Yes i am aware of that proxy. Should i remove it?
Zoek
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Hanks on 12/03/2014 at 21:43:48.60.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hanks\Desktop\zoek.exe [Scan all users] [Checkboxes used]
==== System Restore Info ======================
12/03/2014 9:47:12 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3E175943-F350-4FCB-AC63-EF80DF53E6C2} deleted successfully
HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B6BB0BF6-9D50-41B2-BB18-4C4C29D5195B} deleted successfully
HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D30735CE-9874-413B-80CF-316AECEBADF4} deleted successfully
HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\adcdbncfmkbfpamlgcjhifpjgcimbelm deleted
C:\Users\Hanks\AppData\LocalLow\{375035C6-1211-9E6F-5619-33488477672A} deleted
C:\Users\Hanks\AppData\LocalLow\{39311838-00E2-4617-C1CE-AF115769F910} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{791E9AF1-0A66-0CA1-3D5F-67FBE613C388} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{B46B61D7-E17C-8EAA-6489-16B7B4142A3A} deleted
C:\Users\Hanks\AppData\Local\Packages\windows_ie_ac_001\AC\{375035C6-1211-9E6F-5619-33488477672A} deleted
C:\Users\Hanks\AppData\Local\Packages\windows_ie_ac_001\AC\{39311838-00E2-4617-C1CE-AF115769F910} deleted
C:\Users\Hanks\AppData\Local\Packages\windows_ie_ac_001\AC\{E09DFBDA-AFC7-5C18-EF59-95B69D7CBFE7} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{791E9AF1-0A66-0CA1-3D5F-67FBE613C388} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{B46B61D7-E17C-8EAA-6489-16B7B4142A3A} deleted
C:\PROGRA~3\f40b70e458411ff3 deleted
C:\Users\Hanks\.android deleted
C:\PROGRA~2\VideoPlayerV3 deleted
C:\PROGRA~2\GreenTree Applications deleted
C:\PROGRA~2\COMMON~1\Spigot deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\search.sqlite deleted
C:\Support deleted
C:\Users\Hanks\AppData\Roaming\ExpressFiles deleted
C:\Users\Hanks\AppData\Roaming\pdfforge deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\SetApp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\YTD Video Downloader deleted
C:\Users\Hanks\AppData\Local\CRE deleted
C:\Users\Hanks\AppData\Local\SwvUpdater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted
C:\Users\Hanks\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\Tasks\Express FilesUpdate deleted
C:\prefs.js deleted
C:\END deleted
C:\Windows\Syswow64\SearchProtect deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\PROGRA~3\aeailogmkalmfpkkhbbhekkaleomhiam\aeailogmkalmfpkkhbbhekkaleomhiam.crx" deleted
"C:\PROGRA~3\aeailogmkalmfpkkhbbhekkaleomhiam\update.xml" deleted
"C:\PROGRA~3\aeailogmkalmfpkkhbbhekkaleomhiam" deleted
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\Hanks\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
[HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-2195304104-3253550614-2692493448-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"
"SonicMasterTray"="C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"ThreatFire"="C:\Program Files (x86)\ThreatFire\TFTray.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"RazerGameBooster"="C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="C:\Users\Hanks\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""
"hkey"="HKLM"
"item"="CLMLServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
"hkey"="HKLM"
"item"="RtHDVCpl"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
"item"="LOLRecorder"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LOLRecorder.lnk"
"backup"="C:\\Windows\\pss\\LOLRecorder.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\LOLREP~1\\LOLREC~1.EXE"
==== Startup Folders ======================
2013-11-29 00:43:05 2131 ----a-w- C:\Users\Hanks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Razer Game Booster.lnk
2011-04-02 04:48:03 2058 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
2011-11-18 20:18:29 2617 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/02/2014 09:46 AM]
C:\Windows\tasks\update-S-1-5-21-2195304104-3253550614-2692493448-1000.job --a------ C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [27/09/2013 01:37 PM]
C:\Windows\tasks\update-sys.job --a------ C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [27/09/2013 01:37 PM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [D:\not school\game related\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Razer_Game_Booster_AutoUpdate" [D:\not school\game related\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\update-S-1-5-21-2195304104-3253550614-2692493448-1000" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]
"C:\Windows\SysNative\tasks\update-sys" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"12x3q4@3244516.com"="C:\Program Files (x86)\Better-Surf\ff" []
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ebkjoejlimafghkdfnnnfmmcejbjkkda - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha844\ch\WebexpEnhancedV1alpha844.crx[]
icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx[]
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Hanks\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[]
mmifolfpllfdhilecpdpmemhelmanajl - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx[]
oagcdcllplilfaknhmkahfcjmecdccdi - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta619\ch\VideoPlayerV3beta619.crx[]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
iehjklkgijkjfcfmmjmjlmcccholamaf - C:\Users\Hanks\AppData\Local\CRE\iehjklkgijkjfcfmmjmjlmcccholamaf.crx[]
webbsave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Guest\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Guest\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Hanks\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Hanks\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
