Code:
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Diton Shkreli on 15.05.2013 at 21:47:29,58.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Users\Diton Shkreli\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9312D118-6419-4C6A-A709-9AA0106B6E9C} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\Windows\Launcher.exe" deleted
"C:\Windows\Syswow64\sho1805.tmp" deleted
"C:\Windows\Syswow64\sho230C.tmp" deleted
"C:\Windows\Syswow64\sho23A8.tmp" deleted
"C:\Windows\Syswow64\sho258B.tmp" deleted
"C:\Windows\Syswow64\sho3287.tmp" deleted
"C:\Windows\Syswow64\sho3BF8.tmp" deleted
"C:\Windows\Syswow64\sho3CD2.tmp" deleted
"C:\Windows\Syswow64\sho4E02.tmp" deleted
"C:\Windows\Syswow64\sho533E.tmp" deleted
"C:\Windows\Syswow64\sho63B2.tmp" deleted
"C:\Windows\Syswow64\sho6400.tmp" deleted
"C:\Windows\Syswow64\sho6CF5.tmp" deleted
"C:\Windows\Syswow64\sho6E6C.tmp" deleted
"C:\Windows\Syswow64\sho6E8E.tmp" deleted
"C:\Windows\Syswow64\sho7762.tmp" deleted
"C:\Windows\Syswow64\sho87C6.tmp" deleted
"C:\Windows\Syswow64\sho895B.tmp" deleted
"C:\Windows\Syswow64\sho8D15.tmp" deleted
"C:\Windows\Syswow64\sho90E9.tmp" deleted
"C:\Windows\Syswow64\sho9658.tmp" deleted
"C:\Windows\Syswow64\sho9C9F.tmp" deleted
"C:\Windows\Syswow64\sho9D0D.tmp" deleted
"C:\Windows\Syswow64\sho9D96.tmp" deleted
"C:\Windows\Syswow64\shoA333.tmp" deleted
"C:\Windows\Syswow64\shoA86F.tmp" deleted
"C:\Windows\Syswow64\shoAE8D.tmp" deleted
"C:\Windows\Syswow64\shoBBA2.tmp" deleted
"C:\Windows\Syswow64\shoBE03.tmp" deleted
"C:\Windows\Syswow64\shoC758.tmp" deleted
"C:\Windows\Syswow64\shoD4C1.tmp" deleted
"C:\Windows\Syswow64\shoD74D.tmp" deleted
"C:\Windows\Syswow64\shoE85C.tmp" deleted
"C:\Windows\Syswow64\shoF25B.tmp" deleted
"C:\Windows\Syswow64\shoF8DF.tmp" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Flock" deleted
"C:\Program Files (x86)\HomeTab" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\GoforFiles" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\eDownload" deleted
"C:\Users\Diton Shkreli\AppData\Local\CRE" deleted
"C:\Users\Diton Shkreli\AppData\Local\APN" deleted
"C:\Users\Diton Shkreli\AppData\Local\DownloadGuide" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\HomeTab" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\AskToolbar" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-13 19:39:56 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-05-13 19:39:56 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-05-13 19:39:56 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-05-13 19:39:56 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-05-13 19:39:56 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\DITONS~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 13:10:39 26F30066B9FA78C97A0E92803D496211 12324864 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-05-15 13:10:37 BAC6BA11D60205F91797329817168B70 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 13:09:43 EB776FA63947CB30EC24A71EAFC2D618 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 13:09:43 4B185E9743BFF0DFC905911C4FABAB05 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-05-15 13:09:42 9649C970BFFA54F66E77FC18AC9B6BF4 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:09:42 6B07400F62998EB6970807C0A69CF152 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-05-15 13:09:41 DFD966309C42287C731428258BCA997F 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 13:09:41 B64259DE087A5FB227D50F476B466735 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-05-15 13:09:41 AFAF17FF419BA7E47412AD720ABBEC23 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-05-15 13:09:41 61AE3CFCD6EFDA9EADAB6B87CD6BC7DC 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:40 36AD48C975F88D302C1F824987D691CA 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 13:09:40 2C96B3921B4CDE10DBAED5AAD760DB67 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-05-15 13:09:39 9E254EC51F63C38C3FE4DF83E5CE42CE 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 13:09:39 5123EBB7008E8BC0F016CBECAE2A52C3 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-05-15 13:09:39 03CB321720B8607C9BF38B8057E1EE29 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-05-15 13:09:35 054211C307009F31BAF47CF046D48D42 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-05-15 11:42:17 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-05-15 11:42:17 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll
