61F371181F2BE2BCD66C40 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-23 09:02:38 FCAE45BD090866361F1CF0617B3955D7 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-23 09:02:38 D32D828A9909FA3FD5D65ED52899CFA4 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-23 09:02:38 8A5E163D645DB5AAF91F2CF57607145C 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-23 09:02:38 713202C965EC9104B34FB637E2F8AD75 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-07-23 09:02:38 36405A11DA370391E4E2DCC3AF24DE5A 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-07-23 09:02:38 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-07-23 09:01:58 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys 2015-07-23 09:01:41 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2015-07-23 09:01:41 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2015-07-23 08:59:48 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2015-07-23 08:59:48 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\Sysnative\drivers\msiscsi.sys 2015-07-23 08:59:47 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2015-07-23 08:55:48 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys ====== C:\Windows\Tasks ====== 2015-07-27 21:15:27 62EF7839FE54E2B26593BD1DB50FA997 3128 ----a-w- C:\Windows\Sysnative\Tasks\{95D77180-5AB4-4E23-ABD0-A2C6AD65BE35} 2015-07-12 19:10:03 9D9742DB6F393F8D89EDF4AEF315FD13 3156 ----a-w- C:\Windows\Sysnative\Tasks\{8F42EDA1-263F-401A-B878-8B4193F2324D} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-05 13:15:07 -------- dc----w- C:\Program Files\OBS 2015-07-02 12:47:41 -------- dc----w- C:\Program Files\Rockstar Games ======= C:\PROGRA~2 ===== 2015-07-29 08:56:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-07-23 21:11:43 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-07-23 09:10:38 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET 2015-07-11 16:07:38 -------- d-----w- C:\PROGRA~2\Tunngle 2015-07-11 15:45:31 -------- d-----w- C:\PROGRA~2\Soul's Software 2015-07-05 13:15:06 -------- d-----w- C:\PROGRA~2\OBS 2015-07-02 12:47:51 -------- d-----w- C:\PROGRA~2\Rockstar Games ======= C: ===== ====== C:\Users\Kevin\AppData\Roaming ====== 2015-07-22 09:26:47 -------- d-----w- C:\Users\Kevin\AppData\Local\CEF 2015-07-12 11:18:50 -------- d-----w- C:\Users\Kevin\AppData\Roaming\GameRanger 2015-07-05 13:15:10 -------- d-----w- C:\Users\Kevin\AppData\Roaming\OBS 2015-07-05 13:15:08 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-07-02 12:48:02 -------- d-----w- C:\Users\Kevin\AppData\Local\Rockstar Games ====== C:\Users\Kevin ====== 2015-07-29 08:55:53 FD5E74BFA85F82E4D6533624E43F9175 562784 ----a-w- C:\Users\Kevin\Downloads\jxpiinstall.exe 2015-07-28 09:16:34 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kevin\Downloads\RSITx64.exe 2015-07-23 21:11:56 -------- d-----w- C:\Users\Kevin\Tracing 2015-07-23 21:11:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-07-11 16:07:40 -------- d-----w- C:\ProgramData\Tunngle 2015-07-11 15:45:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soul's Software ====== C: exe-files == 2015-07-29 08:56:14 C4B3393396204E759E6EDFF92A9CAA50 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe 2015-07-29 08:56:14 8516D08420A7AB22A9B722FAF631E320 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssvagent.exe 2015-07-29 08:56:14 5E1561548895218973EB5C833D96BD60 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe 2015-07-29 08:56:14 56C175D9B0D7EE7D1DA92B8D8A12772A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\servertool.exe 2015-07-29 08:56:13 F52607E7F53DA8FE1C4A3C1F11CE2AE7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe 2015-07-29 08:56:13 F3D19B026E09B8150D9FF40D537C8F2A 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe 2015-07-29 08:56:13 EF442149A0502661D49628A66A69F33C 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\policytool.exe 2015-07-29 08:56:13 E7ABC6445E6A2F1EDE5F8BB082ECEEA1 