UUtuboeAdRReMoVVal - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeailogmkalmfpkkhbbhekkaleomhiam
Theme Creator - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc
Color Tiles Theme - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aombnbifgedckgnddlbmdeidonbmjnek
Sumo Paint - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod
AdBlock - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Wolfram|Alpha (Official) - Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp
webbsave - Hanks\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Hanks\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - Hanks\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - Hanks\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
webbsave - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad
webssave - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef
Webexp Enhanced - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkjoejlimafghkdfnnnfmmcejbjkkda
Domain Error Assistant - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
MixiDJ V45 - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf
Slick Savings - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Better Surf Plus - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl
BetterSrf - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
==== Chrome Fix ======================
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkjoejlimafghkdfnnnfmmcejbjkkda deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Hanks\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Hanks\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mbogbinkekfmfjpedjlchokehakenkad deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Hanks\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Hanks\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ofnlhlbfflemjlnpgpigmimlbigbljef deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeailogmkalmfpkkhbbhekkaleomhiam deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aeailogmkalmfpkkhbbhekkaleomhiam_0.localstorage deleted successfully
C:\Users\Hanks\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aeailogmkalmfpkkhbbhekkaleomhiam_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{3E175943-F350-4FCB-AC63-EF80DF53E6C2}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E175943-F350-4FCB-AC63-EF80DF53E6C2}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\470a8e7f-d44a-46a7-92e6-1972f34848a8 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a89ea3e8-6cb4-4097-866b-7cbf1e6d1874 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ebkjoejlimafghkdfnnnfmmcejbjkkda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oagcdcllplilfaknhmkahfcjmecdccdi deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2,
http://www.silentrunners.org/Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
LightShot = C:\Users\Hanks\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue [null data]
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVBg = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [Realtek Semiconductor]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe
AtherosBtStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [Atheros Commnucations]
AthBtTray = "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
IntelTBRunOnce = wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [MS]
MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
Nuance PDF Reader-reminder = "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [Nuance Communications, Inc.]
ASUSPRP = "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [ASUSTek Computer Inc.]
ASUSWebStorage = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [null data]
SonicMasterTray = C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [Virage Logic Corporation / Sonic Focus]
ATKOSD2 = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [ASUS]
ATKMEDIA = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [ASUS]
HControlUser = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [ASUS]
Wireless Console 3 = C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [null data]
UpdateLBPShortCut = "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [CyberLink Corp.]
UpdateP2GoShortCut = "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [CyberLink Corp.]
ThreatFire = C:\Program Files (x86)\ThreatFire\TFTray.exe [PC Tools]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
RazerGameBooster = C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun [Razer Inc.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
AsusWSShellExt_B\(Default) = {6D4133E5-0742-4ADC-8A8C-9303440F7190}
-> {HKLM...CLSID} = AsusWSShellExt_B64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]
AsusWSShellExt_O\(Default) = {64174815-8D98-4CE6-8646-4C039977D808}
-> {HKLM...CLSID} = AsusWSShellExt_O64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{d6044399-0b9e-4084-a9ac-c4b7c7800fcf} = FolderItem
-> {HKLM...CLSID} = ASUS WebStorage Drive
\InProcServer32\(Default) = mscoree.dll [MS]
{b1b96b20-da1d-4a3c-92c1-7229b32f2325} = BackupContextMenuExtension
-> {HKLM...CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]
{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
-> {HKLM...CLSID} = DesktopContext Class
\InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
-> {HKLM...CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
-> {HKLM...CLSID} = ContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
-> {HKLM...CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
{09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Outlook
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\MLSHEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
-> {HKLM...Wow...CLSID} = Outlook ???????
