Zoek.exe v5.0.0.0 Updated 17-10-2014 Tool run by Henk on za 18-10-2014 at 19:46:10,41. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Henk\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18-10-2014 19:53:35 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\JLC's Software deleted successfully C:\PROGRA~2\Mega Browse deleted successfully C:\PROGRA~2\Nikon deleted successfully C:\PROGRA~2\RegClean Pro deleted successfully C:\PROGRA~2\Studio deleted successfully C:\PROGRA~2\VLC deleted successfully C:\PROGRA~2\Wondershare deleted successfully C:\Program Files\ReviverSoft deleted successfully C:\Program Files\Web-tv deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\PhotoStitch deleted successfully C:\PROGRA~3\ZoomBrowser deleted successfully C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Henk\AppData\Roaming\JLC's Software deleted successfully C:\Users\Henk\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Henk\AppData\Roaming\Solvusoft deleted successfully C:\Users\Henk\AppData\Roaming\ZoomBrowser EX deleted successfully C:\Users\Henk\AppData\Local\GHISLER deleted successfully C:\Users\Henk\AppData\Local\LogMeIn Rescue Applet deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default ---- Lines mysearchdial removed from prefs.js ---- user_pref("extensions.mysearchdial.AL", 2); user_pref("extensions.mysearchdial.aflt", "dsites_14_13_ie"); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1 user_pref("extensions.mysearchdial.cr", "833059341"); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtD user_pref("extensions.mysearchdial.id", "002185C649BCB750"); user_pref("extensions.mysearchdial.instlDay", "16153"); user_pref("extensions.mysearchdial.instlRef", "140305_b"); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByD user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByB user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:38:44"); ---- Lines mysearchdial removed from user.js ---- user_pref("extensions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q&cr=833059341&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q&cr=833059341&ir="); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q&cr=833059341&ir=&q="); user_pref("extensions.mysearchdial.id", "002185C649BCB750"); user_pref("extensions.mysearchdial.instlDay", "16153"); user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:38:44"); user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); user_pref("extensions.mysearchdial.prdct", "mysearchdial"); user_pref("extensions.mysearchdial.aflt", "dsites_14_13_ie"); user_pref("extensions.mysearchdial_i.smplGrp", "none"); user_pref("extensions.mysearchdial.tlbrId", "base"); user_pref("extensions.mysearchdial.instlRef", "140305_b"); user_pref("extensions.mysearchdial.dfltLng", ""); user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); user_pref("extensions.mysearchdial.excTlbr", false); user_pref("extensions.mysearchdial.cr", "833059341"); user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q"); user_pref("extensions.mysearchdial.AL", 2); ---- Lines Mega Browse removed from prefs.js ---- user_pref("extensions.Mega Browse.asul", "1395669035234"); user_pref("extensions.Mega Browse.aul", "1395668681436"); user_pref("extensions.Mega Browse.irl", true); ---- Lines nspdl removed from prefs.js ---- user_pref("extensions.nspdl.aflt", "dsites_14_13_ie"); user_pref("extensions.nspdl.cd", "2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L user_pref("extensions.nspdl.cr", "833059341"); user_pref("extensions.nspdl.data.activeDate", "20140324"); user_pref("extensions.nspdl.data.aliveDate", "20140324"); user_pref("extensions.nspdl.data.configDate", "20140324"); user_pref("extensions.nspdl.data.instlDate", "20140324"); user_pref("extensions.nspdl.general.content", "favorites-f49f667039d0cabd9487c2c3b9d975a8"); user_pref("extensions.nspdl.general.firstRun", false); user_pref("extensions.nspdl.general.guid", "9dd7c44c-b80f-410d-ba18-fedd52f1757d"); user_pref("extensions.nspdl.general.version", "9.5.3"); ---- Lines irmysearch removed from prefs.js ---- user_pref("extensions.irmysearch.aflt", "dsites_14_13_ie"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1 user_pref("extensions.irmysearch.cr", "833059341"); user_pref("extensions.irmysearch.instlRef", "140305_b"); ---- Lines irmysearch removed from user.js ---- user_pref("extensions.irmysearch.aflt", "dsites_14_13_ie"); user_pref("extensions.irmysearch.instlRef", "140305_b"); user_pref("extensions.irmysearch.cr", "833059341"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q"); ---- Lines vfdownload removed from prefs.js ---- user_pref("extensions.vfdownload.installDate", "2013-5-22"); user_pref("extensions.vfdownload.installedProduct", "selectionlinks"); user_pref("extensions.vfdownload.installerVersion", "3.1"); user_pref("extensions.vfdownload.installID", "{F7784BFA-B2A5-4E18-8A4C-37BE68850C21}"); user_pref("extensions.vfdownload.installpartner", "dlc"); user_pref("extensions.vfdownload.testgroup", ""); ---- FireFox user.js and prefs.js backups ---- user_18-10-2014_2011_.backup prefs_18-10-2014_2011_.backup prefs_23-09-2013_2243_.backup ProfilePath: C:\Users\Henk\AppData\Roaming\TomTom\HOME\Profiles\7iygk73s.