Zoek.exe v5.0.0.0 Updated 21-08-2014 Tool run by User on vr 22/08/2014 at 15:54:13,19. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22/08/2014 15:58:25 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\Symantec deleted successfully C:\Program Files\trend micro deleted successfully C:\Users\User\AppData\Roaming\PC-FAX TX deleted successfully C:\Users\User\AppData\Local\HP Quick Start deleted successfully C:\Users\User\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1740371947-2775694921-1869259730-1001\Software\Microsoft\Internet Explorer\SearchScopes\{62C37CAD-1432-4F88-B988-4B19CA14B45A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\User\Searches deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== 2014-08-20 17:15:31 E8C80BF60938EE72EE77AB866EA40E2B 282048 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-4cd34a3c 2014-08-20 17:15:30 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\15572e2f-36508e83 2014-08-20 17:15:31 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-5d946b96 2014-08-20 17:15:31 41B94660F86A4ED3AB2BB555A8E40B90 445 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap ====== C:\Windows\SysWOW64 ===== 2014-08-20 17:12:32 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-08-20 17:12:26 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-08-20 17:12:26 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-08-20 17:12:26 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-14 18:48:39 38045850ACB96313A1983A8803302906 35480 ----a-w- C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 16:20:52 9C464C1D692BADC68A56F103B228B9D9 1023488 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2014-08-14 16:20:37 59519C658518AA899B76AEEFA7719112 14371328 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-08-14 16:20:34 DDB6F474132BDF69835C2EA520C27727 13757440 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-08-14 16:20:34 7672B85494FCB5349DC6CACA32E87F9C 2054656 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-08-14 16:20:34 2046CAAF97A0FB7D7F7A799A320C9266 1180672 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-08-14 16:20:33 7951C75E6B680204BD624A0C3CE2C573 1766400 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-08-14 16:20:33 791868870510413B81F7FFD62912B883 2861568 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-08-14 16:20:32 F9A7AF5CEB19DC16C093D7D3C95997A8 1440768 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 16:20:32 3DE90B458BC31E029A7009F51F4B0F6A 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2014-08-14 16:20:32 1DD42CA0D3338A1A97DFFBC2DA05333D 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 16:20:32 02389BD2FA7CBAB52BFB5BDA68782043 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 16:20:31 DC7056A6F354D67916BE4AEA79D9C24C 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll 2014-08-14 16:20:31 C582896705A6EA678D874FDFE49E5AD8 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll 2014-08-14 16:20:31 BE7707F5514A414DB7B2639A7A00A410 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 16:20:31 BDF3562108CF3EB71D50B3E47BB53717 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 16:20:31 B02AF4F75B3280E10468A7E1698DDCD1 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 16:20:31 9679A6F7708D6C894B1817EFEB62351F 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-08-14 16:20:31 6FE26E630593A71C2AF4F7222A6F7239 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-08-14 16:20:31 5C37961676E91B41E42360CB355707FA 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 16:20:31 44EB410A565D7DD5910C2AC9D7AD6A58 80384 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 16:20:31 30D7BFA0009C4D2ACFFEEBB2F5663CAB 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-08-14 16:20:31 0424E6D3747B6269963D4671040663A2 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2014-08-14 16:20:24 A1E0D8F0F686C402B1F398227A4FDD05 8857600 ----a-w- C:\Windows\SysWOW64\twinui.dll 2014-08-14 16:20:22 CD4AD60802EE2C6E6506018D42FE5236 2416128 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-08-14 16:20:20 FC55D667EDC08B5D4157536A3F6C2641 295424 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2014-08-14 16:20:20 CF11DC5D87D5FBF3EB2CDE3FC5580873 2037760 ----a-w- C:\Windows\SysWOW64\authui.dll 2014-08-14 16:20:20 05B751A750FF7CD2164A1671AC65D23C 754176 ----a-w- C:\Windows\SysWOW64\actxprxy.dll 2014-08-14 16:20:14 7C57257903BBE73B2DBBC6E7104EB867 694272 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-08-14 18:48:39 6DBE73C09215E281F4283641144110A5 35480 ----a-w- C:\Windows\Sysnative\TsWpfWrp.exe 2014-08-14 16:20:53 CC5B978B9A7EBFF2BB154A816554F51C 199680 ----a-w- C:\Windows\Sysnative\cdd.dll 2014-08-14 16:20:52 A5F88AEFDE2AB3C7B3215B30122754E8 1300992 ----a-w- C:\Windows\Sysnative\gdi32.dll 2014-08-14 16:20:52 67DD4FFD6AE0F380E473BAFE002728BC 4035072 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-08-14 16:20:39 90B1DA995893F25DE3438B152D29B089 19279872 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-08-14 16:20:35 D1CC29A03CC49A819031527FEF5C20E0 15399936 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-08-14 16:20:35 0F57CF6FBA7331C01EF7732902EB544C 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-08-14 16:20:34 F49B3E58C3812042D946551FA487A9FF 1407488 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-08-14 16:20:34 2DC29B4B1380BEE4412FF4BD2CFBEB7C 2655232 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-08-14 16:20:33 A56400B83371EAD36B9E62FAF0546595 2240000 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-08-14 16:20:33 4FC4D8947E40600FB0B8A3171E3F5F4B 451584 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-08-14 