2013-05-15 11:42:17 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 13:10:37 955A6E94C2728F2A647BAB24F2A0B0D6 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-05-15 13:10:37 7212340908E00AD2F28E58EA04CEB852 17818624 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-05-15 13:09:43 7A2E6DFEB8F800233FED8D5484306C7D 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-05-15 13:09:42 2801567C850F1696D53C5E2CD1AE569A 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-05-15 13:09:41 F28D84112B79212FE84366A4EA517C87 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-05-15 13:09:41 8FECD64E4FA72FE8A85731CD5E840297 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-05-15 13:09:41 4E468ED6298FA175A3F2EA7098D91225 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-05-15 13:09:41 47BC290F4400C1741B1F26429A352C60 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-05-15 13:09:41 429597553FE585EECB03C8485D45FE7A 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-05-15 13:09:41 420C9E418CECC3B0DBF5B9BB914F8D0D 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-05-15 13:09:40 C1B443AAB0FC3C98C868B4F804DFD520 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-05-15 13:09:40 563C71A913CAC0C3DE5FFCD36EDB43A0 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-05-15 13:09:40 05A140843C0A768AFAAF443238C6340C 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-05-15 13:09:39 51BBFA26DA948738E64B23802E325E04 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-05-15 13:09:39 36A7EEDB4155B1EA04A53C0FFE93C2EE 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-05-15 13:09:36 F5C9C0C541AE814AED6ED959C1F26423 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-05-15 11:42:26 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll
2013-05-15 11:42:24 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2013-05-15 11:42:24 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-05-15 11:42:24 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll
2013-05-15 11:42:18 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-05-15 11:42:18 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
2013-05-15 11:42:17 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe
2013-05-15 11:42:17 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll
2013-05-15 11:42:17 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 18:15:49 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys
2013-05-15 11:42:26 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 11:42:26 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-04-24 11:40:16 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
2013-05-15 13:23:18 FA7526FE1C96B6F6D26CEFD46A2DA101 1124 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 13:23:16 920870103160F2880FA0500B906FE2E4 1120 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-15 18:14:41 -------- d-----w- C:\Program Files (x86)\Avira
2013-05-14 15:55:57 -------- d-----w- C:\Program Files (x86)\EA Games
2013-05-12 16:44:33 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-04-28 09:09:17 -------- d-----w- C:\Program Files (x86)\Common Files\soft Xpansion
2013-04-28 09:08:42 -------- d-----w- C:\Program Files (x86)\Common Files\Freemium
2013-04-27 06:00:27 -------- d-----w- C:\Program Files (x86)\Google
2013-04-20 10:03:23 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
======= C: =====
2013-05-15 11:32:35 F198354369DF18F3CEC485E97315E209 1013 ----a-w- C:\AdwCleaner[S2].txt
2013-05-15 11:32:16 5B0A6BA2B8CF8AA82B2DA6CBAEE0524A 952 ----a-w- C:\AdwCleaner[R1].txt
2013-05-13 17:55:04 EAFA01EC3EA13F3B03785C6F528021CC 34883 ----a-w- C:\AdwCleaner[S1].txt
====== C:\Users\Diton Shkreli\AppData\Roaming ======
2013-05-15 18:20:39 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\Avira
2013-05-14 14:25:21 -------- d-----w- C:\users\Public\AppData\Local\temp
2013-05-14 14:25:21 -------- d-----w- C:\users\Default\AppData\Local\temp
2013-05-14 14:25:21 -------- d-----w- C:\users\Default User\AppData\Local\temp
2013-05-12 16:44:33 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2013-05-09 10:09:11 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-03 17:06:38 -------- d-----w- C:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54:11 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\GoPlayer
====== C:\Users\Diton Shkreli ======
2013-05-15 18:15:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2013-05-15 18:14:41 -------- d-----w- C:\ProgramData\Avira
2013-05-15 13:24:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-05-13 19:59:03 -------- d-----w- C:\Users\Public\AppData
2013-05-13 12:51:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2013-05-11 16:37:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
2013-04-28 09:08:40 -------- d-----w- C:\ProgramData\Freemium