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jabswitch.exe 2015-07-29 08:56:13 D50189686D9D144CB4EC807652640FC0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ktab.exe 2015-07-29 08:56:13 BC66611222047778694C7650B7814978 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe 2015-07-29 08:56:13 B5AA17A9ACE57080909B9CB47CD74C39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\kinit.exe 2015-07-29 08:56:13 A4D1AC4078F1A819ECECC546F64907A1 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe 2015-07-29 08:56:13 9A474C07C5242EF2AE12FF6BF387F334 273504 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe 2015-07-29 08:56:13 8B09EF707CE0895D5478300CC2CE90DB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe 2015-07-29 08:56:13 76BD4372DD5C5A316F64D562C2404BF8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe 2015-07-29 08:56:13 6790CB3F51E280A2A3EEAA3C5BD58EFF 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\keytool.exe 2015-07-29 08:56:13 547F9D4CB6FAAC8E941F1689D5555CDB 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jjs.exe 2015-07-29 08:56:13 4E022C0940633A9538892CB26B65BD0D 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe 2015-07-29 08:56:13 46AD9258E9B6EA56AFC8723CEFDF8425 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe 2015-07-29 08:56:13 235015745A6A6FE26BCDA8F227C9132B 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\klist.exe 2015-07-29 08:56:13 0CFCEE90C8711D4DEAD9EC7046918A45 77920 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe 2015-07-29 08:55:53 FD5E74BFA85F82E4D6533624E43F9175 562784 ----a-w- C:\Users\Kevin\Downloads\jxpiinstall.exe 2015-07-28 09:16:34 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kevin\Downloads\RSITx64.exe 2015-07-27 11:13:43 A7233EF21FBD25AB55DF827B9984D01F 2757176 ----a-w- C:\ProgramData\GOG.com\Galaxy\temp\desktop-galaxy-updater\GalaxyUpdater.exe 2015-07-24 09:25:10 C434BBB0A03389475C6131B444509948 5917592 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\Packages\00007af6\DAO.19793760.exe 2015-07-24 09:25:10 C07A2459C67E6ACF05E4E57DFFC942BC 514576 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\Packages\00007abf\CoProc update.19781562.exe 2015-07-23 12:02:42 9AB2872C989F119A6E8713466E7D0433 628664 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-07-23 12:02:40 E968B76A7BF47770CFC5B1FAE47C9B81 172984 ----a-w- C:\Users\Kevin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-07-23 09:08:11 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\SysWOW64\icardagt.exe 2015-07-23 09:08:11 8A08BB0D12BE40DC09632CD5D04A48A0 1389208 ----a-w- C:\Windows\System32\icardagt.exe 2015-07-23 09:08:00 E4312738B500577BABC232A49F67A67D 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe 2015-07-23 09:08:00 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-23 09:04:03 3A88F81FDCAB1AF6D2508449A88DFE87 130333168 ----a-w- C:\Windows\System32\MRT.exe 2015-07-23 09:02:38 FCCD46F56DD641ED856FC0E65757B4FD 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-07-23 09:02:38 D90D7EC33D45DCA0307C9884E8A4D528 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-07-23 09:02:38 C0AAD567C8868D75A2E4B12B9B76B1B6 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-07-23 09:02:22 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\System32\certutil.exe 2015-07-23 09:02:22 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe 2015-07-23 09:01:57 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\System32\cscript.exe 2015-07-23 09:01:57 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe 2015-07-23 09:01:57 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe 2015-07-23 09:01:57 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\System32\wscript.exe 2015-07-23 09:01:42 8CEBD9D0A0A879CDE9F36F4383B7CAEA 455168 ----a-w- C:\Windows\System32\winlogon.exe 2015-07-23 09:01:42 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\System32\mstsc.exe 2015-07-23 09:01:41 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2015-07-23 09:00:51 