16:20:32 F0E9B12CB933FB1594907D05C963F3D2 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-08-14 16:20:32 6A025A6C2D17C325B76FCFC5A9B7DE91 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2014-08-14 16:20:32 2F12547498513DDAE30713753C05B728 1508864 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-08-14 16:20:32 19FD12A3AF7E0262282AF4F028504F0E 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-08-14 16:20:32 0E62277BD6441508410372DCC43A2DB5 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-08-14 16:20:31 E9E4DB15809472C8F8E211F9F080FCC1 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-08-14 16:20:31 ADF4159B1C39869B46AE1E8F0E6D7F65 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-08-14 16:20:31 AC351C1ECAD2701E06F96ABFAB02B773 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2014-08-14 16:20:31 A15BACAC115B922F246750770D2378E3 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll 2014-08-14 16:20:31 93F27C7FD64D0E3CDB7454ACF28F160B 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-08-14 16:20:31 8F90D2E05A51C76EA423902B5C4DD6FF 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll 2014-08-14 16:20:31 334C98698434D534E82FE6C7AF8E2531 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-08-14 16:20:31 3013C41E885F370F75F297A0415611C1 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-08-14 16:20:31 283DD1D3C3E9D0B3D258BC6610540E80 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-08-14 16:20:31 21FE64FECC172DD1D159936B6C983750 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-08-14 16:20:24 4079B9196F0353E57EFBB5E16B5727C0 10116608 ----a-w- C:\Windows\Sysnative\twinui.dll 2014-08-14 16:20:22 DE5D9300DAE9279D6554E5875A079093 2146304 ----a-w- C:\Windows\Sysnative\actxprxy.dll 2014-08-14 16:20:22 60B4FDF22A85713621E6528E68CD8FC9 2885632 ----a-w- C:\Windows\Sysnative\msi.dll 2014-08-14 16:20:22 1BE70D6051837B74BCD06DCE040F102E 2306560 ----a-w- C:\Windows\Sysnative\authui.dll 2014-08-14 16:20:20 B8CDF3317BD77FCF8C798EEB9DEFC5C9 393216 ----a-w- C:\Windows\Sysnative\msihnd.dll 2014-08-14 16:20:20 65DF4D0333CFC7AE430F5D210F77F4CE 112984 ----a-w- C:\Windows\Sysnative\consent.exe 2014-08-14 16:20:18 CA887E878FB8CE16C4ACB2F0408D0F0B 712192 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-08-14 16:20:18 39680DBF9A2A8AFEFE3F745461716133 556544 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-08-14 16:20:14 F39B36FC340ED4F322E0FB41FC7307BA 1312768 ----a-w- C:\Windows\Sysnative\rpcrt4.dll ====== C:\Windows\Sysnative\drivers ===== 2014-08-19 15:46:38 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-08-19 15:44:14 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-08-19 15:44:14 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-08-19 15:44:14 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-08-14 18:50:05 58CC013EFA9893057160EDA018D8ADCE 71168 ----a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys 2014-08-14 16:20:53 2BB5627EB587FA995086C3D8C21B6D3F 1453400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2014-08-14 16:20:14 E7E9DBFDD3F25ED0C05B99AE9FA18BDE 94552 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2014-08-14 16:20:14 05FACF485F44D1B70E35551D7BB668ED 328024 ----a-w- C:\Windows\Sysnative\drivers\Classpnp.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-20 17:29:51 -------- d-----w- C:\Program Files\Classic Shell 2014-08-19 15:38:09 -------- d-----w- C:\Program Files\Speccy ======= C:\PROGRA~2 ===== 2014-08-20 17:12:34 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-08-20 17:12:20 -------- d-----w- C:\PROGRA~2\Java 2014-07-28 19:41:25 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2014-08-20 17:31:16 -------- d-----w- C:\Users\User\AppData\Roaming\ClassicShell 2014-08-20 17:15:54 -------- d-----w- C:\Users\User\AppData\Roaming\Oracle 2014-08-20 17:09:20 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun 2014-08-19 15:43:58 -------- d-----w- C:\Users\User\AppData\Local\Programs 2014-08-12 12:44:34 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape 2014-08-01 15:44:33 -------- d-----w- C:\Users\User\AppData\Local\Adobe 2014-08-01 10:32:17 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics 2014-07-28 19:41:38 -------- d-----w- C:\Users\User\AppData\Roaming\Mozilla 2014-07-28 19:41:38 -------- d-----w- C:\Users\User\AppData\Local\Mozilla ====== C:\Users\User ====== 2014-08-21 10:52:51 05BD5AC2BAF0ABBCE24DEB916D0FB79C 1057176 ----a-w- C:\Users\User\Downloads\install_flashplayer14x32_mssa_aaa_aih(1).exe 2014-08-20 17:31:16 -------- d-----w- C:\ProgramData\ClassicShell 2014-08-20 17:29:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2014-08-20 17:29:00 1DD357157605C3462752FFB0B8B38EB8 6791360 ----a-w- C:\Users\User\Downloads\ClassicShellSetup_4_1_0.exe 2014-08-20 17:13:00 -------- d-----w- C:\ProgramData\Oracle 2014-08-20 17:12:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-20 17:11:19 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\User\Downloads\chromeinstall-7u67.exe 2014-08-19 17:01:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-08-19 15:58:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2014-08-19 15:43:42 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 15:37:41 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\User\Downloads\spsetup126.exe 2014-08-12 12:49:16 48A30370253C6B0E7E36A4D700A8EF1B 43 ----a-w- C:\Users\User\jagex_cl_runescape_LIVE.dat 2014-08-12 12:49:16 47D60F15F88B6CC916E2D15D70894C45 24 ----a-w- C:\Users\User\random.dat 2014-08-12 12:49:14 6B2E133F603DAE22EF1771FCBED87B32 23 ----a-w- C:\Users\User\jagexappletviewer.preferences 2014-08-12 12:44:23 -------- d-----w- C:\Users\User\jagexcache 