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_18-10-2014_2011_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NextLive"=- [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\Users\Henk\AppData\Roaming\newnext.me deleted C:\Users\Henk\AppData\Local\genienext deleted C:\Users\Henk\daemonprocess.txt deleted C:\Users\Henk\.android deleted C:\PROGRA~2\Mobogenie deleted C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted C:\PROGRA~2\MyFree Codec deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\Users\Henk\AppData\Roaming\1H1Q deleted C:\Users\Henk\AppData\Roaming\Uniblue deleted C:\Users\Henk\AppData\Roaming\Systweak deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\simplitec deleted C:\PROGRA~3\Package Cache deleted C:\Users\Henk\AppData\Local\blekkotb_031 deleted C:\Users\Henk\AppData\Local\Wondershare deleted C:\Users\Henk\AppData\Local\Mobogenie deleted C:\Users\Henk\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Henk\Downloads\SoftonicDownloader_voor_mp3gain.exe deleted C:\Users\Henk\AppData\LocalLow\MySearchDial deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Henk\Documents\Mobogenie deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default\searchplugins\ask-search.xml deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default\searchplugins\Mysearchdial.xml deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default\searchplugins\safesearch.xml deleted C:\Users\Henk\Desktop\NISDownloader.exe deleted C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default\nspdl deleted "C:\Windows\tasks\{3A1B2112-3617-4D99-BF54-7AB8F9D18F97}.job" deleted "C:\Windows\Installer\525979f9.msi" deleted "C:\Windows\Installer\525979f9.msi" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Henk\AppData\Local\Temp ==== 2014-10-18 17:29:53 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Henk\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl3hvmi.dll 2014-10-15 19:20:43 97518EED3BE98C70CFBB3222118319E6 20327280 ----a-w- C:\Users\Henk\AppData\Local\Temp\Update_Simplitec_PowerSuite_1.5.2.2nl_NL.exe 2014-10-15 18:23:35 E12A1B5088A8A465F2E48E61CD8D2C87 9580608 ----a-w- C:\Users\Henk\AppData\Local\Temp\Foxit Reader Updater.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-10-18 17:39:49 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-14 21:45:01 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll 2014-10-14 21:45:01 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll 2014-10-14 21:44:59 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll 2014-10-14 21:44:38 2C5D7D6C3C3E998306F0BFD7FF7114B9 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll 2014-10-14 21:44:37 C1140AAB50F59C68394CE4C4046A9A8D 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 21:44:33 089236B6EC2E6C52A1864B79A09D7690 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 21:44:32 152FCD9B979D70FDB703A28152B634EA 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2014-10-14 21:44:31 F50F1EBD832CA070E1717C2044806ECF 3208704 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-10-14 21:44:31 9153F819C855EBD72417DAE7C176CF50 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 21:44:31 1858EF9B8A1E334AC1262D664367F451 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 21:44:30 776DBF61BA3E8FA64FFA052559A29174 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 21:44:29 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 21:44:29 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2014-10-14 21:44:29 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 21:44:28 F8028D69DE63F180623D4444A39BAB3E 489984 ----a-w- C:\Windows\SysWOW64\evr.dll 2014-10-14 21:44:28 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 21:44:28 8C147D67D4E75882DA88206DF098229A 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll 2014-10-14 21:44:28 6BB12A7CA8779D96334B258548B071F5 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll 2014-10-14 21:44:28 5C3BA07E215B4F693E7D78D6F4980D98 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll 2014-10-14 21:44:28 454BF1E3B844306E764ADC0EA7B6E64C 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2014-10-14 21:44:27 77F95AE51E834BAFE903912F7EBE825B 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 21:44:27 6B07EE9C7668D2C704563DA838026828 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 21:44:26 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 21:44:26 534177269B23D1999DD1FCA50A396611 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll 2014-10-14 21:44:26 4BA17820B97F1CAED69E5BE5F1BC7C96 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 21:44:25 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2014-10-14 21:44:24 4F1FCBB6A312825B9A84F813E5093AE9 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2014-10-14 21:44:23 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 21:44:22 9590D4F5699C176217A8CA2330E54D8A 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2014-10-14 21:44:20 E637A7187CAFB3EEEED0540CBEF27C8B 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2014-10-14 21:44:20 A7DD5C1F29877A473265D4B98B3495ED 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 21:44:20 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 21:44:20 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 21:44:20 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2014-10-14 21:43:29 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 21:43:29 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-10-14 21:43:28 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 21:43:28 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 21:43:28 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 21:43:27 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-10-14 21:43:27 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 21:43:27 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 21:43:27 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 21:43:27 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-10-14 21:43:26 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 21:43:25 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-10-14 21:43:25 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 21:43:25 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-10-14 21:43:24 