Zoek.exe v5.0.0.0 Updated 15-February-2014 Tool run by Casper C on vr 21/02/2014 at 16:17:50,96. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Casper C\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-02-21-145210.log 60361 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-962135306-890876683-2195260272-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} deleted successfully HKEY_USERS\S-1-5-21-962135306-890876683-2195260272-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritDesktop deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88be1aa9-6740-461c-9e3e-f35eb8fa741c}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\RightSurf not found C:\Program Files (x86)\Pirrit not found C:\Program Files (x86)\Ask.com not found C:\Users\Casper C\AppData\Roaming\BANDISOFT deleted "C:\Program Files (x86)\8hUninstall Allin1Convert.dll" deleted "C:\Program Files (x86)\8hres.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\msvcp100.dll" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\msvcr100.dll" not deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\PirritDesktop.exe" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\PirritService.exe" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\QtCore4.dll" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor\QtNetwork4.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted "C:\Users\Casper C\AppData\Local\PirritSuggestor" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-02-21 13:43:42 3D8233BEEA692257BB710257EEF00A77 1193938189 ----a-w- C:\Windows\MEMORY.DMP ====== C:\Users\CASPER~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-02-21 08:54:23 568C888D74169B679E4D9E1F4E7E75BD 523776 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-02-21 08:54:21 FC925BF83D0EA5E0E524F86E310D64F4 451072 ----a-w- C:\Windows\SysWOW64\msdrm.dll 2014-02-21 08:54:07 9F38E0E4F9EA7DD9E58C48B21F202B63 1419264 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-02-21 08:53:14 CB0AD586EA7C13AEF616848B64C5CC53 2032640 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2014-02-21 08:53:14 C7E96470AD5552C67092B073B667121B 3288576 ----a-w- C:\Windows\SysWOW64\d2d1.dll 2014-02-19 18:07:01 FFD94811DD4D65FFA5EF36B5C1432B06 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-02-19 18:07:01 E016BB18F1D978772EF5D1662E536372 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-02-19 18:07:01 952B209CA4A39FB67C9CF110B9855583 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-02-19 18:07:01 6733B2B5EEA3243E1B0FC5EABDA7223B 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-02-19 18:07:01 66A313E15312F666829D024235B1BA24 1140736 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-02-19 18:07:01 64AA1B23EFDF4B8776135C31B583D33A 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll 2014-02-19 18:07:01 5668E7858F32D61FA8750470FF07C9BA 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll 2014-02-19 18:07:01 1FF83D2BE92B40DAE234CF4236680B6E 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-02-19 18:07:00 FAF025218BF7A20BDD899C097B86E4A8 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-02-19 18:07:00 A66F7525EBF8530C495D10E742FCDA2B 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2014-02-19 18:07:00 71EB230269480E7F5F62E46261404B10 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-02-19 18:06:59 96484B4ED8FD9838692E3B5896C6DA61 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-02-19 18:06:45 5DC326473A638CC67EA5A4AF4C776BEB 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-02-19 18:06:45 2F867C9A274B4C731E3ADB9BAF3337C4 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-02-19 18:06:45 0AAE2EE5A85EA18E00079CAF359B9387 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-02-19 18:06:40 4098C722E878697489F0207108C8E0DA 14359040 ----a-w- C:\Windows\SysWOW64\mshtml.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-02-21 08:54:23 05F9C60AD29EDF12929663B1227D28F5 600064 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-02-21 08:54:21 9C6302820FEA434728A14B2E356A600A 583680 ----a-w- C:\Windows\Sysnative\msdrm.dll 2014-02-21 08:54:07 C93EC176F21B90D9B04661E134ECF984 1845248 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-02-21 08:53:14 D05FDB359808642231FC244CD06E8E4C 2238976 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2014-02-21 08:53:14 B9868B46EC3A67EF9B85B9437DB2CB65 3842560 ----a-w- C:\Windows\Sysnative\d2d1.dll 2014-02-19 18:07:01 4CA2A7EB74EB959C23E359887D617E69 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll 2014-02-19 18:07:00 EFC64446D5881A95674E04DFAC39AB7A 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-02-19 18:07:00 7A824F15114E3D34691946E0D2F58911 