2014-08-10 14:40:02 05BD5AC2BAF0ABBCE24DEB916D0FB79C 1057176 ----a-w- C:\Users\User\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe 2014-07-28 19:41:26 -------- d-----w- C:\ProgramData\Mozilla ====== C: exe-files == 2014-08-21 10:52:51 05BD5AC2BAF0ABBCE24DEB916D0FB79C 1057176 ----a-w- C:\Users\User\Downloads\install_flashplayer14x32_mssa_aaa_aih(1).exe 2014-08-20 17:29:00 1DD357157605C3462752FFB0B8B38EB8 6791360 ----a-w- C:\Users\User\Downloads\ClassicShellSetup_4_1_0.exe 2014-08-20 17:12:32 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-08-20 17:12:26 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-08-20 17:12:26 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-08-20 17:12:21 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-08-20 17:12:21 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-08-20 17:12:21 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-08-20 17:12:21 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-08-20 17:12:21 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-08-20 17:12:21 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-08-20 17:12:21 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-08-20 17:12:21 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-08-20 17:12:21 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-08-20 17:12:21 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-08-20 17:12:21 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-08-20 17:12:21 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-08-20 17:12:21 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-08-20 17:12:21 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-08-20 17:12:21 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-08-20 17:12:21 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-08-20 17:12:21 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-08-20 17:12:21 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-08-20 17:12:21 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-08-20 17:12:21 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-08-20 17:12:21 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-08-20 17:11:59 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\User\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe 2014-08-20 17:11:19 9473F655CAE1A13C311C3FF1134D79DC 918440 ----a-w- C:\Users\User\Downloads\chromeinstall-7u67.exe 2014-08-19 15:58:29 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2014-08-19 15:43:42 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\User\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 15:37:41 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\User\Downloads\spsetup126.exe 2014-08-15 22:34:58 C56CB929FDC62BA6AFA025C0DF95CA73 1836624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe === C: other files == 2014-08-20 17:12:21 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip 2014-08-19 15:46:38 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-08-19 15:44:14 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\Drivers\mbam.sys 2014-08-19 15:44:14 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\Drivers\mbamchameleon.sys 2014-08-19 15:44:14 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\Drivers\mwac.sys 2014-08-16 12:09:17 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\symnets.sys 2014-08-16 12:09:16 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\symefa64.sys 2014-08-16 12:09:16 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\symds64.sys 2014-08-16 12:09:16 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\symelam.sys 2014-08-16 12:09:15 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\srtspx64.sys 2014-08-16 12:09:14 F718A57D946EAC76EFCB351D74E269F4 875736 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\srtsp64.sys 2014-08-16 12:09:14 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\ironx64.sys 2014-08-16 12:09:13 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\Drivers\NISx64\1505000.013\ccsetx64.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1740371947-2775694921-1869259730-1001\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" "PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" "PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" "PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" "ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "BrHelp"="C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN" "HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" "BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/07/2014 13:29] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForUser.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 22:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForUser" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe"] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF" [30/06/2014 21:31] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kzcfu5q9.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kzcfu5q9.default 1919A4E982A86647F79ADD23B9AC3E11 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player DAD55CEF682EAE6FA7B4C9487563A496 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx[26/06/2014 12:22] Google Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Norton Security Toolbar - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Reset Google Chrome ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\kzcfu5q9.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=6 folders=2 1864 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\User\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 22/08/2014 at 16:14:27,33 ======================