Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Patric on za 18/07/2015 at 9:29:00,05. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA6R12C5\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 18/07/2015 9:31:33 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\360 deleted successfully C:\PROGRA~2\CompuClever deleted successfully C:\PROGRA~2\Music App deleted successfully C:\PROGRA~2\COMMON~1\AV deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\CompuClever deleted successfully C:\Users\Patric\AppData\Roaming\Apyvwo deleted successfully C:\Users\Patric\AppData\Roaming\CompuClever deleted successfully C:\Users\Patric\AppData\Roaming\Depiih deleted successfully C:\Users\Patric\AppData\Roaming\MicroST deleted successfully C:\Users\Patric\AppData\Roaming\Nueqv deleted successfully C:\Users\Patric\AppData\Roaming\Owbay deleted successfully C:\Users\Patric\AppData\Roaming\Smlupd deleted successfully C:\Users\Patric\AppData\Roaming\TP deleted successfully C:\Users\Patric\AppData\Roaming\UnknownFile deleted successfully C:\Users\Patric\AppData\Roaming\Xauf deleted successfully C:\Users\Patric\AppData\Local\cache deleted successfully C:\Users\Patric\AppData\Local\DassaultSystemes deleted successfully C:\Users\Patric\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Patric\AppData\Local\EmieSiteList deleted successfully C:\Users\Patric\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7daeb809-e251-4976-b40b-6af3e9e00bf8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7daeb809-e251-4976-b40b-6af3e9e00bf8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12972DF-F8F8-45DF-9798-87CF97B8C0A8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15EC0FA6-DB58-41ED-976C-A12E84B89929} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15ECC600-CD81-45A8-BBC-186D41D18CF2} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BEDB28F-63D8-420B-9894-BE1F2E548AEA} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CEB9BC7-4B27-4D6F-9062-7F316CE573E} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D367D8A-196F-42D7-8777-D6925A84655} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E8BBED9-79AC-4EC7-AD4B-9E32BD546F8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21FE8DD7-B860-47A8-9A4-29B7E2937692} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22215723-19AD-4479-BFF0-8BD0BA82CCC} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26DD6D94-5F40-4658-B48-C248491AD626} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2804EE0C-D86A-4AAC-99EF-EAEAFC1C66D7} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC52F8A-6C71-4EC2-BD73-BD979A3A94} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CC0F5B3-BE6A-40E7-B8C3-50F12EE31912} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FFEE2E0-4534-4727-ACB0-A8A915EF9E84} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{305A79A9-B446-4883-A541-214B52878EB9} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3271636-F989-4D9E-ACAA-71E6E37B539} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{327E0FCD-58C4-43DA-A7FB-4C20925D5AAD} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36277CD-6E84-4640-AC70-C14228B92FC} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A9F164D-20F3-4A03-BBDE-A4934D75E1} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C7402E4-4CA-4197-BBD4-83FE4DD51DB2} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E8CAA64-8D63-4551-95D8-C9B36A48629} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40F77C1F-37C6-4F8C-A557-487AFE851D10} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{421527-5367-4941-A710-4950E9C5F6B0} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4246F6C5-B68-4B7F-A42A-28B78E07EAF} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{425071BA-AE8E-4617-ADC6-E8D494051D} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4416B6D-C1E7-46E8-8F6C-8F3D88AE96} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{448058B8-9155-4447-9EA8-614EB254C514} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45D5EC3F-DB0A-43F1-8685-E4790C5B10} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47093F7F-452E-40DF-9F42-FC932984EE0} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{495D8305-DA7-4571-A258-CA8EE1BE3D2B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B10D1DE-9504-4BE8-B11C-D6F329A6BE8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B4C5EA3-7768-493E-94FA-FA33B492859} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DD0B9EC-2CF9-488F-9DFA-3C88175E146} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5075FDE0-A8F7-4E2B-8FC0-6E72A22CE13} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FA0715-8A13-4DBF-8EC3-D085CD583C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56CEE6F7-6812-40B7-B19-175AA4F28D76} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58BF669D-7DD1-4E5D-8D58-178C3DD7F41} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58ECA079-5E50-4667-8FF5-D8D4BB82FA2A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A7E0C7C-AD55-4B09-A62F-7C672165A75} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B147BFE-F404-4848-977-94F311A436C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B76F3C5-6101-4577-88D3-5513863C2BC5} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D5CCB-88E2-4F1F-B2DD-2531994EA315} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C42157F-8194-412E-9FE8-4F8C88D03A1} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CF3CCAE-8B47-4DA0-A654-33D977E54535} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E13DE42-5973-4F40-9E6B-1DA84F19FCBF} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60165C2-AEB9-499F-94E8-77B8AC9980B2} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6073E61-572A-4627-B061-40EE317D86A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B10225-9BD8-4D0E-9EFC-5DD0D44BC8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63926B54-9C3C-4DDD-B46A-8A0B264B14B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64833B18-543D-45C4-93B2-7760A32517} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{665B5B0F-7DB6-416C-BA88-A3727B607D60} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{668EB79D-65C9-4823-911E-C6C97591B5F7} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66FE4061-9FFD-40F5-BA11-427714E88327} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67D39952-922C-4A98-A8A5-DFA2D8A9ED19} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{686E4B7F-F753-44D2-AE5E-FC4AE2DCD8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D03BCC2-937B-4091-BF30-6ECD22DCF} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D7BFD4C-4D9C-4D20-9CDB-38356E3FE7E} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DA2E719-C3EB-4A80-826A-BCE1CFAEFCB5} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E4D59AF-B236-4D3C-B299-92983510A5C4} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EB4960D-5E4B-40F0-BED2-7373681B482} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F83E3B1-75D8-4CA3-8874-D2C4748B76} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{704254F9-DE0F-4353-BB0-F3C190B5F80} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70894FAC-4189-419F-B1EF-7D9AB39114C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7237A6AB-EFF4-49DA-8D84-23D8FBF6D44} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{726