Zoek.exe v5.0.0.1 Updated 13-October-2015 Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sonia & Jasper\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 10/14/2015 1:10:57 PM Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Pinnacle Studio Plus deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"=- ==== Deleting Files \ Folders ====================== C:\8abaaf553665069b5707f3 deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-10-12 16:07:19 9B5533C4AF38759D167D5399E83B475F 17408 ------w- C:\Windows\Sysnative\drivers\ngiodriver_x64 ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-10-03 18:37:37 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-09-29 22:13:05 -------- d-----w- C:\PROGRA~2\SoulseekQt ======= C: ===== 2015-10-14 08:38:11 -------- d--h--w- C:\\OneDriveTemp\S-1-5-21-1535155601-2421706697-1459365258-1001 2015-10-03 18:37:50 E048499F435F4AA55AED0FF6B31F5BE9 22271 ----a-w- C:\\rsit\info.txt 2015-10-03 18:37:37 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\\Program Files\trend micro\Sonia & Jasper.exe 2015-10-03 18:37:37 -------- d-----w- C:\\Program Files\trend micro 2015-09-29 22:13:05 -------- d-----w- C:\\Program Files (x86)\SoulseekQt 2015-09-19 12:29:43 -------- d-----w- C:\\$Windows.~BT\NewOS 2015-09-19 12:29:42 -------- d-----w- C:\\$Windows.~BT\Work 2015-09-19 12:14:06 -------- d-----w- C:\\$Windows.~BT\LangPacks 2015-09-19 12:09:41 -------- d-----w- C:\\$Windows.~BT\Drivers 2015-09-19 12:00:51 -------- d-----w- C:\\$Windows.~BT\Updates 2015-09-19 10:16:57 -------- d-----w- C:\ProgramData\Package Cache 2015-09-19 10:16:57 -------- d-----w- C:\\ProgramData\Package Cache ====== C: exe-files == 2015-10-09 22:17:20 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.4\software_reporter_tool.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1535155601-2421706697-1459365258-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify Web Helper"="C:\Users\Sonia & Jasper\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Sonia & Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "OneDrive"="C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Sonia & Jasper\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1535155601-2421706697-1459365258-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "331BigDog"="C:\Program Files (x86)\USB Camera\VM331_STI.EXE" "Dolby Home Theater v4"="C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe -autostart" "MuteSync"="C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe" "Intelligent Touchpad"="C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe" "YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" "YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe /s" "UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0" "VeriFaceManager"="C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe" "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery" "CAPOSD"="C:\PROGRA~2\Lenovo\LENOVO~2\CAPOSD.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup" "Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Spotify Web Helper"="C:\Users\Sonia & Jasper\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "Facebook Update"="C:\Users\Sonia & Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "OneDrive"="C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Spotify"="C:\Users\Sonia & Jasper\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4724.0224" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.4726.0226" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" "Uninstall C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Sonia & Jasper\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" "AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "OnekeyStudio"="C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" "UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery" "Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" "EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe" "Lenovo EE Boot Optimizer"="C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynLenovoGestureMgr"="%ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll" ==== Startup Folders ====================== 2015-10-14 09:31:25 0 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk 2013-03-07 15:53:57 2014 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/14/2015 11:56 AM] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:25 PM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/29/2015 06:25 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Japson-Sonia & Jasper" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-1535155601-2421706697-1459365258-1001" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1535155601-2421706697-1459365258-1001Core" [C:\Users\Sonia & Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1535155601-2421706697-1459365258-1001UA" [C:\Users\Sonia & Jasper\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\{8FEF19E1-AD93-436A-BE33-6016DECACE15}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{D99C3D83-0289-42B3-84E5-B99C8A244D47}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{FB1F3C35-1D0C-492A-B789-E201598B3EC2}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2015-04-23 20:43:22 -------- d-----w- C:\PROGRA~3\HEMA Fotoservice 2015-09-19 10:16:57 -------- d-----w- C:\PROGRA~3\Package Cache ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [07/20/2015 09:43 PM] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=1 134849641 bytes) ==== EOF on Wed 10/14/2015 at 13:19:14.33 ======================