Zoek.exe v5.0.0.0 Updated 04-September-2015 Tool run by Nick on zo 06/09/2015 at 12:46:52,29. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2013-09-11-173033.log 23922 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Activision deleted successfully C:\PROGRA~2\AutoHotkey deleted successfully C:\PROGRA~2\dumps deleted successfully C:\PROGRA~2\Dying Light deleted successfully C:\PROGRA~2\GUM1AA1.tmp deleted successfully C:\PROGRA~2\HP Photo Creations deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\The Evil Within deleted successfully C:\PROGRA~2\Winamp deleted successfully C:\PROGRA~2\COMMON~1\doubleTwist deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Handbrake deleted successfully C:\PROGRA~3\Riot Games deleted successfully C:\Users\Nick\AppData\Roaming\AccurateRip deleted successfully C:\Users\Nick\AppData\Roaming\fltk.org deleted successfully C:\Users\Nick\AppData\Roaming\HpUpdate deleted successfully C:\Users\Nick\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Nick\AppData\Roaming\Media Player Classic deleted successfully C:\Users\Nick\AppData\Roaming\Publish Providers deleted successfully C:\Users\Nick\AppData\Roaming\QuickScan deleted successfully C:\Users\Nick\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully C:\Users\Nick\AppData\Local\FluxSoftware deleted successfully C:\Users\Nick\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2362421678-1093722855-3624652776-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_USERS\S-1-5-21-2362421678-1093722855-3624652776-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 4K Video Downloader 3.4 7-Zip 9.20 (x64 edition) Acrobat.com Adobe AIR Adobe Flash Player 18 NPAPI Adobe Reader XI (11.0.12) Adobe Refresh Manager Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update Asmedia ASM106x SATA Host Controller Driver ASRock 3TB+ Unlocker v1.1 ASRock InstantBoot v1.29 AudioSwitch v2.0 AVI ReComp 1.5.5 AviSynth 2.5 Battlefield 4T Battlelog Web Plugins Bitdefender Total Security 2015 BitTorrent Bonjour Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch CCleaner Combined Community Codec Pack 2014-07-13 Counter-Strike: Global Offensive Creative Audio Control Panel Creative Diagnostics Creative Opstart-console Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition CyberLink PowerDVD 14 DAEMON Tools Lite DfuSe v3.0.4 Dolby Digital Live Pack DTS Connect Pack Evernote v. 5.8.13 ffdshow [rev 2527] [2008-12-19] Google Chrome Google Update Helper Grand Theft Auto V Icaros 2.3.0 iCloud Intel(R) Management Engine Components Intel(R) Smart Connect Technology 3.0 x64 Intel(R) Update Manager Intel(R) USB 3.0 eXtensible Host Controller Driver Intel© Trusted Connect Service Client ISP Monitor iTunes iTunesSnarl 1.2 Java 8 Update 60 Java Auto Updater JDownloader 0.9 League of Legends Malwarebytes Anti-Malware versie 2.1.8.1057 Mayflash WIIMote PC Adapter melon 3.76 Mercurial 2.8.1 (x86) Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.5.2 (Nederlands) Microsoft .NET Framework 4.5.2 (NLD) Microsoft ASP.NET MVC 4 Runtime Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Xbox 360 Accessories 1.2 mkv2vob MKVToolNix 6.2.0 Mozilla Firefox 34.0.5 (x86 nl) Mozilla Maintenance Service Mp3tag v2.70 MPC-HC 1.7.3 (64-bit) MSI Afterburner 4.1.1 MSVCRT Redists MyFreeCodec NVIDIA-configuratiescherm 355.60 NVIDIA 3D Vision controllerstuurprogramma 352.65 NVIDIA 3D Vision stuurprogramma 355.60 NVIDIA GeForce Experience 2.5.14.5 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 355.60 NVIDIA HD Audio-stuurprogramma 1.3.34.3 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.5.14.5 NVIDIA Stereoscopic 3D Driver NVIDIA Update 2.5.14.5 NVIDIA Update Core NVIDIA Virtual Audio 1.2.31 OpenAL Origin PAC-MAN Championship Edition DX+ PCSX2 - Playstation 2 Emulator Phase Shift Popcorn Time Python 2.7.6 (64-bit) QuickTime 7 Razer Synapse Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RivaTuner Statistics Server 6.2.0 Rockstar Games Social Club SHIELD Streaming SHIELD Wireless Controller Driver SixaxisPairTool 0.3.0 Skype Web Plugin SkypeT 7.0 Snarl 3.0.1 Spotify Steam Street Fighter X Tekken SubSync Super Mario Bros. X version 1.3 System Requirements Lab CYRI The Expendabros THX TruStudio Ubisoft Game Launcher Uplay Usb Network Joystick Vegas Pro 12.0 (64-bit) VLC media player 2.0.6 VobSub 2.23 Widevine Media Optimizer Chrome 6.0.0 Windows Live ID Sign-in Assistant WinRAR 4.20 (64-bit) XFastUSB Xvid Video Codec ZOMB413 Tekno MW3 DLC Update 2.7.0.9 server edition re-pack ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Nick\Downloads\isp.exe C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe D:\Xpadder\Xpadder.exe C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Nirsoft\volumouse-x64\volumouse32.exe C:\Users\Nick\Desktop\XboxExt.exe C:\Program Files (x86)\XFastUSB\XFastUsb.exe C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\full phat\Snarl\snarl.