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 21:43:24 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 21:43:24 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-10-14 21:43:23 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-10-14 21:43:22 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-10-14 21:43:22 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-10-14 21:43:22 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 21:43:22 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 21:43:21 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 21:43:21 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-10-14 21:43:21 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 21:43:21 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-10-14 21:42:56 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-10-14 21:42:35 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll 2014-10-14 21:42:24 3ABACF6D4EBEA5EF3014FEFA1D8FF5F8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2014-10-14 21:42:23 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll 2014-10-14 21:42:23 97896EE4254176CFDD9010B5B243B89F 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2014-10-14 21:42:23 0DBD0B4D4766CADEB8C30242A0611395 1051136 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2014-10-14 21:42:22 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-10-14 21:42:22 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 21:41:40 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-10-14 21:45:05 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-10-14 21:45:01 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll 2014-10-14 21:45:01 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll 2014-10-14 21:45:00 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll 2014-10-14 21:44:39 2F5AF776A7B24C6B82D20B5F3179B235 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll 2014-10-14 21:44:38 EF86A7118A3950F03B364FAC93A08E96 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll 2014-10-14 21:44:36 73D3B2408952890DE8157EAA014B9A52 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll 2014-10-14 21:44:34 FE4ABDE0BC70BF9F82531FDB416C4B4E 4120576 ----a-w- C:\Windows\Sysnative\mf.dll 2014-10-14 21:44:34 868FE3B478D05A225D27A28E933CE33C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll 2014-10-14 21:44:33 87222A707545E783D9FAE7940645A2C3 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-10-14 21:44:32 5807843607013D16EEEDC15DA4AA83E7 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll 2014-10-14 21:44:31 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll 2014-10-14 21:44:31 84396ACFCF981E2CBFACD084DF1271B9 616352 ----a-w- C:\Windows\Sysnative\winresume.efi 2014-10-14 21:44:30 DA9AF4793B4874BE0BE28170DB890CDF 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-10-14 21:44:30 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2014-10-14 21:44:30 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\Sysnative\winload.exe 2014-10-14 21:44:30 8F3FE4C327D30629266F1F0650C2E910 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll 2014-10-14 21:44:30 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2014-10-14 21:44:30 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe 2014-10-14 21:44:30 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2014-10-14 21:44:30 00B454421642EF68B7A17D2C153920E2 693176 ----a-w- C:\Windows\Sysnative\winload.efi 2014-10-14 21:44:29 F06D511B37BB101A7951A1837224B7A5 631808 ----a-w- C:\Windows\Sysnative\evr.dll 2014-10-14 21:44:29 C92075D9FFC8429E6CA1279EA8D25722 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-10-14 21:44:29 6B381E24EC6A6519DC0A67F1DF5EF82C 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-10-14 21:44:29 08835F1772B58DE4C3AAF604760276A5 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2014-10-14 21:44:28 81A2008198A6E450E4BC7EF361154C8A 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll 2014-10-14 21:44:28 724EE88C7003974720087A4344331FC1 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2014-10-14 21:44:28 4BE4D8091FBE4DE496B3EFBA206F29AE 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll 2014-10-14 21:44:28 2C1B6A64294F2182DC4999F923873974 679424 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-10-14 21:44:28 256390425414F90FCBC12F525A84EB11 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll 2014-10-14 21:44:27 D9A61370B40ABAA9F509113504CD8425 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll 2014-10-14 21:44:27 6F86A81133E8D468DDBE74E2A96CEA03 641024 ----a-w- C:\Windows\Sysnative\msscp.dll 2014-10-14 21:44:26 F71CA01C24FC3798A717B5A6F682F9AD 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2014-10-14 21:44:26 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2014-10-14 21:44:26 D179B4872554CFFD5621FD76E4469C81 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll 2014-10-14 21:44:26 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe 2014-10-14 21:44:26 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2014-10-14 21:44:26 01C98E5902E428D5C7EA136895FAEF4C 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll 2014-10-14 21:44:25 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2014-10-14 21:44:24 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2014-10-14 21:44:24 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2014-10-14 21:44:23 C15F3DF9122C70F42AC6D66CBC90918B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2014-10-14 21:44:22 310A2A61A5588D932002F83651188C9E 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2014-10-14 21:44:21 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2014-10-14 21:44:20 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2014-10-14 21:44:20 