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-02-19 18:07:00 600FB9CB67C48F76C5ECE67E7B76D4B0 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-02-19 18:07:00 5F63553B55465358ED6B0ED241DB44CF 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-02-19 18:07:00 2D9B01CE9C1F93D047131175F4C07F7C 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll 2014-02-19 18:07:00 2ACDD6E1522DDA16D73F3E61A02EFCEB 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-02-19 18:06:59 F62A5D527794DCBC1F84B1976FB44244 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-02-19 18:06:59 56DDB27B59BDE8CA6C9D563D38BC4673 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2014-02-19 18:06:58 D5B3FD1A39B6EBFD65B260B1E0FAF7D0 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-02-19 18:06:58 B61F1163B0717D7781CBD140AF80D3BA 15403520 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-02-19 18:06:57 F75B88A57B3264914FD80462CB992F0C 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-02-19 18:06:57 90860E913075B03369BEB7B0B510DC2F 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-02-19 18:06:56 DBF5C7BFBAB5E01020E16156E2D5FEC3 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-02-19 18:06:55 1B59269891A17BD804F3F640A66F2A08 19274240 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-02-19 18:06:46 CB0DB3C57ED00FCDCDE7536CC505EF55 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-02-19 18:06:46 027D0EAECAC2358406A088EA218A47C0 3960320 ----a-w- C:\Windows\Sysnative\jscript9.dll ====== C:\Windows\Sysnative\drivers ===== 2014-02-21 08:54:24 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2014-01-29 09:58:35 9C9F56BC4D399454600845FC806C270C 440672 ----a-w- C:\Windows\Sysnative\drivers\aswNdisFlt.sys 2014-01-25 11:24:47 939C0FAE9CC0CDD69E6508BDE4C11FE5 39200 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys ====== C:\Windows\Tasks ====== 2014-02-21 10:26:09 9A386BC840E82E9D872F56338C442ADE 3594 ----a-w- C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-962135306-890876683-2195260272-1008 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-02-21 13:06:28 -------- d-----w- C:\Program Files\trend micro 2014-02-21 11:29:41 -------- d-----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2014-02-21 11:29:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard ======= C: ===== 2014-02-21 11:31:17 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Casper C\AppData\Roaming ====== 2014-02-21 14:50:34 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\papi\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\Kaka\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\hedev\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\Guy\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-02-21 14:50:34 -------- d-----w- C:\Users\Casper C\AppData\Local\Temp 2014-02-21 10:44:42 -------- d-----w- C:\Users\papi\AppData\Local\Diagnostics 2014-02-21 10:33:43 -------- d-----w- C:\Users\papi\AppData\Roaming\Origin 2014-02-21 10:33:42 -------- d-----w- C:\Users\papi\AppData\Local\Origin 2014-02-21 10:21:44 -------- d-----w- C:\Users\papi\AppData\Local\CyberLink 2014-02-21 10:21:34 -------- d-----w- C:\Users\papi\AppData\Locallow\Microsoft 2014-02-21 10:21:10 -------- d-----w- C:\Users\papi\AppData\Local\Power2Go8 2014-02-21 10:21:08 -------- d-----w- C:\Users\papi\AppData\Local\Adobe 2014-02-21 10:20:45 -------- d-----r- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-21 10:20:45 -------- d-----r- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-21 10:20:43 -------- d-----w- C:\Users\papi\AppData\Roaming\Adobe 2014-02-21 10:20:38 -------- d-----w- C:\Users\papi\AppData\Local\NVIDIA Corporation 2014-02-21 10:19:31 -------- d-----w- C:\Users\papi\AppData\Local\NVIDIA 2014-02-21 10:19:24 -------- d-----w- C:\Users\papi\AppData\Local\Packages 2014-02-21 10:19:22 -------- d-----w- C:\Users\papi\AppData\Roaming\Intel 2014-02-21 10:19:21 -------- d-s---w- C:\Users\papi\AppData\Roaming\Microsoft 2014-02-21 10:19:21 -------- d-----w- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-21 10:19:21 -------- d-----w- C:\Users\papi\AppData\Local\Microsoft Help 2014-02-21 10:19:21 -------- d-----w- C:\Users\papi\AppData\Local\Microsoft 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-15 17:36:13 -------- d-----w- C:\Users\Kaka\AppData\Locallow\Sun 2014-02-15 17:35:20 -------- d-----w- C:\Users\Kaka\AppData\Local\ESN 2014-02-15 17:32:08 -------- d-----w- C:\Users\Kaka\AppData\Local\Google 2014-02-15 17:31:22 -------- d-----w- C:\Users\Kaka\AppData\Roaming\Origin 2014-02-15 17:31:21 -------- d-----w- C:\Users\Kaka\AppData\Local\Origin 2014-02-15 17:31:10 -------- d-----w- C:\Users\Kaka\AppData\Local\Power2Go8 2014-02-15 