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe D:\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\8e1igna2.default ---- Lines quick_start removed from prefs.js ---- user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- FireFox user.js and prefs.js backups ---- user_20150609_1255_.backup prefs_20150609_1255_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Activision not found C:\PROGRA~2\AutoHotkey not found C:\PROGRA~2\dumps not found C:\PROGRA~2\Dying Light not found C:\PROGRA~2\GUM1AA1.tmp not found C:\PROGRA~2\HP Photo Creations not found C:\PROGRA~2\The Evil Within not found C:\PROGRA~2\Winamp not found C:\Program Files (x86)\Kaspersky Lab not found C:\Program Files (x86)\Jungle Net not found C:\ProgramData\Kaspersky Lab deleted C:\Users\Nick\.android deleted C:\STFEC72.tmp deleted C:\install.exe deleted C:\Users\Nick\AppData\Roaming\Clock+.log deleted C:\Users\Nick\AppData\Roaming\ez_style_engine.log deleted C:\Users\Nick\AppData\Roaming\TMinus.log deleted C:\Users\Nick\AppData\Roaming\wlanmonitor.log deleted C:\PROGRA~3\Wondershare Video Converter Ultimate deleted C:\PROGRA~3\Computer Updater deleted C:\PROGRA~3\Package Cache deleted C:\Users\Nick\AppData\Local\Wondershare deleted C:\Windows\Reimage.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\SafeAppRichList.ocx deleted C:\Windows\Syswow64\CUUpdateComponent.ocx deleted C:\Windows\Syswow64\ComputerUpdaterLM.ocx deleted C:\Users\Nick\Desktop\4K Video Downloader.lnk deleted "C:\PROGRA~2\Windows Collaboration" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8145 MB CPU Info: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz CPU Speed: 3388,8 MHz Sound Card: Luidsprekers (Creative SB X-Fi) | DELL ST2320L-0 (NVIDIA High Def | Realtek Digital Output (Realtek | PL2773HD-C (NVIDIA High Definit | Display Adapters: NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (F: | ) F: DTSOFT BDROM Ports: COM1 LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 232,9GB | D: 931,5GB Hard Disks - Free: C: 11,1GB | D: 34,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/20/12 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: ASRock H77 Pro4-M Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Bitdefender Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Bitdefender Antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Bitdefender Firewall disabled Default Browser: Google Chrome 45.0.2454.85 Internet Explorer Version: 10.0.9200.17457 Mozilla Firefox version: 34.0.5 (x86 nl) Google Chrome version: 45.0.2454.85 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_60 (32-bit) Sun Java version: 1.8.0_60 (64-bit) Flash Player version: 18.0.0.232 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-08-12 09:33:51 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe ====== C:\Users\Nick\AppData\Local\Temp ==== ====== Java Cache ===== 2015-09-06 10:43:01 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-1f62edc4 2015-09-06 10:43:01 6C98F94F0EF69B7348397BD248CB63DA 425 ----a-w- C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-09-06 10:43:00 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-57eb5c61 2015-09-06 10:43:04 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\47c58863-5100d0ee 2015-09-06 10:43:01 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Nick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-13a958c3 ====== C:\Windows\SysWOW64 ===== 2015-09-04 13:19:49 A396CE9FC7A4815C1B537B5BD25621F1 69416 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll 2015-08-24 13:58:45 FC0D46CEDD512BD18BC055D2AF6CEB2C 74000 ----a-w- C:\Windows\SysWOW64\bdsandboxuiskin32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-09-05 21:47:42 8265CD5C67D0A35DFC40F3D1A8AC994C 94656 ----a-w- C:\Windows\Sysnative\WPRO_41_2001woem.tmp 2015-08-24 14:01:27 FC0D46CEDD512BD18BC055D2AF6CEB2C 74000 ----a-w- C:\Windows\Sysnative\bdsandboxuiskin32.dll 2015-08-24 13:57:37 8612E569F2C1AE5D6DAC60B86AB8732E 84848 ----a-w- C:\Windows\Sysnative\BDSandBoxUISkin.dll 2015-08-24 13:57:37 2A45EA035B498EFF282658D15D3A11AC 33360 ----a-w- C:\Windows\Sysnative\BDSandBoxUH.dll ====== C:\Windows\Sysnative\drivers ===== 2015-09-05 15:10:41 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-09-05 15:10:37 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-09-05 15:10:37 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-09-05 15:10:37 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-09-04 13:19:49 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys 2015-08-24 13:58:48 50F796CB1E8C80F3D19435CB50C3DAB5 76944 ----a-w- C:\Windows\Sysnative\drivers\bdvedisk.sys 2015-08-24 13:58:45 9A9A632AA25D4B33BFA9D3202DEA0E87 93600 ----a-w- C:\Windows\Sysnative\drivers\BdfNdisf6.sys 