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2014-10-14 21:44:20 71EF970D853661A6BAFBD45C36714FEC 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2014-10-14 21:44:20 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2014-10-14 21:44:20 5C90E1F072AF0579620B500DA14588C3 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2014-10-14 21:43:28 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-10-14 21:43:28 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-10-14 21:43:28 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-10-14 21:43:27 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-10-14 21:43:27 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-10-14 21:43:25 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-10-14 21:43:25 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-10-14 21:43:24 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-10-14 21:43:24 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-10-14 21:43:24 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-10-14 21:43:24 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-10-14 21:43:23 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-10-14 21:43:22 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-10-14 21:43:22 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-10-14 21:43:21 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-10-14 21:43:21 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-10-14 21:43:21 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-10-14 21:43:20 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-10-14 21:43:20 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-10-14 21:43:20 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-10-14 21:43:20 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-10-14 21:43:19 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-10-14 21:43:19 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-10-14 21:43:19 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-10-14 21:43:19 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-10-14 21:43:19 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-10-14 21:43:18 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-10-14 21:43:18 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-10-14 21:43:18 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-10-14 21:43:18 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-10-14 21:42:57 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll 2014-10-14 21:42:35 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll 2014-10-14 21:42:24 8516703179C3BDE90A3ED31B9EC16F8D 1118720 ----a-w- C:\Windows\Sysnative\mstsc.exe 2014-10-14 21:42:24 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-10-14 21:42:24 467D0E831D6DF8DA16BF856D0537A153 3722240 ----a-w- C:\Windows\Sysnative\mstscax.dll 2014-10-14 21:42:23 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll 2014-10-14 21:42:23 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2014-10-14 21:42:22 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-10-14 21:42:22 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-10-14 21:41:40 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll 2014-10-08 14:51:58 A749195898DCF4F71B38AA0E5842F00E 12961280 ----a-w- C:\Windows\Sysnative\Gpu_Shader_Engine_x64.dll 2014-10-08 14:51:58 9A381113556E2B519D0633D5549ECFDD 270336 ----a-w- C:\Windows\Sysnative\glut64.dll ====== C:\Windows\Sysnative\drivers ===== 2014-10-14 21:44:31 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-14 21:44:26 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-14 21:42:23 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-14 21:42:21 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2014-09-21 20:14:17 1AF619620613869C07F9C147BC37520F 38048 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys ====== C:\Windows\Tasks ====== 2014-10-18 17:39:34 2ECF159A88561C57AFD1E0AC42C8B50D 3130 ----a-w- C:\Windows\Sysnative\Tasks\{C7756708-019E-450C-A4BE-B774990044AC} 2014-10-07 20:38:20 86E1867BAE2927031A5133744231FF7A 2752 ----a-w- C:\Windows\Sysnative\Tasks\simplitec Power Suite 2014-10-07 20:38:19 41CE70676B466A38242E740828A2BE58 374 ----a-w- C:\Windows\Tasks\simplitec Power Suite.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-17 21:19:11 -------- d-----w- C:\Program Files\iPod 2014-10-17 21:19:07 -------- d-----w- C:\Program Files\iTunes 2014-10-17 20:49:36 -------- d-----w- C:\Program Files\trend micro 2014-10-08 14:51:58 -------- d-----w- C:\Program Files\Red Giant 2014-10-07 21:10:52 -------- d-----w- C:\Program Files\Common Files\MAGIX Shared 2014-10-07 21:07:22 -------- d-----w- C:\Program Files\Common Files\MAGIX Services 2014-10-07 21:07:14 -------- d-----w- C:\Program Files\MAGIX ======= C:\PROGRA~2 ===== 2014-10-18 17:39:56 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-10-17 21:19:07 -------- d-----w- C:\PROGRA~2\iTunes 2014-10-15 01:45:48 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET 2014-10-08 14:46:10 -------- d-----w- C:\PROGRA~2\myphotobook print service NL ======= C: ===== ====== C:\Users\Henk\AppData\Roaming ====== ====== C:\Users\Henk ====== 2014-10-18 17:39:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-18 10:43:51 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\Henk\Downloads\jxpiinstall(3).exe 2014-10-17 21:20:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-17 21:19:07 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-17 20:50:35 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Henk\Desktop\RSITx64.exe 2014-10-17 20:47:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Henk\Downloads\RSITx64.exe 2014-10-15 19:16:44 1A7964FF35F988CCB68157EC98F21CA0 194521408 ----a-w- C:\Users\Henk\Desktop\dppw402u1.exe 2014-10-07 21:21:45 -------- d-----w- C:\Users\Public\Documents\MAGIX 2014-09-26 17:12:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ====== C: exe-files == 2014-10-18 17:39:31 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2014-10-18 17:39:31 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2014-10-18 17:39:31 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2014-10-18 17:39:31 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2014-10-18 17:39:31 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2014-10-18 17:39:31 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2014-10-18 17:39:31 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2014-10-18 17:39:31 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2014-10-18 17:39:31 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2014-10-18 17:39:31 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2014-10-18 17:39:31 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2014-10-18 17:39:31 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2014-10-18 17:39:31 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2014-10-18 17:39:31 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2014-10-18 17:39:31 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2014-10-18 17:39:31 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-10-18 17:39:31 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2014-10-18 17:39:31 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-10-18 17:39:31 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2014-10-18 17:39:31 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2014-10-18 17:39:31 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2014-10-17 20:49:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Henk.exe 2014-10-16 01:25:36 68270679465EC5A66B65489C6E44AD64 11100752 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe 2014-10-15 03:42:34 3081748A52D6A5CFE5F974B27A1BE4C8 4175144 ----a-w- C:\Program Files (x86)\iTunes\iTunes.exe 2014-10-15 03:42:34 0EF0822810009D58118CCDFD098FA9F4 157480 ----a-w- C:\Program Files (x86)\iTunes\iTunesHelper.exe 2014-10-15 03:42:08 7FAE5B6CDB18B0B2E81F32869F595022 643880 ----a-w- C:\Program Files\iPod\bin\iPodService.exe 2014-10-14 21:44:21 E017E313FB86FDD356D3F15A7024B4F2 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe 2014-10-14 21:44:21 D5F60B28FB5F9210AD9827FEB47B1AF2 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2014-10-14 21:44:21 686A215E51F5FF66B529AF7AA940EAE3 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe 2014-10-14 21:44:21 0786D45A6F41F075E20A18E2F7285BA0 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2014-10-14 21:44:20 B56E64D20C205B219C717496E00303D0 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe 2014-10-14 21:44:20 AC3B58FFD38D515DE923C63C2ACDFD54 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe 2014-10-14 21:43:28 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-10-14 21:43:28 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-10-14 21:43:26 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-10-14 21:43:25 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-10-14 21:43:25 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-10-14 21:43:23 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2014-10-18 17:39:31 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3797316214-4279381754-2066155730-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-21-3797316214-4279381754-2066155730-1001\Software\Microsoft\Windows\CurrentVersion\runonce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayServer"="C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium\TrayServer_nl.exe" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "KiesAirMessage"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup" "KiesPreload"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" "AdobeBridge"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "LanguageShortcut"="\"C:\\Program Files (x86)\\HomeCinema\\PowerDVD\\Language\\Language.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "TrayServer"="C:\\PROGRA~2\\MAGIX\\VIDEO_~1\\TrayServer_nl.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "TkBellExe"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot" "Adobe Acrobat Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS4ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS4ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonMyPrinter" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenu" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesAirMessage" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPDLR] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPDLR" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\HomeCinema\\PowerDVD\\PDVDServ.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TVEService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TVEService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\HomeCinema\\TV Enhance\\TVEService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HD Writer.lnk" "backup"="C:\\Windows\\pss\\HD Writer.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\COMMON~1\\PANASO~1\\HDWRIT~1\\HDWRIT~1.EXE " "item"="HD Writer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Henk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MP640 series Printer.lnk] "path"="C:\\Users\\Henk\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Canon IJ Status Monitor Canon MP640 series Printer.lnk" "backup"="C:\\Windows\\pss\\Canon IJ Status Monitor Canon MP640 series Printer.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Users\\Henk\\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP640 series Printer;cnmss Canon MP640 series Printer (Local).dll;Canon IJ Status Monitor Canon MP640 series Printer.lnk" "item"="Canon IJ Status Monitor Canon MP640 series Printer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor6.