C8832-FD82-472B-A2FA-70C1B69A5230} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7332453D-90D3-4996-9758-CEBFAB8AC8AA} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{737B7A36-8DAC-4BD0-9ABF-2F8041E798C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74EAC5F0-D9B7-4D3F-BD29-90585142B345} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75CDE21D-5AB-4662-ABD4-BDAFDA5498B5} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{760F5795-CBFC-420E-9A68-A0E8BBA76FE1} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{764D8159-7DFA-4D56-B8B1-9EE69567AD9} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F94E566-41B8-4C22-B1E8-E8E7BABF7ACB} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8135A8D1-40A9-469D-B6C4-2BDECEA5A5B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82DD0E56-1FF4-49C9-ACE4-E45BB8735C1} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{899EFE82-3208-4C31-A5AB-77653B61FE3C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B7E09FF-1DFB-4A12-9EC3-752E69BC47} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D918C3-C045-4D0E-B7D7-8D3DF4C8E12} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EA93BDD-6DB-4D3D-89CA-1496E2E4AA88} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93136B86-FF50-43E9-AA57-77EA652691B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E42F25-837C-4D6F-B46F-DA1C21D599C} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{968D3D6C-AB2C-45CB-9565-5E30168A48B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97AD0FF4-9260-4529-ADDC-18D17EDEC9C4} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98776956-488D-43FB-818F-763BCBCC2CAD} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98C50C1E-8085-41E3-8F62-27463E8DE8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A723CFD-9A56-49D7-B93C-ABF379E62F28} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D20FDE6-2CE1-41A9-92FC-69CFA2F4BFF} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D36C4E3-4CF7-4A05-B91D-5BFDCB66BD34} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DBD17D6-4B3-49C5-A180-275D763826E} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A29402B5-6441-4007-8D47-B6EA7829E87B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A360942C-D0E5-44E2-9DEB-998D0F3D652} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3662897-5143-4F3B-B353-3591A922FAA} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A42EEC28-C8FE-4284-BFC0-3D66E0A4F91} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8DA2D5E-782F-4E18-97D9-4FD65E90B21B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA828B7C-9FF1-4258-81E1-384B2C4E56} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFA230DC-2860-4801-8950-A237B385711F} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1450ECD-3E80-404D-9C3B-D313CC9D363} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D0F5FB-50C5-4F1D-A084-D218B8E28357} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF8611-30B9-4F5F-AA45-3C1AA03DDB32} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B407090B-CF3B-47B9-9595-D329B2A5B292} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B436B0E-29E-473F-B9B-B3C57CB4387} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B482FCD8-F4D-46BA-A99D-8831B024CBE9} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7A03D3A-DC3C-4C3B-9755-CE3A7CDB2BA1} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7A7FF1C-2A0C-4DFE-AFE0-DB3E47998D4} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA189CFE-4F43-4196-B138-CC86D6298014} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD32375C-8290-4EC6-AB11-6E9B7FEFD98} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42D6357-5CAC-4D28-A655-E8B573D979A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C43336E5-299-4C7D-AFFF-9CC3CBFC87AC} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5160191-9094-4136-B391-5B708B43C48B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C52CF76D-F33A-4DB8-9514-EAA65DBBF0A0} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5A67F54-5557-4120-8485-24E9BF1F4284} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA17141-6E98-4FC6-9671-28F748C9FF2} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAF2B89E-41DF-43E4-B93-C619BDF79E9} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC6A76E0-EA92-4F2E-977-528AE6E3C9D8} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFB8CCDC-4E29-4F23-BCAC-76391640C4B4} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D020C5D1-9A80-4BE1-9C8E-73F0ED5882B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D12D7C0C-2841-4DF4-9C74-49AE7396B357} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D281E892-7BE3-462D-A0DB-56F76596BE49} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D38B3645-4F36-470F-A727-C25AF462E845} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCD5F92F-7DD3-4EF7-8CA3-D3FEFD8F0B6} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF40D7E8-2395-4C90-9B63-36111E2FDB9A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E020942B-ADAB-4D5A-97E8-53D6DA14C7AE} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E11DA91A-6981-45C1-A01E-435B8A4AD3D} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2113D55-19D0-4892-9F5C-52E666EF1D7A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2B6BCB-7CC9-4E1B-917E-A3322E4CFDFB} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E33D3494-4C7A-4010-B570-DD6337E3742E} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4278F15-F344-42BE-A373-935EFD8EFFDB} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAC4C87A-B328-421C-A745-F996CA09491} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB53245B-3F36-4501-982E-775F4AF3201A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC73C2CB-392F-40CF-8BB6-90D03CCFFAE2} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE433D7C-C761-400A-B93-27756B17D5A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F069CC08-D3F-4F8F-8D1D-3C2E341C7E7B} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F109F9ED-9686-4884-90D1-3F2FD217719} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F169BF64-9571-44CF-BC5-71647FE2462} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3F2E2D1-C6CA-4871-B0BF-27B732AE4F89} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5E0ED66-EC78-41E2-91EA-509429C05169} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8BBDB45-F547-4982-8899-DD814763C91A} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD337FC6-6540-460D-B152-F3E99823286F} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD558363-3464-4FB1-8617-5749BEFCC337} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDB6068C-2F44-4F49-88A-266F9C68E20} deleted successfully HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEA87F54-A07D-47C3-87A1-D766D425843} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7daeb809-e251-4976-b40b-6af3e9e00bf8} deleted successfully HKEY_CLASSES_ROOT\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7daeb809-e251-4976-b40b-6af3e9e00bf8} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAPIDRV deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BAPIDRV deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default user.js not found ---- Lines delta removed from prefs.js ---- user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "nl"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "8a521e550000000000001a4bd68bce6e"); user_pref("extensions.delta.instlDay", "15921"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.22.0"); user_pref("extensions.delta.vrsnTs", "1.8.22.016:51:51"); user_pref("extensions.delta.vrsni", "1.8.22.0"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", "affID=119357&tt=040813_10&tsp=4964"); user_pref("extensions.delta_i.srcExt", "ss"); ---- Lines ffxtbr modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files ( ---- Lines gophoto.it modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files ( ---- FireFox user.js and prefs.js backups ---- prefs_20151807_1059_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnat3d2f678f] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnat45cf7b9f] ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Home Page Guard 64 bit] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter Search Scope Monitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\360 not found C:\PROGRA~2\CompuClever not found C:\PROGRA~2\Music App not found C:\PROGRA~2\MUSICT~1 not found C:\Program Files (x86)\Ask.com not found C:\PROGRA~2\VIDEOD~2 not found C:\Program Files (x86)\360 not found C:\Users\Patric\AppData\Roaming\CompuClever not found C:\Program Files (x86)\CompuClever not found C:\ProgramData\CompuClever not found C:\Users\Patric\AppData\Roaming\Apyvwo not found C:\Users\Patric\AppData\Roaming\Depiih not found C:\Users\Patric\AppData\Roaming\UnknownFile not found C:\Users\Patric\AppData\Roaming\Smlupd not found "C:\windows\SysNative\DRIVERS\BAPIDRV64.sys" not found C:\$360Section deleted C:\ProgramData\360Quarant deleted C:\PROGRA~3\16341 deleted C:\PROGRA~3\33280 deleted C:\Users\Patric\.android deleted C:\PROGRA~2\Shareaza Applications deleted C:\PROGRA~2\BitLord 2 deleted C:\PROGRA~2\Wise\Wise Registry Cleaner deleted C:\extensions deleted C:\user.js deleted C:\stat_log deleted C:\Users\Patric\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk deleted C:\Users\Patric\AppData\Roaming\Microsoft\Windows\Templates\InternetSpeedTest.ico deleted C:\Users\Patric\AppData\Roaming\bitlord_log.txt deleted C:\Users\Patric\AppData\Roaming\BitLord deleted C:\PROGRA~3\Yahoo! deleted C:\PROGRA~3\Avg_Update_0414b deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\Package Cache deleted C:\Users\Patric\AppData\Local\simedit.log deleted C:\Users\Patric\AppData\Local\avgchrome deleted C:\Users\Patric\AppData\Local\CrashRpt deleted C:\Users\Patric\Downloads\iLividSetupV1.exe deleted C:\Users\Patric\AppData\LocalLow\imeshmusicboxtoolbar181 deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Patric\Documents\BitLord deleted C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default\jetpack deleted C:\Users\Public\Desktop\Systweak Support Dock.lnk deleted C:\Users\Public\Desktop\Emoticons for your messenger!.url deleted C:\Users\Patric\Desktop\Internet Speed Test.lnk deleted C:\Users\Patric\Desktop\FLV Player.lnk deleted "C:\Users\Patric\AppData\Roaming\Hyta\irviu.zyu" deleted "C:\Users\Patric\AppData\Roaming\Koow\exur.coy" deleted "C:\Users\Patric\AppData\Roaming\Omub\qaabz.zyo" deleted "C:\Users\Patric\AppData\Roaming\Qenu\ysyc.zyi" deleted "C:\Users\Patric\AppData\Roaming\Saak\ilve.goi" deleted "C:\Users\Patric\AppData\Roaming\Uncy\uvpui.wue" deleted "C:\Users\Patric\AppData\Roaming\Yzku\keby.icr" deleted "C:\Users\Patric\AppData\Roaming\Ziem\acamy.wyi" deleted "C:\Users\Patric\AppData\Roaming\Yldis\hayl.ogu" deleted "C:\Users\Patric\AppData\Roaming\Yldis\hayl.tmp" deleted "C:\Users\Patric\AppData\Roaming\Avugok\acbod.dya" deleted "C:\Users\Patric\AppData\Roaming\Iwriif\yfhua.rus" deleted "C:\Users\Patric\AppData\Roaming\Hyta" deleted "C:\Users\Patric\AppData\Roaming\Koow" deleted "C:\Users\Patric\AppData\Roaming\Omub" deleted "C:\Users\Patric\AppData\Roaming\Qenu" deleted "C:\Users\Patric\AppData\Roaming\Saak" deleted "C:\Users\Patric\AppData\Roaming\Uncy" deleted "C:\Users\Patric\AppData\Roaming\Yzku" deleted "C:\Users\Patric\AppData\Roaming\Ziem" deleted "C:\Users\Patric\AppData\Roaming\Yldis" deleted "C:\Users\Patric\AppData\Roaming\Avugok" deleted "C:\Users\Patric\AppData\Roaming\Iwriif" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Patric\AppData\Local\Temp ==== 2015-07-08 05:25:45 8C42FC725106CF8276E625B4F97861BC 906056 ----a-w- C:\Users\Patric\AppData\Local\Temp\1436333145_00000000_base\360base.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-07-15 04:45:20 6E91F67335D57DDFFE798C815444B0E3 210432 ----a-w- C:\Windows\SysWOW64\cewmdm.dll 2015-07-15 04:45:16 E2A2B221A47271DD4176FB9B93F670E6 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-07-15 04:45:16 CBC91E2E6158358E82D153D811B73C38 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-07-15 04:45:16 7F13188A9656355F664313334971DA22 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 04:45:16 1728A7831E95BCEEEA3F0D07AE6F74EE 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-07-15 04:45:16 13810657EE732C2F5453C0C877FD5DB2 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-07-15 04:45:08 143046AC227C193B5B2E0E20BC0CF1DD 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-07-15 04:45:06 3D73FC0D0997DA1EF6F705EF9936AB20 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-07-15 04:45:06 31165F9D71D3C249AB97FBAE55DE4B49 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-07-15 04:45:05 116F506573B59B85CD0DC18527E9951A 19877376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-07-15 04:45:03 AFAEB9E4269846C64DC9721B1BFA5CEC 12855296 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-07-15 04:45:03 37BC6BC6CFC38A6202B28459F7CCE4CD 479232 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-07-15 04:45:03 05CA106A1B68770BDABB9AA7AEAE516A 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-07-15 04:45:02 4E4B3CAC5C62415AF5C6B0167A376EB8 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-07-15 04:44:56 8EDF7B6D3A563DAA06DD87053C734168 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-07-15 04:44:51 E42BB0E02C8F6C8D1CCBFE6AB8EB199F 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-07-15 04:44:51 E3883C13DB4D19E29095C9F4BC27B755 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-15 04:44:50 D503616B296B869486AA84D6DB8FB6A5 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 04:44:50 1A04239A054D810CF32C46F2B70C47B7 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 04:44:49 E8F3572F002B556D19AC3AE4A11CAC2E 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 04:44:48 95C40DFE3B3CFCEBA2DF9E493945A7B5 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-07-15 04:44:48 87E5B70C9F0DE7E3D620E1E3A60AA274 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-07-15 04:44:48 18465944F711AD3FDE58675C3C42FA99 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 04:44:48 019019007E6980EACAC80DE04B5D330A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-15 04:44:45 CC044CFF6018AD0368AF3A8149721407 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 04:44:45 442DB5B16073DE2E79E1912D0B77F343 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-07-15 04:44:45 2CC6836C44C84583386702468125654F 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-07-15 04:44:44 E475D4B65088F4F7FABF7D427CD3D30E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-07-15 