17:31:09 -------- d-----w- C:\Users\Kaka\AppData\Local\Adobe 2014-02-15 17:30:45 -------- d-----w- C:\Users\Kaka\AppData\Roaming\Adobe 2014-02-15 17:30:43 -------- d-----w- C:\Users\Kaka\AppData\Local\NVIDIA Corporation 2014-02-15 17:29:38 -------- d-----w- C:\Users\Kaka\AppData\Locallow\Microsoft 2014-02-15 17:29:38 -------- d-----w- C:\Users\Kaka\AppData\Local\NVIDIA 2014-02-15 17:29:37 -------- d-----w- C:\Users\Kaka\AppData\Roaming\Intel 2014-02-15 17:29:37 -------- d-----w- C:\Users\Kaka\AppData\Local\Packages 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\AppData\Roaming\Microsoft 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\AppData\Local\Microsoft Help 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\AppData\Local\Microsoft 2014-02-14 17:09:23 -------- d-----w- C:\Users\Casper C\AppData\Local\PirritSuggestor 2014-02-01 10:02:37 -------- d-----w- C:\Users\Casper C\AppData\Locallow\Temp 2014-01-31 18:13:31 -------- d-----w- C:\Users\Casper C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player ====== C:\Users\Casper C ====== 2014-02-21 13:04:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Casper C\Desktop\RSITx64.exe 2014-02-21 13:03:45 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Casper C\Downloads\RSITx64.exe 2014-02-21 11:27:09 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Casper C\Downloads\SpyHunter-Installer.exe 2014-02-21 10:20:45 -------- d-----r- C:\Users\papi\Searches 2014-02-21 10:20:45 -------- d-----r- C:\Users\papi\Contacts 2014-02-21 10:19:22 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\papi\ntuser.ini 2014-02-21 10:19:21 -------- d--h--w- C:\Users\papi\AppData 2014-02-21 10:19:21 -------- d-----w- C:\Users\papi\Roaming 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Videos 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Saved Games 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Pictures 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Music 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Links 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Favorites 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Downloads 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Documents 2014-02-21 10:19:21 -------- d-----r- C:\Users\papi\Desktop 2014-02-15 17:30:46 -------- d-----w- C:\Users\Kaka\Searches 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\Roaming 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\Favorites 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\Documents 2014-02-15 17:29:36 -------- d-----w- C:\Users\Kaka\AppData ====== C: exe-files == 2014-02-21 15:16:52 0CF60946B4F9485B47DFE6C17F31F649 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-962135306-890876683-2195260272-1002\$IKQV1YA.exe 2014-02-21 14:23:06 9E66D07BD346C1128BAE0582C731C146 1284608 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-962135306-890876683-2195260272-1002\$RKQV1YA.exe 2014-02-21 13:06:28 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Casper C.exe 2014-02-21 13:04:18 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Casper C\Desktop\RSITx64.exe 2014-02-21 13:03:45 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Casper C\Downloads\RSITx64.exe 2014-02-21 11:27:09 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Casper C\Downloads\SpyHunter-Installer.exe 2014-02-21 10:58:55 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe 2014-02-21 10:58:55 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateSetup.exe 2014-02-21 10:58:55 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateBroker.exe 2014-02-21 10:58:54 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe 2014-02-21 10:58:54 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe 2014-02-21 10:58:54 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Casper C\AppData\Local\Google\Update\1.3.22.5\GoogleUpdate.exe 2014-02-21 10:58:52 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Users\Casper C\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe 2014-02-21 10:23:51 FF27ADE15F0A9D6A7CE2FAFF15FF887C 368024 ----a-w- C:\Users\papi\AppData\Local\NVIDIA\NvBackend\Packages\00005836\updatus.17888621_RUNASUSER.exe 2014-02-21 10:23:40 EB63BEF2EFC3884C288AE5F1454A2D32 3278528 ----a-w- C:\Users\papi\AppData\Local\NVIDIA\NvBackend\Packages\00005825\DAO.17882696.exe 2014-02-21 10:23:35 83926B7515969E04845717DBD9391581 299800 ----a-w- C:\Users\papi\AppData\Local\NVIDIA\NvBackend\Packages\000056f1\drsupdate.17662045_RUNASUSER.exe 2014-02-21 08:38:09 5A0E4A861C9117A96FAF7D79E6DBC312 42631680 ----a-w- C:\Program Files (x86)\Steam\SteamApps\downloading\104900\Binaries\Win32\DinoHordeGame.exe 2014-02-21 08:37:57 