F55F287810AAF708618793764AF7D1BB 23552 ----a-w- C:\Windows\System32\sdbinst.exe 2015-07-23 09:00:51 715C060150D969B0DE5DD5B365A712AF 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-07-23 09:00:21 BE8F985609BE0809B7E29960AC997511 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe 2015-07-23 08:59:38 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\System32\charmap.exe 2015-07-23 08:59:37 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2015-07-23 08:56:30 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-07-23 08:56:30 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2015-07-23 08:56:12 BBA5CB528CB7482E118D0FEAF808987A 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe 2015-07-23 08:56:12 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\System32\aitstatic.exe 2015-07-23 08:56:12 17D815AD21D4325CD589E57A9582E311 70840 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-07-23 08:56:11 8D06AAF1723B514C412187C5B8B67EEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2015-07-23 08:56:11 4AC38FC4C6894B21698A99B9129B1EA4 161952 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2015-07-23 08:56:01 9819614CA9EFB5A96493B379170B9D89 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-07-23 08:56:00 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-07-23 08:56:00 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-07-23 08:55:59 F7A3018D8F1825427BC11E912D5287CD 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-07-23 08:55:50 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe 2015-07-22 22:12:03 AB9990DB80EA3DAC0EAE50C906EF7ECA 1693024 ----a-w- C:\Users\Kevin\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe === C: other files == 2015-07-29 08:56:14 5F7B14A65C88D4AEB0E3DF49C6A0941F 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip 2015-07-23 09:02:38 FCAE45BD090866361F1CF0617B3955D7 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-07-23 09:02:38 D32D828A9909FA3FD5D65ED52899CFA4 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-07-23 09:02:38 8A5E163D645DB5AAF91F2CF57607145C 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-07-23 09:02:38 713202C965EC9104B34FB637E2F8AD75 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-07-23 09:02:38 36405A11DA370391E4E2DCC3AF24DE5A 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-07-23 09:02:38 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\System32\drivers\cng.sys 2015-07-23 09:01:58 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\System32\drivers\http.sys 2015-07-23 09:01:55 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\System32\clfs.sys 2015-07-23 09:01:41 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2015-07-23 09:01:41 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2015-07-23 09:00:10 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\System32\win32k.sys 2015-07-23 08:59:48 A3F0BC5897F9D3786A3CB695B163633A 190912 ----a-w- C:\Windows\System32\drivers\storport.sys 2015-07-23 08:59:48 96BB922A0981BC7432C8CF52B5410FE6 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys 2015-07-23 08:59:47 B3222734D80013D2C73841B0C549FA63 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2015-07-23 08:56:11 7EBB5DAD11B1D0B12317A191C8325991 21128 ----a-w- C:\Windows\System32\appraiser\nxquery.sys 2015-07-23 08:55:48 1A29A59A4C5BA6F8C85062A613B7E2B2 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2201358601-1718601949-3330357416-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="D:\Program Files\Steam\steam.exe -silent" "SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" "uTorrent"="C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler" "CPMonitor"="D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="D:\Program Files\Steam\steam.exe -silent" "SteelSeries Engine"="C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" "uTorrent"="C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "BCSSync"="D:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\System32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS5.5ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonQuickMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"D:\\Program Files\\Daemon tools\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Disc Tool] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Desktop Disc Tool" "hkey"="HKLM" "command"="\"D:\\Program Files (x86)\\Roxio 2012\\Roxio Burn\\RoxioBurnLauncher.