04:44:44 81ED1F775E5DDBE990D9C3AFF507DAC2 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-07-15 04:44:44 43CF584D989A4A0EA6B5D3EBFAD260B7 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-07-15 04:44:43 0CB44ADB09C5BE7CE9D1D1F04E909067 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-07-15 04:44:39 0DE5FE06603CF80238EFD9D67AB45A56 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-15 04:44:38 63B01F72FD727D5736DBEF54174D8F93 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-07-15 04:44:38 17DFCBA042195666632C889E04913E19 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-07-15 04:44:37 72D524ED31A2FBA7432801361CE41FC3 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-07-15 04:44:19 4548507ED3C17DB4739DBBEAF6378004 1414656 ----a-w- C:\Windows\SysWOW64\ole32.dll 2015-07-15 04:44:10 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-07-15 04:44:10 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 04:44:09 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 04:44:09 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2015-07-15 04:43:49 E344031017D52F5F1A4C759A815625CC 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 04:43:49 4466D67AC240FE1CCCB32BE743BCB488 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-07-15 04:43:49 02CD86D59807467D065F521BE81BB858 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 04:43:48 E97B4515FC3846CB5C6853C40E71EF28 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 04:43:48 CA017983095846BFCFBE9C02B40958B3 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 04:43:48 98226182583DF1715F1BE6CCEA6E8D95 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-07-15 04:43:48 393FDE87F56A8E98AC1B37ADB2181332 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 04:43:46 E6F375BAA4F839592627DA3E95BF3977 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-07-15 04:43:46 A719B9156A6DCDBACC201D9163AFF8D1 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-07-15 04:43:46 A41BF25E4F145E1BC00445B6421B9E11 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-07-15 04:43:46 96741CBB4CC3638A2BCB11F93B92B738 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-07-15 04:43:46 81E207D09B2A7723A549EFB34B47C7EA 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-07-15 04:43:46 6AE6E08938D5BA9D8BA305506620B48D 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-07-15 04:43:46 2E8C9C3223E05F4B42FB89C03DD09C1D 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-07-15 04:43:46 2B4A31319D74B3D3407AB64942B7FF32 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-07-15 04:43:28 D7C4ABB0F1FFA371928EED0C7A6E24DC 2364416 ----a-w- C:\Windows\SysWOW64\msi.dll 2015-07-15 04:43:27 F61A069A5517F85662ED9A6C5AD5445A 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe 2015-07-15 04:43:27 C08582E7F8EA706A2D4A3C7BD5AC35C1 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2015-07-15 04:43:27 A344B1EFA7DB86AE1407039CD596FB1E 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll 2015-07-15 04:43:27 7B4277F9E9F48D5D8E6AEA341F8048E8 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2015-07-15 04:43:13 E5D33416F2BA5E11C11215439DD3BF23 299008 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2015-07-15 04:43:13 B1BD587DE3E077CBB9F749C2CC3B8D6C 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2015-07-15 04:43:12 94815184BAAB8518F4027E92C6025505 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2015-07-15 04:43:12 5945A57802C6641478AF680FF839287E 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2015-07-15 04:43:12 4644A3B2AFDDAEA57C3EC30F8D079E54 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2015-07-08 05:50:38 F8DF49638C28AA77A2EFADCB091BBF8A 79872 ----a-w- C:\Windows\SysWOW64\gpapi.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-07-15 04:45:20 60696836CAD56F1B47059E1BA739787D 254976 ----a-w- C:\Windows\Sysnative\cewmdm.dll 2015-07-15 04:45:16 F56E83C1EFEDEF919033CBFF071602B6 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-07-15 04:45:16 D79E3C2D45315ADCAA267A05355DFBF5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-07-15 04:45:16 BC80574FF264848F8613A3F6F7AF7642 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-07-15 04:45:16 AA3E844A2595B1AA5825C70CA50D963E 2603008 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-07-15 04:45:16 84CEF9B2D8ED8006B3975DC1D8109B3D 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-07-15 04:45:16 80381DD7C4797A601E59F8E001B46793 3154944 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-07-15 04:45:16 3F9239D5F65F1318A53EBAEC01C092F1 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-07-15 04:45:16 3EDB01024BA86C5B4D2CB307DC5D3AC0 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-07-15 04:45:16 2896A06239E19379CE44FAFCDB1675B1 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-07-15 04:45:16 00DCC688DF459A9FEE42C7397668C62B 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-07-15 04:45:16 00383E521D3D039968B92A0998BA76FD 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-07-15 04:45:10 C4EA3D63E8BF077ECD1E93BF6556AE99 3207168 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-07-15 04:45:08 EFFFE1C77ACCE66C82CCFD18A9687F48 404992 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-07-15 04:45:07 837BD6BB879405B416A4326C8B723D83 5923840 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-07-15 04:45:07 2A795629E0746D82A229A01EEE75FCE5 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-07-15 04:45:03 FC165889E97E37BCB55C5B79BEB3D331 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-07-15 04:45:01 78E4D3781E5632BA88E5153510BEB625 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-07-15 04:45:00 6A70888EEC05B45C8990E8977C480019 14453248 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-07-15 04:45:00 120E3CE08505A9637CAB72D35A2D2E8C 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-07-15 04:44:58 D74E2BE157B8A2A9CF29BEBB052B8A42 25193984 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-07-15 04:44:56 41D59904967A4033FB4497DCED7320AD 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-07-15 04:44:50 A51BF63E9EA6DDED50A69797EAD23576 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-07-15 04:44:50 50AAC6B4AFD93060456134A29C35FB1E 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-07-15 04:44:49 44D98BF1ED7B520602A55446E28D8840 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-07-15 04:44:49 3A46FC42EDE2021399FCD9E4A7A406F8 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-07-15 04:44:48 4887D79B5CE61A00FCC5C53AA2216007 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-07-15 04:44:45 7EEC52D1B800230A4E8EC81B92D61118 389832 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-07-15 04:44:44 DAECFA33350D863D49157506587D5EF8 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-07-15 04:44:44 80E899C111219316B94BBA72FAFF7D11 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-07-15 04:44:43 BCE51D1B0F7BC8977CDAECD24A0D4C88 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-07-15 04:44:43 434CBA59035C4F3A02E5AB92FD6C816B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-07-15 04:44:42 BB33A140CA61A22B5882486881E2191A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-07-15 04:44:42 AF3D4DA49A9C9C9778953CE9D7470C11 