====== C: exe-files ==
2013-05-15 18:55:46 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Diton Shkreli\Downloads\SystemLook_x64.exe
2013-05-15 18:14:43 64140E3954710DD7CA9F097252E382CA 88288 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe
2013-05-15 18:14:42 F0096413AD44007EAF651171A625CEE9 181984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe
2013-05-15 18:14:42 EDAE538F742A20D0E4DBEAD2FA6136F2 58080 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe
2013-05-15 18:14:42 D9A92E6DD41C5ADC045AE485026AA40C 86752 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2013-05-15 18:14:42 C67EBE5C9DA7462D2FF6394979D06EA2 91872 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe
2013-05-15 18:14:42 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-15 18:14:42 AD74CCA501DA08EF395E520D9C258F81 5655248 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe
2013-05-15 18:14:42 9F5DEC0A6FB856A405567A662F9F3E0D 147512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe
2013-05-15 18:14:42 9EDAE2D1CA368E8D01BEE8BFBC9488E4 562744 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2013-05-15 18:14:42 93A912072351DFEF975F12EFAD18BD9F 145096 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe
2013-05-15 18:14:42 8C2C2E5119E844B43085CBC73106754B 597560 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
2013-05-15 18:14:42 8431C70B4F671C3D95EDBDED05FAE755 456928 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe
2013-05-15 18:14:42 7D9DA7DF9535859A4EFC16F69BFE4A8A 83680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
2013-05-15 18:14:42 79AC9425C345302914EC0DEF25C2DA94 764984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe
2013-05-15 18:14:42 715A90A0E5FC7F59DCD4C233ED492F4A 98544 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe
2013-05-15 18:14:42 6F2974248B974B6DE037A6C682B59414 248032 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2013-05-15 18:14:42 6A510E9EC1684D05CC982636B14754CA 330976 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
2013-05-15 18:14:42 66A7A38F7C439153B758548375EB9E5E 110816 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2013-05-15 18:14:42 63A5363103A02C654209E686EAF7F723 84704 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe
2013-05-15 18:14:42 5FF8FFD589DA25F43C4FE944A4B2AE0A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-15 18:14:42 5A06D4AA070B80464A272D67FCC5D7AF 285408 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
2013-05-15 18:14:42 51318B6FD70FEC60B3F51E6C8C6B720D 424504 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
2013-05-15 18:14:42 366D042446928E2BE7F053766E631D7E 636984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
2013-05-15 18:14:42 22DC787A09D2EC7E3F1138A26C41083C 46960 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
2013-05-15 18:14:42 14D4F782EF8E75C0785A093BE10F8FC6 232672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe
2013-05-15 18:14:42 14855274B4E742D704909C8F32734BA9 165512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
2013-05-15 18:14:42 12D4E394014C6A9EFB34D64AE4E64CE0 170864 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe
2013-05-15 18:14:42 020D1DB5DFB5E03A35777950463383FF 345312 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2013-05-15 18:11:38 71424EEA3BD5FE9D59A26678FBCEF601 102323272 ----a-w- C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de (1).exe
2013-05-15 18:08:55 94B4CCD762DD81910F3550AD57E326E5 49064248 ----a-w- C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de.exe
2013-05-15 17:13:55 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Diton Shkreli\Downloads\OTL.exe
2013-05-15 14:19:05 0CB35FD6B686774EC36FD664A34DF9F7 2577776 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
2013-05-15 14:18:50 E44DB89A8C72442BFE4A89966951B59D 880640 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstaller.exe
2013-05-15 14:18:31 09DDD983C900CF8A8F7E8FB1F7FD0FFC 17540096 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\BFHeroes.exe
2013-05-15 13:37:09 0CB35FD6B686774EC36FD664A34DF9F7 2577776 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbsvc_heroes.exe
2013-05-15 13:33:40 9C675E39F7FD76535D8C82EBD1F465AA 1784224 ----a-w- C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\BFHUpdater.exe
2013-05-15 13:24:40 88363B688206D0C89FB1DD926F074C42 33302880 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\26.0.1410.64\26.0.1410.64_chrome_installer.exe