2015-08-24 13:58:45 397307349A31F530718DAE781825A8EB 82824 ----a-w- C:\Windows\Sysnative\drivers\bdsandbox.sys 2015-08-24 13:58:42 A692B4E9773CD0BDCE99DEEB0AB5D3AC 271272 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys 2015-08-24 13:58:42 9845EF176613C9E325A1CA4B40925F69 1369288 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys 2015-08-24 13:58:42 1B25E559C0AE349206641C9DED74D02F 747120 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys 2015-08-24 13:57:37 06BFA49C4D999E93E214DB4E8044DE0B 160032 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys 2015-08-24 13:57:36 FE3D70DE933A481284FCE7D5DB5DCE50 477272 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys 2015-08-16 17:39:02 288471F132C7249F598032D03575F083 129472 ----a-w- C:\Windows\Sysnative\drivers\rzpnk.sys 2015-08-16 17:38:55 0C90E6CEA576095888E779E5BD9DD060 37184 ----a-w- C:\Windows\Sysnative\drivers\rzpmgrk.sys 2015-08-16 00:03:38 23860E0BE05DF15970B9C0A141076080 11076216 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2015-08-12 09:34:08 B2081803D510DCE174992BA880EDCA70 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-08-12 09:34:08 97687971F9CB30E2633DE0F1296B9F61 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-08-12 09:34:08 67A1743377EBB5D9A370A8C2086CFDCC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-08-12 09:34:08 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2015-08-12 09:34:08 552FA62B0EFECD22D8D52499324BCA4F 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-08-12 09:34:08 522A1595D5701800DD41B2D472F5AAED 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-08-24 14:02:04 C96425705CA9873C1BFE3C72B709B4CC 3518 ----a-w- C:\Windows\Sysnative\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-09-05 14:46:29 -------- d-----w- C:\Program Files\trend micro 2015-08-25 13:21:53 -------- d-----w- C:\Program Files\iTunes 2015-08-25 13:21:53 -------- d-----w- C:\Program Files\iPod 2015-08-24 14:02:04 -------- d-----w- C:\Program Files\Common Files\AV ======= C:\PROGRA~2 ===== 2015-09-06 10:39:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-08-28 16:23:08 -------- d-----w- C:\PROGRA~2\STMicroelectronics ======= C: ===== 2015-08-24 13:59:01 F9390058A7600E573330D15AF9943860 684 ---ha-w- C:\bdr-cf03 2015-08-24 13:58:32 D34B0B8AA91C481E5EC4F4AC8A9E40AC 49626058 ---ha-w- C:\bdr-im03.gz 2015-08-24 13:58:32 C7FD70F69C7792256EED17FBDD83484F 3271472 ---ha-w- C:\bdr-bz03 2015-08-24 13:58:32 BE281EFBD143463151649D4A3D552524 253404 ---ha-w- C:\bdr-ld03 2015-08-24 13:58:32 2FF5E9F6C9AE0D2CB3C905913AA1210D 9216 ---ha-w- C:\bdr-ld03.mbr ====== C:\Users\Nick\AppData\Roaming ====== 2015-09-06 10:39:25 -------- d-----w- C:\Users\Nick\AppData\Roaming\Sun 2015-09-06 10:39:00 -------- d-----w- C:\Users\Nick\AppData\Locallow\Oracle 2015-09-01 18:52:56 -------- d-----w- C:\Users\Nick\AppData\Roaming\LolClient 2015-08-25 13:15:27 -------- d-----w- C:\Users\Nick\AppData\Roaming\TaiG 2015-08-24 13:58:35 -------- d-----w- C:\Users\Nick\AppData\Roaming\Bitdefender 2015-08-16 17:38:56 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Razer ====== C:\Users\Nick ====== 2015-09-06 10:39:25 -------- d-----w- C:\Users\Nick\.oracle_jre_usage 2015-08-28 16:23:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STMicroelectronics 2015-08-25 13:22:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-08-24 13:59:27 FD9A8B615E9C2F25C11CB6CAD85EFCD9 536353 ----a-w- C:\ProgramData\1440424649.bdinstall.bin 2015-08-24 13:58:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015 2015-08-24 13:57:37 -------- d-----w- C:\ProgramData\Bitdefender ====== C: exe-files == 2015-09-06 10:39:19 E408E46C5DD2D03A7474AA12BAABEFEE 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\klist.exe 2015-09-06 10:39:19 D94C31E9C9C9A1273CC67DC6FFAF9984 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\policytool.exe 2015-09-06 10:39:19 BDFF5086FC1F20E631A070EEF43A7BEC 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\tnameserv.exe 2015-09-06 10:39:19 BC949C957CEB9FAFDF0F3949CDDF1A72 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe 2015-09-06 10:39:19 B9DE149653ED8B9C5C6CB68131AB66D2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jjs.exe 2015-09-06 10:39:19 B804A4E31F4BAD4D5BA05FE684756BA2 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\servertool.exe 2015-09-06 10:39:19 8C6BDB56CD4DEED1AF2790D37B54CFE9 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe 2015-09-06 10:39:19 86CC77A8189758834CF83F7F2FEA5162 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\java-rmi.exe 2015-09-06 10:39:19 7A0DE452F677EF2971C7B75B0267B6ED 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssvagent.exe 2015-09-06 10:39:19 7080B965215703EA1340C3C4903C7D73 274016 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe 2015-09-06 10:39:19 6A5A2FDB6D09E02A3283C55237DA10F6 