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-07-15 04:44:41 58243D92748201D38AACDAEA22527412 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-07-15 04:44:39 B5164F4515C4BC4F45FBF5B3A99685C0 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-07-15 04:44:38 9B9D2B99A865CB3B9BAA9BE77A300680 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-07-15 04:44:38 142D20CA55870589B009D53C37C0B75C 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-07-15 04:44:37 4024752E6B341B07F3823B7DA72C45D2 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-07-15 04:44:35 F30702F2607AEE462A6AB8715E72FC03 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-07-15 04:44:35 796A89701B2560FF453FF08FF941A169 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-07-15 04:44:35 74F367C596EEF3106EBC65625F04C807 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-07-15 04:44:33 E066FDC3A2074D926903B8C31EF3B347 2427392 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-07-15 04:44:33 88E26FC9F8BDE0635F379BB8FE6BFFF1 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-07-15 04:44:32 C95EE658B7816B3588418E948EF55F83 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-07-15 04:44:32 8DA3623D372E5147914973383D998980 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-07-15 04:44:19 E3EB94B45A2735D4559558B5899732E8 2087424 ----a-w- C:\Windows\Sysnative\ole32.dll 2015-07-15 04:44:10 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-07-15 04:44:09 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2015-07-15 04:44:09 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-07-15 04:44:09 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-07-15 04:43:49 F66102F990EE913261ED7907403718ED 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-07-15 04:43:49 D5844B744F7BAF826965DD634FF8DB00 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-07-15 04:43:49 A66FF313F2F8A6CBF9BB2B0CC92D5ACD 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-07-15 04:43:49 750C44D6F7A708F0C6618F075A0A68A7 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-07-15 04:43:48 E8560BC8E1B85A5A081AEF43626187B1 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-07-15 04:43:48 9F2CCDE3F30C224C082984B6F95D3D95 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-07-15 04:43:48 9EA6DA45B95599C27B1661C1D99307D7 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-07-15 04:43:48 48A88348F1539CC7C8CB4E032DD79DAA 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-07-15 04:43:48 3B96392CBE54FF44BEAEB0B4BCC65487 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-07-15 04:43:48 09730D830B2B69B626817F4A95945308 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-07-15 04:43:46 F01A58E45BB8E28CCE6BCF272FF0F9A8 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-07-15 04:43:46 EEB192537935BB12A998CAB8F5A07E78 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-07-15 04:43:46 C3F6A9A41CC8591EF0370708E54DE474 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-07-15 04:43:46 C3F0594AF92FE71B13A44177FDB80784 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-07-15 04:43:46 B1D191D0EDEB86197A5FD5030B65420F 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-07-15 04:43:46 97D879A884E7CDFED51AD63348A35254 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-07-15 04:43:46 7C26CACB82ECA09874B984B155B06AD4 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-07-15 04:43:46 55750A7588D91B102EB17E69BFF2AAF1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-07-15 04:43:28 D9A91A779B5059E72D7FAD2B38275EA4 3242496 ----a-w- C:\Windows\Sysnative\msi.dll 2015-07-15 04:43:28 5489E74E56C0255159C8AE2C70744458 1941504 ----a-w- C:\Windows\Sysnative\authui.dll 2015-07-15 04:43:27 CDAD406033C31DB34185DDAECDD35FE2 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2015-07-15 04:43:27 978DC0A1FBE9CC91B21B40AF66CB396A 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll 2015-07-15 04:43:27 91593D4FB7D89249014564A5F3EC389B 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll 2015-07-15 04:43:27 81CB8D34112178CE1826C86BA5F268C3 128000 ----a-w- C:\Windows\Sysnative\msiexec.exe 2015-07-15 04:43:27 0D9514850CC3A99A6600643F2888858B 112064 ----a-w- C:\Windows\Sysnative\consent.exe 2015-07-15 04:43:15 D236055773550118989C0C81CBE79A29 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-07-15 04:43:15 BBA5CB528CB7482E118D0FEAF808987A 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-07-15 04:43:15 782C216AFEE0561680706698F70B2A93 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-07-15 04:43:15 658B5EC540CD94D76889D0E8390B1C04 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-07-15 04:43:15 5D507961F680D0A0392CC5EB6515E70A 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-07-15 04:43:15 474EA5201E3883F747D540D3EF57C1F2 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-07-15 04:43:15 0919F433ED64E6CD1912C016F1E80BE7 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-07-15 04:43:14 5663847B3DCC8382B1D1F1EEB4A92994 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-07-15 04:43:13 690FE1D790C8C7E94EAA55B669BC5CE0 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2015-07-15 04:43:13 44F32DF903B984B4C6A164E99A39FC58 372224 ----a-w- C:\Windows\Sysnative\atmfd.dll 2015-07-15 04:43:13 373CB9C184589E3BE07412DFD5DF3D4F 41984 ----a-w- C:\Windows\Sysnative\lpk.dll 2015-07-15 04:43:13 2C4AD63E4D89661C9FED77E81053735D 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2015-07-15 04:43:12 AE7E9E9581E2B874348A0DF38AD04722 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2015-07-08 06:17:44 54785274C938AFCA7AB8E917AE5263F0 5008032 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2015-07-08 05:50:38 FE91DC3D9A696CCDDB9F51C25ACBC53A 782848 ----a-w- C:\Windows\Sysnative\gpsvc.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-17 17:27:26 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-07-17 17:27:13 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-07-17 17:27:13 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-07-17 17:27:13 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-07-15 04:43:48 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-07-15 04:43:48 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-07-15 04:43:48 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-15 04:43:46 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-15 04:43:46 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-08 05:50:38 CF1F6326AC44C42F4615D4BD53188AC5 105984 ----a-w- C:\Windows\Sysnative\drivers\dfsc.sys 2015-07-08 05:50:37 71B6F78D6444CCE6F77BC42917A4E8F7 310272 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys 2015-07-08 05:50:36 AA0C2BA3782E92BD85E2264BE418E67C 104896 ----a-w- C:\Windows\Sysnative\drivers\mup.sys 2015-07-06 05:03:47 CA4ADE6C3929B70317BFDDF9ABBFE0CE 135800 ----a-w- C:\Windows\Sysnative\drivers\epp64.sys 2015-06-26 07:49:10 E3DC1089EDAD57F5279804167E6142E9 293296 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys ====== C:\Windows\Tasks ====== 2015-07-04 04:55:26 6F2C8523F4BDCE7CA2D5C0739D6A41B8 3094 ----a-w- C:\Windows\Sysnative\Tasks\{C0972821-6DB9-498E-B596-C16BA9058662} 2015-06-24 15:40:18 15FBE25749525418EB5EE72C0FA74336 3094 ----a-w- C:\Windows\Sysnative\Tasks\{FE0C7E35-DF88-44F4-9E98-F422195A3441} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-07 