2013-05-15 13:23:12 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-15 13:23:12 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-15 13:23:12 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2013-05-15 13:23:12 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-15 13:23:12 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-15 13:23:12 322803CD2E33DEA06E1983C36B8E8D3F 781816 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-15 13:23:12 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-15 13:09:41 A1B0DEC3BB845C6369F97BC1A3542A07 763504 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 13:09:41 61AE3CFCD6EFDA9EADAB6B87CD6BC7DC 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:41 47BC290F4400C1741B1F26429A352C60 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-15 13:09:41 3F00BE80B9CEA20B7FE7363D15EDDB94 757360 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-15 11:42:17 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-13 19:39:56 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-05-13 19:39:56 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-05-13 19:39:56 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-05-13 19:39:56 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-05-13 19:39:56 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2013-05-13 18:08:09 943236987A9346B8B9A5B649CD9059F2 700783 ----a-r- C:\Users\Diton Shkreli\Desktop\Cleans\dds+.exe
2013-05-13 17:54:38 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Users\Diton Shkreli\Desktop\Cleans\adwcleaner.exe
=== C: other files ==
2013-05-15 18:15:49 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-15 18:14:51 CE9E7F1EA07DCE9DF0BFE4A8B1B2EF78 196012 ----a-w- C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJGB3JJT\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0[1].crx
2013-05-15 18:14:42 E310FCBA8884EEBD9017C3D01B6D0BCF 100680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip
2013-05-15 18:14:42 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys
2013-05-15 14:18:50 F423BE66828D391FC9BA81D7FB6C9B89 2872597 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pylib-2.3.4.zip
2013-05-15 14:17:58 747EB481FF379E3F3853139E45E92A4B 52795611 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_client.zip
2013-05-15 14:16:09 DB2AB98A87255F4C8E519157FDA67363 8693477 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_client.zip
2013-05-15 14:16:09 C7FEF9DBBBF60D900D776AB471F0AFE3 718895 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Shaders_client.zip
2013-05-15 14:16:09 508799FF4F331AFA629626C1EED86CDD 1414462 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_server.zip
2013-05-15 14:16:09 29A750F3FFDBDDA0D41335357BF6F832 24604 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_server.zip
2013-05-15 14:16:09 2499DB0C12D4A083D3369BA045542EB0 31312 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_server.zip
2013-05-15 14:15:43 CC89140390B618FF14835EC51DFD43BE 54452 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_server.zip
2013-05-15 14:15:43 C12C8E01852566476FE24AF32CE5E5C1 16419115 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_client.zip
2013-05-15 14:15:14 10229E04920D32E099FF544968B9FE2F 212131543 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_client.zip
2013-05-15 14:09:52 3AD955980DEE15BD8448558A4A82FB49 126518058 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_client.zip
2013-05-15 14:09:52 08A5E89FBF7E84C01AFCD13864CF01A8 5542600 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_client.zip
2013-05-15 14:09:51 ED3CFC7B1A25F25717E4A8EB5D2C4FE7 468075 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_client.zip
2013-05-15 14:09:51 E8A054B7C39FED9190324F1E6FB11E53 19001 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_server.zip
2013-05-15 14:09:51 E7F565E509CE1288466DB8019DAB4883 973 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_server.zip
2013-05-15 14:09:51 DF5B5B7A3FB9E1B27D0375CC35F42667 1049209 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_server.zip
2013-05-15 14:09:51 25D9F4BEB5A89EDFC8C1C90AE6E012F8 2798899 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_server.zip
2013-05-15 14:04:59 F1D2B4686E6DC8FB2D061326E55B91AE 659 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_client.zip
2013-05-15 14:04:59 D3A2393AF7D087B5AB53B9F9EF4C2B72 5331 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_server.zip
2013-05-15 14:04:59 B837591F063106DDA1D6B73BF002A279 377947008 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_client.zip
2013-05-15 14:04:59 03D5C7589453FA0D8B4F63892C7728DD 6726762 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_server.zip
2013-05-15 13:55:07 F2CFB8248579CB9A8E21D5AF6815157B 7988467 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_client.zip