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\unpack200.exe 2015-09-06 10:39:19 606A24A64E164B345A79F8F22A5DAC6F 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\pack200.exe 2015-09-06 10:39:19 5DC0128E8A2017E82289191820C736A5 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaw.exe 2015-09-06 10:39:19 5A503CFE5B553A9721A469FCC9CE8562 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmiregistry.exe 2015-09-06 10:39:19 3292748E640429C2682484BD23D43F6B 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\rmid.exe 2015-09-06 10:39:19 30387BE3E5D04FE969B731441C89D2D8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\ktab.exe 2015-09-06 10:39:19 262BBCE84B9C8784CC5A5E1975898022 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jabswitch.exe 2015-09-06 10:39:19 21B5D297A9191E4D833BB39456CEDAD0 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\kinit.exe 2015-09-06 10:39:19 0FCF9F3D9518B90FB58CC950FA33998C 76896 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2launcher.exe 2015-09-06 10:39:19 0F6E0DD1263ACB2A1AC559BB7742B54D 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\keytool.exe 2015-09-06 10:39:19 08427EADE480F21412696582170B1167 16480 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\bin\orbd.exe 2015-09-05 22:29:16 941933D32103C8740F41915110B0F428 43325520 ----a-w- C:\Program Files (x86)\Google\Update\Install\{39D7E8A0-F345-4616-A372-64BEAD8845B8}\45.0.2454.85_chrome_installer.exe 2015-09-05 22:29:15 941933D32103C8740F41915110B0F428 43325520 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.85\45.0.2454.85_chrome_installer.exe 2015-09-05 14:46:33 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Nick.exe 2015-09-05 14:39:32 06CFCD864C25DBC2F4CED85066459355 8702032 ----a-w- C:\Program Files (x86)\Google\Update\Install\{E2B388DB-74B7-48D3-B4A9-FF6462E3985C}\45.0.2454.85_44.0.2403.157_chrome_updater.exe 2015-09-05 14:39:32 06CFCD864C25DBC2F4CED85066459355 8702032 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.85\45.0.2454.85_44.0.2403.157_chrome_updater.exe 2015-09-04 13:23:35 E2CD6F76B2E57B3D61DC21FB58A5EC10 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe 2015-09-04 13:23:35 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateSetup.exe 2015-09-04 13:23:35 0ECB154C98DD6A404B7DEB62C7425F60 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateBroker.exe 2015-09-04 13:23:35 000975A5E8399A6EB7104A31DA947279 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe 2015-09-04 13:23:30 DD7423ABBE2913E70D50E9318AD57EE4 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdate.exe 2015-09-04 13:23:30 93EA3D9300F9A4B29D12A60D50142D5B 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe 2015-09-04 13:23:30 3ED2B00729E2D4F974C1418F1B2CDF60 245064 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe 2015-09-04 13:23:30 042ED5CED9032D093CACF785BFA39D65 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe 2015-09-04 13:23:26 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Install\{7C4E6BCD-39BD-45F9-ACB0-39A2AC06A4F4}\GoogleUpdateSetup.exe 2015-09-04 13:23:26 A981DE48BF7865E0ABE97612FAE8ECC9 929360 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe 2015-09-04 13:20:36 F060987DA6083CF0EAD43907DCBAB6E1 522192 ----a-w- C:\Users\Nick\AppData\Local\NVIDIA\NvBackend\Packages\00007d9b\CoProc update.19931949.exe 2015-09-04 13:19:45 5B886015E9D392FB2BFC2C93F7FF16F2 1872504 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{11F68450-DE6C-4D51-A8E2-B03BE43A9BBF}\NVNetworkService.exe 2015-08-30 11:14:48 4BD7C5B88905E90EBDC57704A672A714 519712 ----a-w- C:\Users\Nick\AppData\Local\NVIDIA\NvBackend\Packages\00007d4e\CoProc update.19911096.exe === C: other files == 2015-09-06 10:39:19 4E221C69F3B103481534D1B6CB6A90DD 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_60\lib\deploy\ffjcext.zip 2015-09-05 15:10:41 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-09-05 15:10:37 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-09-05 15:10:37 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-09-05 15:10:37 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-09-04 13:19:49 C2A9985C97DF5946AEAE7C001625410C 44840 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{22832C2A-7BF2-4D1E-839A-7B1AE824C8DC}\nvvad32v.sys 2015-09-04 13:19:49 9D9CAD70EA640AB8D3EB77BFAE6CABE2 28344 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{7181F641-1A48-4A79-996D-835FD83BC63A}\NVSWCFilter64.sys 2015-09-04 13:19:49 7ABD081BB7A1A8CF7E3B1E64183AB812 24760 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{7181F641-1A48-4A79-996D-835FD83BC63A}\NVSWCFilter32.sys 2015-09-04 13:19:49 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys 2015-09-04 13:19:49 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{22832C2A-7BF2-4D1E-839A-7B1AE824C8DC}\nvvad64v.