C89045F7235F33C19C398E7D184B44D3 79872 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vrad.exe 2014-02-21 08:37:53 6BAD1511E78D8D39B99C0A189544E9CB 70144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vvis.exe 2014-02-21 08:37:52 E9F15A88E0BDD87B4647C2420621580C 69632 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vtex.exe 2014-02-21 08:37:52 9FE550D65179455C3DBC00765DF7FE05 88768 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe 2014-02-21 08:37:45 DE17E4FF05EADB7CFB43AC56ABB36855 79360 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\shadercompile.exe 2014-02-21 08:37:37 7D74DA2BAB4A7C0452CA9E7948BF441F 133120 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\splitskybox.exe 2014-02-21 08:37:23 1866659F411442B8D34637E6AE5B2E2E 144896 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hammer.exe 2014-02-21 08:37:19 3DC3B58921BA81F96F616A0ED3A64768 197120 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\glview.exe 2014-02-21 08:37:13 98D05857E3EE965BC6035DF0968A1275 178176 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\captioncompiler.exe 2014-02-21 08:36:23 F97BE1DA8151D9D590325BC361C831BF 301056 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\motionmapper.exe 2014-02-21 08:36:23 D68B0C3099109966F4DFDDA692346B06 1640960 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrcmd_x64.exe 2014-02-21 08:36:23 CB42062135E28F1D2A64EC25E35C0ECD 1260032 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrcmd.exe 2014-02-21 08:36:23 C2B857123B47278EFD5B205C52B28E1E 564224 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmxconvert.exe 2014-02-21 08:36:23 B80C2C49B80F5B9CBF54BCEBEEC56038 700928 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\mksheet.exe 2014-02-21 08:36:23 ABA364B5008021FB6CB78F83C8918B70 1912832 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\studiomdl.exe 2014-02-21 08:36:23 AA35BA76D087143CA1CF2CBB80D1294A 2737664 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\qc_eyes.exe 2014-02-21 08:36:23 A9BCDFA6EA997E15B52D4861227BDF09 1285632 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\OpenVR\bin\vrserver.exe 2014-02-21 08:36:23 A619127336B1E9868900A721D0BB9276 1453568 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vbsp.exe 2014-02-21 08:36:23 98D370ACEFE21C258148BA15DAD20FE6 656384 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vpk.exe 2014-02-21 08:36:23 82CA83CB393780B79982A0801339C6BA 713728 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vtf2tga.exe 2014-02-21 08:36:23 6D9C5D06990CBA9D900115381D7B5AD1 698880 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\height2ssbump.exe 2014-02-21 08:36:23 66702D459DF3B1E8EE3AE94ACC57A72A 683008 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\normal2ssbump.exe 2014-02-21 08:36:23 5E329EED96815E3BE28207DC42E0E45C 417792 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\vbspinfo.exe 2014-02-21 08:36:23 571525544112965278A43B50AB0803F4 630272 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\pfm2tgas.exe 2014-02-21 08:36:23 527E41A3BEF3559AF3DE490EB1B91CAE 1696768 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\dmxedit.exe 2014-02-21 08:36:23 44F0C2CCFBAA775BEECEF37BB9C65957 687104 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\height2normal.exe 2014-02-21 08:36:23 2EF52AC89D2500EC14AF5F9E67ABAF4D 1670144 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hlfaceposer.exe 2014-02-21 08:36:23 2928EC67A0CBC2AFADAA2EE6B7F7CF06 3236352 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\elementviewer.exe 2014-02-21 08:36:23 25D04F25E05A4782938FF2F92B47035E 424960 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\bspzip.exe 2014-02-21 08:36:23 0E62F25032A0EF17FCFBB28D942C7FAA 460800 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\hlmv.exe 2014-02-20 18:20:16 88EC6768E7039FFBFA45E4868A10B749 57024 ----a-w- C:\Program Files (x86)\Steam\bin\x86launcher.exe 2014-02-20 16:00:12 6F0A26FCB9A94444F2A16906B34FB148 3278608 ----a-w- C:\Users\Casper C\AppData\Local\NVIDIA\NvBackend\Packages\00005842\DAO.17897996.exe 2014-02-20 15:35:51 FF3FD6B78A82624C7B319EEA7F7EB8F6 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe 2014-02-20 15:35:51 EA8B5B41163A06FFA8930F5316473035 273800 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe 2014-02-20 15:35:51 C98ACDE22458C8F46FD0503CB9E2D01F 223112 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe 2014-02-20 15:35:51 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateSetup.exe 2014-02-20 15:35:51 6D24CD9918A11CD8AB9AE678CB2CC3C7 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateBroker.exe 2014-02-20 15:35:51 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdate.exe 2014-02-20 15:35:49 