19:01:25 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Patric\AppData\Roaming ====== 2015-07-08 06:58:52 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\360safe 2015-07-08 06:20:39 B931016953DE6C123B39225129E86A69 123560 ----a-w- C:\Users\Patric\AppData\Local\GDIPFONTCACHEV1.DAT 2015-07-08 06:14:05 -------- d-----r- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2015-07-08 05:37:31 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\360safe ====== C:\Users\Patric ====== 2015-07-08 05:15:41 8FD3A3DD1A87F062748A309B562D42BA 247390688 ----a-w- C:\Users\Patric\Downloads\360is_4.9.0.4900.exe 2015-07-06 05:02:12 -------- d-----w- C:\Users\Patric\Nieuwe map (3) ====== C: exe-files == 2015-07-18 05:22:31 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\GO2N1Z98\RSITx64.exe 2015-07-18 05:22:31 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO2N1Z98\RSITx64.exe 2015-07-17 17:46:03 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\0I2W7DMI\mbam-setup-2.1.8.1057.exe 2015-07-17 17:46:03 D3B6FA14CB7E12B7FBC0B3AA26235898 24345872 ----a-w- C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I2W7DMI\mbam-setup-2.1.8.1057.exe 2015-07-17 12:38:41 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\CA6R12C5\adwcleaner_4.208.exe 2015-07-17 12:38:41 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA6R12C5\adwcleaner_4.208.exe 2015-07-16 04:23:58 93EE27EEA252951660682E891B72D7F5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe 2015-07-16 04:23:57 D7E523E6F4C911EDFF6A8325ACAEE56C 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe 2015-07-16 04:23:56 81A1D591D429FF81D443A993B9B91301 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe 2015-07-16 04:23:51 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe 2015-07-16 04:23:33 FC8EE235C4F75C96907C25EF1349CB81 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe 2015-07-16 04:23:32 C6FF00DA1605982E616C03BE809FFE2D 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe 2015-07-16 04:23:32 92D840650F95EB60659952AEECAFCE85 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe 2015-07-16 04:23:32 54FB3B0B29F76E839C648D2F5983A22C 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe 2015-07-16 04:23:16 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{1597AA51-3B04-41DA-82E2-7CD9A832F48F}\GoogleUpdateSetup.exe 2015-07-16 04:23:15 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe 2015-07-15 10:22:01 86731DC801EDB96D804B1BA2BEBD36D5 42829392 ----a-w- C:\Program Files (x86)\Google\Update\Install\{12AD49BF-186E-4866-91C3-4B5BD5252FA7}\43.0.2357.134_chrome_installer.exe 2015-07-15 10:21:58 86731DC801EDB96D804B1BA2BEBD36D5 42829392 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_chrome_installer.exe 2015-07-15 04:45:03 26492D0AE6279B60A3801EDBE3CB794C 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-07-15 04:45:01 3698C298719803F6502612D651A852B2 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-07-15 04:44:49 8EA2ED812E996D95DE37CD2CE3158C2C 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-07-15 04:44:45 C899B9E60D663BE24B35EFBC29192A7C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-07-15 04:44:45 A7B6589F92C9CB498CDBA42EBEB23EE4 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-07-15 04:44:39 D295049B06D31020A88B170445123D33 814280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-07-15 04:14:23 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Install\{7B60F0B3-5FAA-426F-BB95-195D92F8D522}\43.0.2357.134_43.0.2357.132_chrome_updater.exe 2015-07-15 04:14:23 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_43.0.2357.132_chrome_updater.exe === C: other files == 2015-07-17 17:27:26 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-07-17 17:27:13 E681CE4AE5C09651D53CB4387CA3560E 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-07-17 17:27:13 AE757332EA130E94E646621CC695B52A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-07-17 17:27:13 A8D28D5B3E2A528D1EF0E338E44F2820 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-07-15 04:45:10 C4EA3D63E8BF077ECD1E93BF6556AE99 3207168 ----a-w- C:\Windows\System32\win32k.sys 2015-07-15 04:43:48 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-07-15 04:43:48 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-07-15 04:43:48 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-07-15 04:43:46 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-07-15 04:43:46 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "PC Suite Tray"="C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray" "OneDrive"="C:\Users\Patric\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Shareaza"="C:\Nieuwe map\Shareaza.exe -tray" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-523000165-1516823666-2951625117-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\amd64" "Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe /S" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "PC Suite Tray"="C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray" "OneDrive"="C:\Users\Patric\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Shareaza"="C:\Nieuwe map\Shareaza.exe -tray" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\amd64" "Uninstall C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Patric\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "StartupDelayer"="C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe /LaunchType=Auto /LaunchApps=Common" "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApnUpdater" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS WebStorage] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ASUS WebStorage" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\SERVICE\\AsusWSService.exe MySyncFolder" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA] "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Media\\DMedia.exe" "hkey"="HKLM" "item"="ATKMEDIA" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2] "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKOSD2\\ATKOSD2.exe" "hkey"="HKLM" "item"="ATKOSD2" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\Patric\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GameXN GO] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GameXN GO" "hkey"="HKCU" "command"="\"C:\\ProgramData\\GameXN\\GameXNGO.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser] "command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\HControlUser.exe" "hkey"="HKLM" "item"="HControlUser" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnat3d2f678f] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnat3d2f678f" "hkey"="HKCU" "command"="C:\\Users\\Patric\\AppData\\Local\\Temp\\msnat773f20bf.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnat45cf7b9f] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnat45cf7b9f" "hkey"="HKCU" "command"="C:\\Users\\Patric\\AppData\\Local\\Temp\\msnat6e7fd1f.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s" "hkey"="HKLM" "item"="RtHDVCpl" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "hkey"="HKLM" "item"="SunJavaUpdateSched" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FancyStart daemon.lnk" "backup"="C:\\Windows\\pss\\FancyStart daemon.