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2362421678-1093722855-3624652776-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISPMonitor"="C:\Users\Nick\Downloads\isp.exe" "Growl"="C:\Program Files (x86)\Growl for Windows\Growl.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Xpadder"="D:\Xpadder\Xpadder.exe /m" "$Volumouse$"="C:\Program Files (x86)\Nirsoft\volumouse-x64\volumouse.exe /nodlg" "GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "Spotify Web Helper"="C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XFastUSB"="C:\Program Files (x86)\XFastUSB\XFastUsb.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "PowerDVD14Agent"="C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISPMonitor"="C:\Users\Nick\Downloads\isp.exe" "Growl"="C:\Program Files (x86)\Growl for Windows\Growl.exe" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Xpadder"="D:\Xpadder\Xpadder.exe /m" "$Volumouse$"="C:\Program Files (x86)\Nirsoft\volumouse-x64\volumouse.exe /nodlg" "GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "Spotify Web Helper"="C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BitTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Nick\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrowserPlugInHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrowserPlugInHelper" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Wondershare\\Video Converter Ultimate\\BrowserPlugInHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ESL Wire] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ESL Wire" "hkey"="HKCU" "command"="\"C:\\Program Files\\EslWire\\wire.exe\" --tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudServices" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Live Update 5] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Live Update 5" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\MSI\\Live Update 5\\BootStartLiveupdate.exe /reminder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveUpdate 5] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LiveUpdate 5" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\MSI\\Live Update 5\\BootStartLiveupdate.exe /reminder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nvtmru] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nvtmru" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\nvtmru.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerDVD13Agent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PowerDVD13Agent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD13\\PowerDVD13Agent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Razer Synapse" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RGSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RGSC" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THX TruStudio NB Settings] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="THX TruStudio NB Settings" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Creative\\THX TruStudio\\THXNBSet\\THXAudNB.exe\" /r" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THXCfg64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="THXCfg64" "hkey"="HKLM" "command"="C:\\Windows\\system32\\RunDLL32.exe C:\\Windows\\system32\\THXCfg64.dll,RunDLLEntry THXCfg64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\Windows\\UpdReg.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wondershare Helper Compact.exe" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Xvid" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe" ==== Startup Folders ====================== 2014-12-31 11:06:11 1083 ----a-w- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk 2015-06-03 08:50:20 1131 ----a-w- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2014-01-27 00:01:01 1127 ----a-w- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snarl.lnk 2013-05-15 17:38:02 944 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XboxExt - Snelkoppeling.lnk 2013-05-15 17:42:02 618 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xpadder - Snelkoppeling.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 19:38] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2015 15:23] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2015 15:23] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Asrsetup" [E:\ASRSetup.exe] "C:\Windows\SysNative\tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8" [C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\Windows\SysNative\tasks\zASRockInstantBoot" [C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe] "C:\Windows\SysNative\tasks\{31207FCA-6B68-4E1A-BFD9-D98B192C9C55}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{32DFB6CB-4B96-403B-9376-2D6E1F318981}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/6.2.59.106/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{A5126D39-6492-4856-9D9E-5C975D61E6D9}" [C:\Program Files (x86)\Rayman Legends\Rayman Legends.exe] "C:\Windows\SysNative\tasks\{C7186394-AFC9-4710-B55B-1A73C03543FB}" [C:\Program Files (x86)\Rayman Legends\Rayman Legends.exe] "C:\Windows\SysNative\tasks\{D7D690D0-6B7B-49B4-A7D5-B37D34E47234}" [C:\Program Files (x86)\Rayman Legends\Rayman Legends.