BA5C08130D2EFBD4E546912646DC4461 847640 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.5\GoogleUpdateSetup.exe 2014-02-19 18:07:01 B04EE6BFF70C11D478680BB74E1D33AB 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-02-19 18:07:00 BC327B65D38FF611B40A718AFC6C248B 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-02-19 18:07:00 5F63553B55465358ED6B0ED241DB44CF 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-02-19 18:07:00 5E9A6ED18D9F54E7BEFF1A247FC202E6 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-02-19 18:06:59 A799D8222F6F06A952424CBBEE243DBE 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2014-02-21 11:31:17 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat 2014-02-21 08:54:24 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\System32\Drivers\tcpip.sys 2014-02-21 08:36:23 C2F300277B46C95939446C21982A0440 7392448 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\bin\itemtest.com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-962135306-890876683-2195260272-1002\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Crysis 3\Origin\Origin.exe -AutoStart" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "RGSC"="C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" "Google Update"="C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe /c" "FLV Player"="C:\Users\Casper C\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer_For_P2G8"="C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" "CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Crysis 3\Origin\Origin.exe -AutoStart" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "RGSC"="C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" "Google Update"="C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe /c" "FLV Player"="C:\Users\Casper C\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll " ==== Startup Folders ====================== 2014-01-04 09:32:12 1018 ----a-w- C:\Users\Casper C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/03/2013 16:02] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962135306-890876683-2195260272-1002Core.job --a-------- C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe [11/12/2013 19:46] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962135306-890876683-2195260272-1002UA.job --a-------- C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe [11/12/2013 19:46] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-962135306-890876683-2195260272-1002Core" [C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-962135306-890876683-2195260272-1002UA" [C:\Users\Casper C\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\Windows\SysNative\tasks\{C8AA1295-77BD-462F-B2CF-43E07FB66D02}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/go/help.faq.installer?source=lightinstaller&LastError=1618] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\CASPER~1\AppData\Roaming\Mozilla\Firefox\Profiles\searchplugins - Undetermined - %ProfilePath%\extensions\suggestor@suggestor.pirrit.com.xpi ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/01/2014 10:58] avast Online Security - Casper C\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Casper C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast WebRep - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda Google Wallet - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {97DA0045-D850-463C-A332-4E6D40C0FE1A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS" {A8105727-97B2-4B68-8BA5-57150A17B1B3} eseeky Url="http://eseeky.com/ws/?source=728386ab?tbp=rbox&toolbarid=base&u=4adf97d3f9246e743717d3f7033eaef0cbabe536&q={searchTerms}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Casper C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Casper C\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Kaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kaka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\papi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\papi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Casper C\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=301 folders=98 87280447 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Guy\AppData\Local\Temp emptied successfully C:\Users\hedev\AppData\Local\Temp emptied successfully C:\Users\Kaka\AppData\Local\Temp emptied successfully C:\Users\papi\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Casper C\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\CASPER~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Casper C\AppData\Local\PirritSuggestor\msvcr100.dll" not found "C:\Users\Casper C\AppData\Local\PirritSuggestor" not found ==== EOF on vr 21/02/2014 at 16:35:55,71 ======================