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EADM" "hkey"="HKCU" "command"="\"D:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GalaxyClient] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GalaxyClient" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\GalaxyClient\\GalaxyClient.exe /launchViaAutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScannerSelectorEX] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IJNetworkScannerSelectorEX" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\IJ Network Scanner Selector EX\\CNMNSST.exe /FORCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"D:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kepard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Kepard" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Kepard\\Kepard.exe\" tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Kevin\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kevin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk] "path"="C:\\Users\\Kevin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Samsung Magician.lnk" "backup"="C:\\Windows\\pss\\Samsung Magician.lnk.Startup" "backupExtension"=".Startup" "command"="D:\\SAMSUN~1\\SAMSUN~1.EXE /AUTOHIDE" "item"="Samsung Magician" ==== Startup Folders ====================== 2013-01-11 01:07:48 279 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/14/2015 08:24 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\{1B19EE28-0BEB-46DF-9C46-0534EF4D1581}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\f4hrtl0g.default user_pref("browser.startup.homepage", "google.be"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Kevin\AppData\Roaming\TomTom\HOME\Profiles\soz6r5po.default - Map status indicator - D:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - D:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\f4hrtl0g.default A843FC35574ECFD9E7A41C5505A9921B - D:\Vlc\npvlc.dll - VLC Web Plugin FD82108FD60B63010325D9AF6F00AF99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 Google Slides - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo AddThis Share Bookmark new - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde Google Search - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap AdBlock - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Hotword Shared Module - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Google Wallet - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Hover Zoom - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl Gmail - Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences y_name\":\"14\\\"x17\\\" 36x43cm (Scaled)\",\"height_microns\":431800,\"vendor_id\":\"296\",\"width_microns\":355600}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Canon MG3200 series Printer\",\"mediaSize\":{\"custom_display_name\":\"Letter 8.5\\\"x11\\\" 22x28cm\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"customMargins\":null,\"vendorOptions\":{},\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]forums.d2jsp.org,*":{"setting":1},"[*.]weblog.bol.com,*":{"setting":1},"[*.]www.diablofans.com,*":{"setting":1},"[*.]www.hln.be,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{"https://forums.wildshadow.com:443,https://forums.wildshadow.com:443":{"setting":{"cert_exceptions_map":{"4294967095VRT9tDeVEh+0Xcnsg1taoPTyowPPkrzkaFQAlNO9/s8=":1},"guid":"2A82155E-1045-4CDD-B941-BF745B41866A","version":1}}}},"pattern_pairs":{"[*.]forums.d2jsp.org,*":{"fullscreen":1},"[*.]weblog.bol.com,*":{"fullscreen":1},"[*.]www.diablofans.com,*":{"fullscreen