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff" [22/06/2015 16:41] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [22/06/2015 16:41] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\8e1igna2.default - Widevine Media Optimizer - %ProfilePath%\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} - YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\8e1igna2.default EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.85 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fabcmochhfpldjekobfaaggijgohadih - No path found[] Magic Actions for YouTube - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif Google Docs - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Tampermonkey - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo Bitdefender Wallet - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih Stylish - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe Google Docs Offline - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Stylebot Social - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpdafpkbjghohkfkfmkcfcmmnbnaa SoundCloud Sorter - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nligpjaegfdmckodpadnlhpbjimpiclp Chrome Web Store Payments - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Account Chooser Cleaner - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnholibdjbipglnkhalmlomjidbflcph SoundCloudNav - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopkchcbhjjeaacnipimcelfchiifaip ClickClean App - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp Outlook.com - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge Gmail - Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savegame-download.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_savegame-download.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savemygame.fr_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.savemygame.fr_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_media.mtvnservices.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_online.profacts-research.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_online.profacts-research.com_0.localstorage-journal deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.profacts-research.com_0.localstorage deleted successfully C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.profacts-research.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserPlugInHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate 5 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD13Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PowerDVD14Agent] "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ISPMonitor] C:\Users\Nick\Downloads\isp.exe O4 - HKCU\..\Run: [Growl] C:\Program Files (x86)\Growl for Windows\Growl.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Xpadder] "D:\Xpadder\Xpadder.exe" /m O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files (x86)\Nirsoft\volumouse-x64\volumouse.exe" /nodlg O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B9D48092DF53DE2F032C3C1B28E5E1A1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Nick\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O4 - Startup: AudioSwitch.lnk = C:\Program Files (x86)\AudioSwitch\AudioSwitch.exe O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Snarl.lnk = C:\Program Files (x86)\full phat\Snarl\snarl.exe O4 - Global Startup: XboxExt - Snelkoppeling.lnk = Nick\Desktop\XboxExt.exe O4 - Global Startup: Xpadder - Snelkoppeling.lnk = C:\Users\Nick\Desktop\Xpadder\Xpadder.exe O8 - Extra context menu item: Afbeelding knippen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 O8 - Extra context menu item: Afbeelding opnemen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 O8 - Extra context menu item: Bladwijzer knippen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Kopieer selectie - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 O8 - Extra context menu item: Kopieer URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 O8 - Extra context menu item: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html O8 - Extra context menu item: Pagina opemen - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files (x86)\ISP Monitor\ISPMonitorSrv.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\8e1igna2.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=132 folders=48 31177544 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Nick\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== EOF on zo 06/09/2015 at 13:04:01,82 ======================