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\\_A1DDD39913A1970387B7B3.exe -d" "item"="FancyStart daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SRS Premium Sound.lnk" "backup"="C:\\Windows\\pss\\SRS Premium Sound.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h" "item"="SRS Premium Sound" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk] "path"="C:\\Users\\Patric\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk" "backup"="C:\\Windows\\pss\\Facebook Messenger.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Patric\\AppData\\Local\\Facebook\\MESSEN~1\\214814~1.0\\FACEBO~1.EXE " "item"="Facebook Messenger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NitroReaderDriverReadSpool] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TurboBoost] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VideoDownloadConverter_4zService] ==== Startup Folders ====================== 2010-04-02 07:00:09 956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk 2014-04-17 18:09:09 2101 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001Core.job --a------ C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe [19/06/2014 20:37] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001UA.job --a------ C:\AC:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Patric-PC-Patric" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\ESTsoft RunAsStdUser 5855965Task" [C:\Program Files (x86)\ESTsoft\ALPlayer\ALPlayer.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001Core" [C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-523000165-1516823666-2951625117-1001UA" [C:\Users\Patric\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\SysNative\tasks\{148E43DD-4B9E-4D11-B8C6-E86E90029A85}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{39E9723E-5FCC-471B-A350-3ECE90161BA6}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{3AA1AC30-AAA6-46EA-95E1-6BFF4DD771C0}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{5EE79F61-D6C2-48CC-93A0-28390A9D0942}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{67DD4874-EE61-45DC-A840-F34403547F2A}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{8CA99AF4-368B-4CBE-8B28-21C8C686B9FD}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{A4BE2926-9911-4576-9176-25D6608FC2D9}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.4.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{ADCE2085-5AA2-48A4-9529-C1F789790A7B}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{C0972821-6DB9-498E-B596-C16BA9058662}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/7.5.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{C7E51459-BAAD-4E43-8884-8956DF076AC9}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{DFA19178-1CA5-44F9-8C8D-223B8C4D27D7}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{E02FB80E-062D-4276-8925-205ABBA9AE68}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.2.0.103/nl/go/help.faq.installer?LastError=1618] "C:\Windows\SysNative\tasks\{FE0C7E35-DF88-44F4-9E98-F422195A3441}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/7.5.0.102.259/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "SearchAlgo"); user_pref("browser.search.selectedEngine", "SearchAlgo"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [12/08/2010 07:39] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default - Firefox Synchronisation Extension - %ProfilePath%\extensions\synchronize@nokia.suite - Snap.Do - %ProfilePath%\extensions\{e5030833-de1a-e53d-cf3b-b4fc65038cb7} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Patric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Patric\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop B16EC84E06F26B8B85800F3B07B8D757 - C:\Windows\SysWoW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash ==== Deleted Firefox Extensions ====================== C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\pmtf5ntd.default\extensions\{e5030833-de1a-e53d-cf3b-b4fc65038cb7} deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.134 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[22/11/2012 11:30] Skype for Chromium - Patric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Startpages ====================== C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Preferences nstall_signature":{"expire_date":"2015-09-16","ids":["lifbcibllhkdhoafpjfnlhfpfgnpldfl"],"invalid_ids":[],"salt":"tjYL56ZaBb61XXt1iyUePdOreZqSe4PDFZBgsgXs8Ms=","signature":"aYtdoBW6FaTIMVw/SnQSVhoTiyPEN9Y8Tf39DrmdHH7PqJO/I1YXpGjQXHAZpIeeCnAkpX03fQc5afMXKAQRRM7g1Ih7+zMJEDI3MWIrptn7AzLoJkLB30BL0rvh6fZXHxIyzhICpK2kNRVTL0Ls1OPWw1lIi/0WFnyMANCcRC6VlM0NcqdWMZpSyLJTdiUXpbxXcZZq4eDxg+N07LFGRCIVmXcvrLXNo2vPu8+Dt/6rhMaAQT5EUwBWTrEOUIWcVpLe37nyxyMERak55z59aVfj7LWqQD3vUp6S60H4mxz8OgskyZ/kDQMIvG5HtWGdYeWctduU87ab106IifrZ4Q==","signature_format_version":2,"timestamp":"13079633883757290"},"last_chrome_version":"43.0.2357.130","toolbar":["lifbcibllhkdhoafpjfnlhfpfgnpldfl","ndibdjnfmopecpmkdieinmbadjfpblof"],"toolbarsize":-1},"http_original_content_length":"544539","http_received_content_length":"544539","http_throttling":{"enabled":true},"instant":{"enabled_time":"12975583351586965"},"intl":{"accept_languages":"nl-NL,nl,en-US,en"},"invalidator":{"client_id":"jNJtNtluxlkfBTJKqKOllA=="},"media":{"device_id_salt":"5DkVsAPN7BRPJMR+NrM+zg=="},"net":{"http_server_properties":{"servers":{"ajax.googleapis.com:443":{"settings":{"4":100},"supports_spdy":true},"apis.google.com:443":{"supports_spdy":true},"chrome.google.com:443":{"settings":{"4":100},"supports_spdy":true},"clients2.google.com:443":{"supports_spdy":true},"ssl.gstatic.com:443":{"settings":{"4":100},"supports_spdy":true},"www.google.be:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"settings":{"4":100},"supports_spdy":true},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:443":{"supports_spdy":true}},"supports_quic":{"address":"192.168.1.3","used_quic":true},"version":3}},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.130","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.130\\gcswf32.dll","version":"10,3,181,22"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll","version":"10,0,32,18"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.240.7","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.240.7"},{"enabled":true,"name":"Java(TM) Platform SE 6 U24","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.240.7"},{"enabled":true,"name":"Silverlight Plug-In","path":"C:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60310.0\\npctrl.dll","version":"4.0.60310.0"},{"enabled":true,"name":"Microsoft Office Live Plug-in for Firefox","path":"C:\\Program Files (x86)\\Microsoft\\Office Live\\npOLW.dll","version":"2.0.4024.1"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.130\\pdf.dll","version":""},{"enabled":true,"name":"Chrome NaCl","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.130\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Google Gears 0.5.33.0","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.130\\gears.dll","version":"0.5.33.0"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.1.0.2009022700"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.57\\npGoogleUpdate3.dll","version":"1.3.21.57"},{"enabled":true,"name":"Windows