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\OLKFSTUB.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}\(Default) = FaceCredentialProvider64
-> {HKLM...CLSID} = FaceCredentialProvider64
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\SmartLogon\system\FaceCredentialProvider64.dll [ASUS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
-> {HKLM...CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]
PDFArchitectExtension\(Default) = {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9}
-> {HKLM...Wow...CLSID} = PDFContextMenuExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [pdfforge GmbH]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
BackupContextMenuExtension\(Default) = {b1b96b20-da1d-4a3c-92c1-7229b32f2325}
-> {HKLM...CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]
FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
-> {HKLM...CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\
PropertySheetExtension1\(Default) = {506d8021-4fcf-446f-bf22-2ad5c3c28109}
-> {HKLM...CLSID} = XPClient.FileSystemBrowser.PropertySheetExtension.PropertySheetExtension1
\InProcServer32\(Default) = mscoree.dll [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\shellext.dll [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
-> {HKLM...CLSID} = Ath_CopyHook
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
-> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
\InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
-> {HKLM...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
-> {HKLM...Wow...CLSID} = WinRAR
\InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Hanks\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]
P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]
Power2GoPlayCDAudioOnArrival\
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]
Startup items in "Hanks" & "All Users" startup folders:
-------------------------------------------------------
C:\Users\Hanks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Razer Game Booster -> shortcut to: C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [Razer Inc.]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
AsusVibeLauncher -> shortcut to: C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [null data]
FancyStart daemon -> shortcut to: C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [null data]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
ACMON -> launches: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [ASUS]
ASUS Live Update -> launches: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [null data]
ASUS P4G -> launches: C:\Program Files\P4G\BatteryLife.exe [ASUS]
ASUS SmartLogon Console Sensor -> launches: C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [ASUS]
ATKOSD2 -> launches: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [ASUS]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
Game_Booster_AutoUpdate -> launches: D:\not school\game related\Game Booster 3\AutoUpdate.exe /AUTORUN [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Razer_Game_Booster_AutoUpdate -> launches: D:\not school\game related\AutoUpdate.exe /AUTORUN [file not found]
SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS]
update-S-1-5-21-2195304104-3253550614-2692493448-1000 -> launches: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate [null data]
update-sys -> launches: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate [null data]
{66D68FE7-6DEA-4ED0-A72E-DDE616C71E0D} -> launches: C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ [MS]
C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
Microsoft Antimalware Scheduled Scan -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
MpIdleTask -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]
Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = ????(&R)
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
-> {HKLM...Wow...CLSID} = CIESpeechBHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = ????
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...Wow...CLSID} = ????(&R)
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate =
res://ieframe.dll/inprivate_win7.htm [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AFBAgent, AFBAgent, "C:\Windows\system32\FBAgent.exe" [ASUSTeK Computer Inc.]
ASLDR Service, ASLDRService, C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [ASUS]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
ATKGFNEX Service, ATKGFNEXSrv, C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [ASUS]
HP Network Devices Support, HPSLPSVC, C:\Windows\system32\svchost.exe -k HPService {C:\Users\Hanks\AppData\Local\Temp\7zS540B\hpslpsvc64.dll [Hewlett-Packard Co.]}
Intel(R) Turbo Boost Technology Monitor, TurboBoost, "C:\Program Files\Intel\TurboBoost\TurboBoost.exe" [Intel(R) Corporation]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Microsoft .NET Framework NGEN v4.0.30319_X86, clr_optimization_v4.0.30319_32, C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [MS]
Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation]
NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation]
PDF Architect Helper Service, PDF Architect Helper Service, "C:\Program Files (x86)\PDF Architect\HelperService.exe" [pdfforge GmbH]
PDF Architect Service, PDF Architect Service, "C:\Program Files (x86)\PDF Architect\ConversionService.exe" [pdfforge GmbH]
RzKLService, RzKLService, C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [Razer Inc.]
ThreatFire, ThreatFire, C:\Program Files (x86)\ThreatFire\TFService.exe service [PC Tools]
Wacom Professional Service, WTabletServicePro, C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [Wacom Technology, Corp.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MsMpSvc, Service
<<!>> PEVSystemStart, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MsMpSvc, Service
<<!>> PEVSystemStart, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]
pdfcmon\Driver = pdfcmon.dll [pdfforge GmbH]
<<H>>: Suspicious data at a browser hijack point.
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hanks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hanks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Hanks\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1489 folders=366 58953218 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hanks\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Hanks\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 12/03/2014 at 23:48:30.70 ======================