":1},"[*.]www.hln.be,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"created_by_version":"37.0.2062.124","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Kevin\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Kevin\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13057837611352798"},"translate_accepted_count":{"fi":0,"nl":0},"translate_blocked_languages":["en"],"translate_denied_count":{"fi":1,"nl":14},"translate_last_denied_time":1413586225018.805,"translate_too_often_denied":true,"translate_whitelists":{}} gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.143\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072142128749274","lastpingday":"13079430001788706","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"https://www.google.be/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"6BEA12EFD1804C20AF5C72E4AC960307931C03AC1AB9E2DC18D8816DB937C416"},"default_search_provider":{"keyword":"4615EEE719EF2FE4D56193809BA25653CF8CC6C37DDC72325C01CE912B56A7D4","name":"6B2AD81F3B0D0156CE6B1D6F75CC7005AAFEC4A61B154E58CEEFAA1C818AA9F7","search_url":"BAE0767A34BB62676A2F5B9026FD4EF82172F1DF8A910323E1E8A5F8690651E7"},"default_search_provider_data":{"template_url_data":"FFCC9B901E9518B00BFC3C83289612CBF29C7EED5518EBA38686EFDFC50B4848"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"161569BF466DA732D07E6CB4A3ADAFEE3BFC1A8830C0B125B1E816D8C2C31755","ahfgeienlihckogmohjhadlkjgocpleb":"D9B9DB6A394FBFC04D381A159750DC8B460808012BD2725F3AF3351F16E50E5B","aohghmighlieiainnegkcijnfilokake":"3B7C66861A74CDD2156A1031FB4DD28E1393CFCB6452EC17ABCEDB759C036ECE","apdfllckaahabafndbhieahigkjlhalf":"59FD6DF32A86731A9BE68C9B92A1B43743BC3729E75F67C1A2AECFFD1C7035F9","bepbmhgboaologfdajaanbcjmnhjmhfn":"5DAFC209C1673FAF9B5E1B8B318A2CA287BEA73DF39E76D12ACE1A08FF76E9ED","blpcfgokakmgnkcojhhkbfbldkacnbeo":"891E2F8E33CB0C43E6A7E562CC77727C3FE1F78200173F0BF65ECFFF2D8C6C17","cgbogdmdefihhljhfeiklfiedefalcde":"6D4E8A21F3F9153A8ABB8AB0F0802878B7743FDA925C8487708BBB74ACCC74A4","coobgpohoikkiipiblmjeljniedjpjpf":"845AD1955B4AC18C6840D54D0A5B61BB2D7EB32B4D405D909D9ECB3B75338F0C","dnhpdliibojhegemfjheidglijccjfmc":"D3A938B70F7083938C8DF4E6CC3BB4186A0F625A6A61F91F63ED95F11EE588A4","eemcgdkfndhakfknompkggombfjjjeno":"16AC42AE1549BE5077E0799E04F5B0C723F6CF122BAE8BA76E8C9A74A1FC9BAE","ejmhlbdjpkejnkdapikhjiollgdllplm":"FDE39EDA7F23D55AE65CBACF529E985769345D173DF792D97CAAEE340B7ABCD1","ennkphjdgehloodpbhlhldgbnhmacadg":"5268AE46776697437E50325FDACEABDD456EE45D1B5081ED4F63E6B88B83C8A4","felcaaldnbdncclmgdcncolpebgiejap":"C073A7B7D69852B9A443B7F969D0D79AC58303E7C78915A15E3BD4FFC9BB81E9","gfdkimpbcpahaombhbimeihdjnejgicl":"25C44E307CDEF1C72128F552F27CB877C1F520B5D77E06D1E8FDCBF56EEB0273","gighmmpiobklfepjocnamgkkbiglidom":"CC2C121C5B3480882349DE242E5E3701E440A5ACDAD3914452040FED6A4C1EF2","kanachinphahhnipifppdhbgeeiekfnd":"B279028E7DA64C434A3A855F792959BD199E14DD331E0A5B8C3F5AB07E2D0F0B","kmendfapggjehodndflmmgagdbamhnfd":"1D4C27E3D07786BF2877F0E53D95BF02C445D13644DC2DDC516D352E1FB59691","lccekmodgklaepjeofjdjpbminllajkg":"13BA5B5886306E0555B437379DAB8C14D8D927767C91741425523A66F3C657B6","mfehgcgbbipciphmccgaenjidiccnmng":"3E88E0FD0FEF1756398AAB531943920E0845A0BFAF06BE7883E608C45ED7C5FA","mgndgikekgjfcpckkfioiadnlibdjbkf":"2224B32CD1DA620FF159A8FDE09E4E237C799B25C869750171976E2A9B9C0A0D","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F2BF936E58CDAC3C8DAF436E0E4DC812DDA677338012FA8C621416962E5594D1","nbpagnldghgfoolbancepceaanlmhfmd":"FB7C2DDEB9701B79FF720481164D7625D2E0C878203F2530E0317FF653513DA9","neajdppkdcdipfabeoofebfddakdcjhd":"76B9700A0597C3C5BEF721B80FF91902978E6F43131A59E6D57D52DE3E771D58","nkeimhogjdpnpccoofpliimaahmaaome":"F36D27908F05008B64464D508D65CFACBAD454D17520D4B79F2E644B4F0EAB60","nmmhkkegccagdldgiimedpiccmgmieda":"4BC482E80237C2EE59E51F9B29508D4DB863FCB22E8BF365B66FF07328A323CF","nonjdcjchghhkdoolnlbekcfllmednbl":"7923B16BC5A028C1DE5C32E3011EA3BABB21C5E5BF24247739BE5E7E2A5A9C67","