2013-05-15 13:55:07 27E33DC6E79076B19A874EAF1B709BBD 1753649 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_server.zip
2013-05-15 13:55:06 4B6159DDFDF5764C25A4202D6D383030 3916876 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_client.zip
2013-05-15 13:54:48 56D1BD9D0350C74A8CBB5C6F86B27290 16514084 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_client.zip
2013-05-15 13:54:48 4B53098321A42A5BF6A72D114F0353E2 117802 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_server.zip
2013-05-15 13:54:48 37754C87A5848000AD8C1C2C108FEB31 766992 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_client.zip
2013-05-15 13:54:47 545D91DC3756B655ECB1C1314E3BD15B 1332614 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_client.zip
2013-05-15 13:54:22 D2CF7CA03A7E7C785CD022769F34F687 827770 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_client.zip
2013-05-15 13:54:22 A811D0AD0EE3AA312A5BEC71E7AB3B19 209001 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_server.zip
2013-05-15 13:54:22 8FBF73270A4FE91D4E044EE99F3ED1E2 19354536 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_server.zip
2013-05-15 13:54:22 55065A50A9CF4D74EAA22B6122999409 1276302 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_server.zip
2013-05-15 13:54:22 4C4F8C0959EC4CAE52848422B5F6D64F 820256 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\server.zip
2013-05-15 13:53:48 CC14CFC0E4F2084340AE4AB08972C8C1 42494427 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\client.zip
2013-05-15 13:53:48 3592B1A5DEF92AA2E3363106525D94DA 190247 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\server.zip
2013-05-15 13:52:19 6AB09B4B836393AD6A640E78F97F89BD 415490 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\server.zip
2013-05-15 13:52:19 33B0903D1D3A3306C7F63341410DCF35 16262628 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\client.zip
2013-05-15 13:51:37 A8F90D5090CFBEB4A1925532EEDC9CD6 19851560 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\client.zip
2013-05-15 13:51:37 A3129E5F2F809CC9659C0F1FDEF961C9 93781 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\server.zip
2013-05-15 13:50:51 D7052DB31CC95404B0CCE1822C9D4D6C 204647 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\server.zip
2013-05-15 13:50:51 54CB3F751596133492E7E8556DFB3820 18060493 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\client.zip
2013-05-15 13:50:08 B108456F77628B401B82079D0F6944BE 26820 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\server.zip
2013-05-15 13:50:08 AB3B4343E497D02ED71C31BF7F7A5FC6 16420263 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\client.zip
2013-05-15 13:49:24 F5E9F5FEC73CC2AB8C680046AAA64541 28346 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\server.zip
2013-05-15 13:49:24 0F1463C60B60A3862AB5DE36D2860BF2 14968474 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\client.zip
2013-05-15 13:48:43 99EE41C55DB6CE88C76EA72AF52001E5 41525 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\server.zip
2013-05-15 13:48:43 1C71C52B1A7C2918265B4955170EB022 5263375 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\client.zip
2013-05-15 13:48:42 5138DE2F6FDF6298C3031C0304308C87 7054117 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\client.zip
2013-05-15 13:48:42 1B0E3E64A2060970FAA3092EA0289B7D 434161 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\server.zip
2013-05-15 13:48:13 F819C2112C2EEAC0A04118A33700CCE0 24567164 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\client.zip
2013-05-15 13:48:13 A25AF7133CE9730335F81EC889410AD2 34618 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\server.zip
2013-05-15 13:47:26 FE4DBA50287042EA06845C7821548D92 16494889 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\client.zip
2013-05-15 13:47:26 2A239362302D4FE4B8D78D1A527820B0 416774 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\server.zip
2013-05-15 13:46:53 FC245FBB7865AB8A826D23D860FA18E4 29843566 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\client.zip
2013-05-15 13:46:53 E2A8ED972ED29572F2FFA65CA4F0A430 320900 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\server.zip
2013-05-15 13:45:45 60BA9D5110CDF3EBF5D9D9219B230A80 22481239 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\client.zip
2013-05-15 13:45:45 0AD9EA12D64DF9B79AF5B5092108427D 111119 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\server.zip
2013-05-15 13:44:52 A657F2DF17F0D16E391267EB53CAEA3A 15743250 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\client.zip
2013-05-15 13:44:52 1379C638556D5B34913C4BEFD7582F89 35538 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\server.zip