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NMIndexingService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinDefend] ==== Startup Folders ====================== 2014-09-21 20:22:39 1056 ----a-w- C:\Users\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-08-28 06:01:17 1348 ----a-w- C:\Users\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2013-04-24 20:57:56 2144 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk 2012-10-14 14:16:10 1207 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk 2014-07-31 21:03:20 1300 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk 2013-04-24 20:57:52 2093 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-05-2010 18:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-05-2010 18:08] C:\Windows\tasks\simplitec Power Suite.job --a------ C:\Program Files (x86)\simpliteC:\simpliC:lean\PowerSuite.exe [] C:\Windows\tasks\X-Rite Device Services Software Updater.job --a------ C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [23-06-2014 17:13] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Windows7-Henk" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Henk\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\SysNative\tasks\Real Player-online actualiseringsprogramma" [c:\program files (x86)\real\realplayer\Update\realsched.exe] "C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797316214-4279381754-2066155730-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797316214-4279381754-2066155730-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797316214-4279381754-2066155730-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3797316214-4279381754-2066155730-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3797316214-4279381754-2066155730-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\simplitec Power Suite" [C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe] "C:\Windows\SysNative\tasks\X-Rite Device Services Software Updater" [C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe] "C:\Windows\SysNative\tasks\{42FFB686-FCA0-42DB-AB0C-A0BAC48E76DD}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116/en/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;userlevelpresent] "C:\Windows\SysNative\tasks\{6973846C-1D3F-4FAB-9075-A73187288998}" [C:\Program Files (x86)\Adobe\Elements 11 Organizer\Photoshop Elements 11.0.exe] "C:\Windows\SysNative\tasks\{8D556512-B87A-453D-AC85-DDE0EAEC9D96}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/5.3.0.116/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered] "C:\Windows\SysNative\tasks\{D0768403-E79A-4071-9F9C-EC6E3EBA589F}" [C:\Program Files (x86)\Skype\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{D255A75C-AE8A-4D56-8E9D-ED3107E9B09F}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{EFB161D8-E53F-4742-AE49-CDA77550AD10}" [C:\Program Files (x86)\Adobe\Elements 9 Organizer\Photoshop Elements 9.0.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon" [C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [31-07-2014 23:04] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Henk\AppData\Roaming\TomTom\HOME\Profiles\7iygk73s.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\rdgob3y6.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 06C0E62DE26FBC4F174A91F4B70C45F7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit) D1041C1505FEDBBA27529AB1B57450B8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealPlayer Video Downloader for PepperFlash (32-bit) D0D8A5784C6260EE1C1EA58A9576F652 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealPlayer Video Downloader (32-bit) ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10-06-2014 17:54] iikflkcanblccfahdhdonehdalibjnif - No path found[] jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[30-05-2012 15:56] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20-09-2014 10:52] RealPlayer Downloader - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Norton Identity Safe - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Freemake Video Converter - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj Norton Security Toolbar - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Fix ====================== C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://start.mysearchdial.com/?f=1&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q&cr=833059341&ir=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://start.mysearchdial.com/?f=1&a=dsites_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyD0CyCyEzy0B0C0ByByDtDtN0D0Tzu0SzztCyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtB0EtB0A0DtAtAtGzz0A0A0FtGzzyDtCtDtG0B0F0CzytGtB0EyEyEyD0FtDzy0DzyyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyEyE0AzzyD0FtDtGtD0CtCtCtGyE0CtAyCtGyCtB0D0DtGtC0F0AtAtCyEyByCtCzz0EtD2Q&cr=833059341&ir=" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{AB5E3E04-2739-4666-9570-5CD25A9CF13E}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Unknown Url="Not_Found" {AB5E3E04-2739-4666-9570-5CD25A9CF13E} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7MXGB_nlNL584" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3797316214-4279381754-2066155730-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-3797316214-4279381754-2066155730-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAYY14IG will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4607 folders=129 245317526 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Henk\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Henk\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAYY14IG" not found ==== EOF on za 18-10-2014 at 20:48:29,57 ======================