Live￯﾿ᆵ￯ᄒ﾿￯ᄒᆵ￯﾿ᆵ￯ᄒᄒ￯ᄒ﾿￯﾿ᆵ￯ᄒᄒ￯ᄒツ￯﾿ᆵ￯ᄒ﾿￯ᄒᆵ￯﾿ᆵ￯ᄒᄒ￯ᄒᄒ￯﾿ᆵ￯ᄒᄒ￯ᄒル Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":false,"name":"Chrome NaCl"},{"enabled":true,"name":"Google Gears 0.5.33.0"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Windows Live￯﾿ᆵ￯ᄒ﾿￯ᄒᆵ￯﾿ᆵ￯ᄒᄒ￯ᄒ﾿￯﾿ᆵ￯ᄒᄒ￯ᄒツ￯﾿ᆵ￯ᄒ﾿￯ᄒᆵ￯﾿ᆵ￯ᄒᄒ￯ᄒᄒ￯﾿ᆵ￯ᄒᄒ￯ᄒル Photo Gallery"},{"enabled":true,"name":"Default Plug-in"}],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"*,*":{"per_resource":{"npsitesafety.dll":1}}},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Patric\\Desktop","type":1},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13057442467590676"},"sync_promo":{"startup_count":10,"user_skipped":true},"tabs":{"use_vertical_tabs":false},"translate_blocked_languages":["nl"],"translate_whitelists":{},"webkit":{"webprefs":{"allow_running_insecure_content":true}}} ,"manifest_version":2,"name":"GoPhoto.it","permissions":["contextMenus","tabs","http://*/*","https://*/*"],"update_url":"http://cdn.gophoto.it/Extensions/gophotoit/chrome/update.xml","version":"1.6","web_accessible_resources":["images/back.png","images/loader.gif","images/logo.png","images/icon.png","css/zoom.css"]},"path":"pfmopbbadnfoelckkcmjjeaaegjpjjbk\\1.6_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"prefs":{"preference_reset_time":"13079074454200439"},"protection":{"macs":{"browser":{"show_home_button":"2D6A4CC19A63CD2ABF991CEDAEED85B0A0E4E56B78A532EE9FDA7E3921AECD7C"},"default_search_provider":{"keyword":"1CA7A832880179532EC9C99FE989659671D489252E90F2755CA588EAD62BB3C8","name":"7664A3726CB8C72456F3C2EBDBC19EFFCA312456080C614E33CDCAFB93A3843E","search_url":"7A1770F71A080B113055CDFF570EE8A6A1FEF64FD54C281D373C62F1993F438B"},"default_search_provider_data":{"template_url_data":"7F300AD36A7995C03C26982BF55DFC094A28E62018A654213CAD92F9ECF164EE"},"extensions":{"known_disabled":"E60692DB9357587512602B11ECFEA17FBF5B4E8F70F2A2C39D7619F375738E0B","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"1BC34FFDD5EDE701EF8C47D6E607CF2C99F23BBC9569EEA228AC47C8B4B75882","bepbmhgboaologfdajaanbcjmnhjmhfn":"88FAE4D9C245F42312832E4398B975DE2E1754E6E396066D4B2132810B12885E","eemcgdkfndhakfknompkggombfjjjeno":"D29B865016866634E3483DCF16F4147C002FCA0D46C16883E7057DA06209485D","ennkphjdgehloodpbhlhldgbnhmacadg":"1F7C48FDBBE79C8BBC5FD81EB171912FC2E826870F694A81CF3B056738E66FFF","fjoijdanhaiflhibkljeklcghcmmfffh":"935A1A2FA5C1B528C9FD0FC3116D88352A5F61C1545C55AFA2210B9B22134BE0","gfdkimpbcpahaombhbimeihdjnejgicl":"28BD302E7B35F0A18CCC327E56BD6C347C755DFA3CFFD868404E598FD89F6AE9","kmendfapggjehodndflmmgagdbamhnfd":"2BD536D9E9A205E1B1B1F3655107C80B5E4421E8A1C5EAD741BE65F15DE254D0","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"828C32437A691F92095569FE61D1F09A8DD53F05FEAE812AAC0E8050E2A5FB21","mfehgcgbbipciphmccgaenjidiccnmng":"76411714BCB2F9EE01D84DC84190D3457E2E96894B24344A19350486F9C6187C","mgndgikekgjfcpckkfioiadnlibdjbkf":"2E887317409AB04861108182E6806AA49AB9471258ABB16AF8620A70F6B6D50C","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F199783D1F53BF679E6CCE274C4B070C5BCDDF76E325FA499552626710655FE6","neajdppkdcdipfabeoofebfddakdcjhd":"1C24836E069EA1F92BE6EDE3CE6C88FF226B160BA0782824956BF079F4F76D76","nkeimhogjdpnpccoofpliimaahmaaome":"2CF7670BAE9818AB02BD4AAB96829926CF87A9B3626E5E5A31EDE5112D089D30","nmmhkkegccagdldgiimedpiccmgmieda":"DE7B2AB72D599A832F49D9390DBF165B9139C3185EC73C93F56477965116A707","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"B6468F11D7CCD1B849A3E74E02276331A1B2A180655B82E6F4FDFDC9ECAF7B8F","pfmopbbadnfoelckkcmjjeaaegjpjjbk":"7D18DA9179C05DE90A6431C7A13091DCDD3A3F0ADCF2B3C63E3BA1BBDD7F0B0E"}},"google":{"services":{"last_username":"3533F4C9948B4A00F6693AE066A8CCDCDF77BEA22C103B7ADE14D34149547298","username":"0B3FF715610B812A5BB73BF01A1DBC16114130C506D70A34827D41630F782B6F"}},"homepage":"832AA6E4074E090B54C4374CDC5ECA2D895CCFD13C10CCFA160D3ECF455A14D0","homepage_is_newtabpage":"C853F0513104CB9E2CE1085A45A21AAF1683A5B291BB01E92E768C5F69C2943F","pinned_tabs":"150CFC2520DC8B1118410EEBBEF82E3F167C4006FEAC12A2308C92BC4EC0B3EE","prefs":{"preference_reset_time":"F86687BC7FF9F4131A1D017453FBC7964BF9327F18BD83E728D8234DF2F5D815"},"profile":{"reset_prompt_memento":"E4B6D13A8B8F82688DE6EF17081AA37999574146A397745AAA4F1367A77F4E17"},"safebrowsing":{"incidents_sent":"08ED11E92FB18376759BA6688F72B591795D52CFCBB3E674D4B7326F8B2FC6ED"},"search_provider_overrides":"0F205A03B37A128C2EBC59BBD6CAE17AA3AC44BD54C5A0A8D16CA007FB743C6D","session":{"restore_on_startup":"5E8835E449EA6A6A952043CE51463C0787A9B43B156E3CEC7880AB8BD5191825","startup_urls":]},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnat3d2f678f deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnat45cf7b9f deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I2W7DMI will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MP5F5A3 will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA6R12C5 will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO2N1Z98 will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG62GDHP will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZGJJHY6 will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOURSNOT will be deleted at reboot C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUETZWYU will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\0I2W7DMI will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\3MP5F5A3 will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\CA6R12C5 will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\GO2N1Z98 will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\JG62GDHP will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\KZGJJHY6 will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\MOURSNOT will be deleted at reboot C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\UUETZWYU will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Patric\AppData\Local\Mozilla\Firefox\Profiles\pmtf5ntd.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Patric\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1208 folders=176 131409785 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Patric\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patric\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I2W7DMI" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MP5F5A3" deleted "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CA6R12C5" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO2N1Z98" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JG62GDHP" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZGJJHY6" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOURSNOT" not found "C:\Users\Patric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUETZWYU" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\0I2W7DMI" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\3MP5F5A3" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\CA6R12C5" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\GO2N1Z98" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\JG62GDHP" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\KZGJJHY6" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\MOURSNOT" not found "C:\Users\Patric\AppData\Local\Temporary Internet Files\Content.IE5\UUETZWYU" not found ==== EOF on za 18/07/2015 at 12:37:06,27 ======================