2013-05-15 13:44:51 B18EC13DC42FAA9ED02D3FC1177EC412 2601451 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\client.zip
2013-05-15 13:44:51 65007DFB14A53CDE079289116FD21B8E 392002 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\server.zip
2013-05-15 13:44:02 A196CDEAE45A1B61163AF312BF7681AC 26261332 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\client.zip
2013-05-15 13:44:02 868719D979EF246E35948153D6B08924 207086 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\server.zip
2013-05-15 13:42:52 875798E12D638352334C2EAA448F4967 15256257 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\client.zip
2013-05-15 13:42:52 50E6DD519669A679936F77D05D51FCE7 114549 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\server.zip
2013-05-15 13:42:22 84D57914A68F047785A4D4820B180AF2 24768888 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\client.zip
2013-05-15 13:42:22 6B1DAD970C6AA29D2DB3C16DBE10A927 21708 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\server.zip
2013-05-15 13:41:34 E74CAB546A73815C61581DC789A194FE 22558659 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\client.zip
2013-05-15 13:41:34 3D9049B049F042A4B2D1631FD2929C28 259705 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\server.zip
2013-05-15 13:40:52 ABE4EBD3969CEEBD10B335F5377EADB4 51272 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\server.zip
2013-05-15 13:40:52 942612301C7D96E7EFA982D2C0F53DD8 17830826 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\client.zip
2013-05-15 13:40:20 C6AA1B75F4FE37FDC9D823005E174596 107377 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\server.zip
2013-05-15 13:40:20 B2C1B454EF969A3A49A4C4A239B6739E 11155609 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\client.zip
2013-05-15 13:40:20 836428EB445E7EE960A3468D78C1DF28 37361 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\server.zip
2013-05-15 13:40:20 1F2A8E7E3CE6FC3A3F76D6F4C9570269 6588412 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\client.zip
2013-05-15 13:39:49 F1F7ECE183F00EF3B57805F58115DDED 24290 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\server.zip
2013-05-15 13:39:49 EBCA16214BA105C714D6EE5C7D520289 25049823 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\client.zip
2013-05-15 13:38:54 AC762412FC8AD686B620BE3C7850251F 11833650 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\client.zip
2013-05-15 13:38:53 CCD2294B54ED42D52B69948FA6CE3DBF 33998 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\server.zip
2013-05-15 13:38:53 C12D94B072E2C4651BA07D6FEE8CF553 5671153 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\client.zip
2013-05-15 13:38:53 1E99B10E29D803A534554718ADF34172 251916 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\server.zip
2013-05-15 13:38:16 DD74460E70D4C949976DF3CD0D76B70E 14875285 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\client.zip
2013-05-15 13:38:16 CDF39A5C90F180F757C4B2E10CD59C66 242798 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\server.zip
2013-05-15 13:37:11 ED6DEBF9DE01E89634AA41A77307418A 22507213 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\client.zip
2013-05-15 11:42:26 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 11:42:26 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 11:42:24 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-12 16:56:00 9D9B0A6E6ADBDBF10822BE4E08FCD26B 886409 ----a-w- C:\Users\Diton Shkreli\Desktop\Sachen\Sachen\pbsetup.zip
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\Diton Shkreli\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ETDCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliPoint"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\ipoint.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliType Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliType Pro"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\itype.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 13:44]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Online HD TV - %ProfilePath%\extensions\onlinehdtv@onlinehd.tv.xpi
ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleting Files \ Folders ======================
"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaabfjnbeinlpljodiajipidiompfl - C:\Users\Diton Shkreli\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx[]
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[]
dkinklhnkmkhkhofcnapakaoehijaoih - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]
Battlefield Heroes - Diton Shkreli - Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