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"222B0A94050122419386CEF8AE923C4EB19380948788A89A5B6E5A76765B3A90","pjkljhegncpnkpknbcohdijeoejaedia":"D37A50F49A207D9343F50FDC50F7249FB1A34FC44A1C6B77E02439212632D110"}},"google":{"services":{"last_username":"3BAC038E93DDECD1B2F54229BEF8B50E1D5E3600831738027547BBFBE2605EE6","username":"D5606AEE97C351F472BA41447C12146AC808C1D49A4163F2FA49825FEB0FA478"}},"homepage":"3A49509B6C78C9ABD66250AB16D49CE3872BC48D6A7BDD30317E7712C68A962F","homepage_is_newtabpage":"DD4BEA8946E19A32AF377428EF9225EF47802471BC58EFCF01E1C0A00ADBB578","pinned_tabs":"F7B3BC45E8174793BD6A248C4C423D7B3BFDD32052791931CBBB2541C59AFD1A","prefs":{"preference_reset_time":"1AF520AA1C01C5FA6324F738E082EA7D9C08A14CA0CAA8BF3F958CBB85E5FA41"},"profile":{"reset_prompt_memento":"FD69665E9B0F94511CCA4BB07014592CF5E908B10241F1938BFB87F61D427064"},"safebrowsing":{"incidents_sent":"CCACF6671093EA16E505E0E948DD205F07CAAEFC57ABFA784E3C45184EEF8F57"},"search_provider_overrides":"98771411B6C38D26875C731CDEDF3F56E2167F35ECE4F549BE138AC62744B1B1","session":{"restore_on_startup":"F4EE0F57B161D01BCF6814EA08E58DF0E606F1AE6E417F7EF19D737FBAB722FE","startup_urls":"0056D448944C15B9BCF32B148443D699D5142E671BD47108268F0DC2DA8D4C3B"},"software_reporter":{"prompt_reason":"60F8C7CD5C784542BA7EE2972000D11A1C8A5A67FD4902F462CBF771E5567FD7","prompt_seed":"F44FFDE61A7A34833000F0E3F7D68EA1AE2576221BD94659B8DD30340E97D50C","prompt_version":"A72CC815F56250E3EFA5353A27C474D54D6BD3E6EE61AB277F110A0A09BCFEF0"},"sync":{"remaining_rollback_tries":"9DA0EF7153BF4F65DD94F82589DD0675F346D2797C0B554EE7A79EBC17838463"}},"super_mac":"AE8F4896B0EE42B82D6FBBDA1FF5F833535F3BBDE4CC4C284EA17A629E277D86"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stlyrics.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_metrovideogame.wikia.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_metrovideogame.wikia.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.allbroadcastbatteries.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.allbroadcastbatteries.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.thehumanallegiance.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.thehumanallegiance.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fastdailyfind.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onlinewebfind.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_onlinewebfind.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services.buyway.be_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services.buyway.be_0.localstorage-journal deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgbogdmdefihhljhfeiklfiedefalcde_0.localstorage deleted successfully C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cgbogdmdefihhljhfeiklfiedefalcde_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kepard deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler O4 - HKLM\..\Run: [CPMonitor] "D:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kevin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - Global Startup: Wireless Connection Manager.lnk = ? O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1358191722211 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - D:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB13 - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WlanWpsSvc - Unknown owner - D:\WlanWpsSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1TTWZEG will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Kevin\AppData\Local\Mozilla\Firefox\Profiles\f4hrtl0g.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1169 folders=247 137254791 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\fbwuser\AppData\Local\temp emptied successfully C:\Users\Kevin\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kevin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\Bonjour" not found "C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1TTWZEG" not found ==== EOF on Wed 07/29/2015 at 11:15:27.35 ======================