WiseConvert - Diton Shkreli - Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
==== Chrome Fix ======================
C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BE02333D-A334-4968-8C75-2CCAE540D285}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
ApnUpdater = "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM...CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM...CLSID} = Enterprise-Projekte
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{ACEF9F57-4DEF-4CC9-A2C0-7A158D967E63} = Device Center Control Panel Property Page
-> {HKLM...CLSID} = Device Center Property Page
\InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\cplredirector.dll [MS]
{653DCCC2-13DB-45B2-A389-427885776CFE} = Activities Control Panel Property Page
-> {HKLM...CLSID} = Activities Property Page
\InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\ipcplact.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{F764812A-132C-4013-9960-5CBBEB408A0E} = Nero Shell Extension
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
NeroExpress10CopyCD\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG]
NeroExpress10LaunchNE\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG]
WIA_{D31F5BA7-4DD3-4484-9EB5-CC2491EC9D79}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\WinZip\WINZIP32.EXE /wia;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe ARM -> launches: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Adobe Reader Speed Launcher -> launches: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe-Online-Aktualisierungsprogramm -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
Desk 365 RunAsStdUser -> launches: C:\Program Files (x86)\Desk 365\desk365.exe /autorun [file not found]
DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink]
Go for FilesUpdate -> launches: C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [file not found]
Google Updater and Installer -> launches: C:\Users\Diton Shkreli\AppData\Local\Google\Update\GoogleUpdate.exe /c [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Java Update Scheduler -> launches: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [Sun Microsystems, Inc.]
Microsoft_Hardware_Launch_devicecenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\devicecenter.exe [null data]
Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\ipoint.exe [MS]
Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\itype.exe [MS]
NBAgent -> launches: C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart [Nero AG]
Scheduled Update for Ask Toolbar -> launches: C:\Program Files (x86)\Ask.com\UpdateTask.exe [file not found]
Software Updater -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [null data]
Software Updater Ui -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [null data]
{44C18F0B-4A96-4F98-9CEC-25E8E21C77DE} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Downloads\Age-of-Empires.exe" -d "C:\Users\Diton Shkreli\Downloads" [MS]
{8760E898-A2E3-47DF-93BD-0458BBCAC0F8} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Desktop\Age of Empire\age\setup.exe" -d "C:\Users\Diton Shkreli\Desktop\Age of Empire\age" [MS]
C:\Windows\System32\Tasks\Browser Updater
Browser Updater -> launches: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Browser Updater\TBUpdater.dll",TBCheckForUpdate [MS]
C:\Windows\System32\Tasks\Games
UpdateCheck_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
-> {HKLM...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\System32\gameux.dll [MS]
-> {HKLM...Wow...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\SysWOW64\gameux.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\ProtectedSearch
Protected Search -> launches: "C:\Program Files (x86)\Protected Search\ProtectedSearch.exe" [file not found]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{6E80943C-847C-4447-B830-F94E7DCBBD4E}\
BandCLSID = {96edaac7-6183-4cb5-8823-b8b12d94f967}
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Avira Browser-Schutz, AntiVirWebService, "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [Avira Operations GmbH & Co. KG]
Avira Echtzeit-Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Nero Update, NAUpdate, "C:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG]
PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found]
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Diton Shkreli\AppData\Local\Mozilla\Firefox\Profiles\4tept9sc.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DITONS~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
Der Fehler kam nach dem Neustart immernoch :( |
WARNUNG für die MITLESER: 