
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Bernardus on do 14-01-2016 at 10:32:09,77.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bernardus\Contacts\Downloads\zoek.exe [Scan all users]  [Checkboxes used]

==== System Restore Info ======================

14-1-2016 10:36:21 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\Users\Bernardus\AppData\Roaming\MPC-HC deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\BERNAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\rdot3j7h.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_14-01-2016_1103_.backup

ProfilePath: C:\Users\BERNAR~1\AppData\Roaming\TomTom\HOME\Profiles\f7e2f2p1.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_14-01-2016_1103_.backup

==== Deleting Files \ Folders ======================

C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\BERNAR~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2016-01-13 11:25:57	4489D5077C5D2396E3A94D652ADAE1CA	14336	----a-w-	C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 11:25:57	2BB34CC2D6DF7194F46C6508589EF8FD	76800	----a-w-	C:\Windows\SysWOW64\mapistub.dll
2016-01-13 11:25:57	2BB34CC2D6DF7194F46C6508589EF8FD	76800	----a-w-	C:\Windows\SysWOW64\mapi32.dll
2016-01-13 11:25:53	D1450810490EB170A182C4AC915CB87C	1620992	----a-w-	C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 11:25:53	3CC0EF43C256D0A28C908F36AD06963D	970240	----a-w-	C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 11:25:51	7368176B23E9BE5D23ED9BFE1D58AC0C	902144	----a-w-	C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 11:25:50	EDCAA72A69E36517F1493F09B8A834F7	829952	----a-w-	C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 11:25:50	B049A75BD074FC465D2BCE2BF5B15D75	3209728	----a-w-	C:\Windows\SysWOW64\mf.dll
2016-01-13 11:25:50	62851F0D13AD06F0042C8109E680421F	739328	----a-w-	C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 11:25:49	A0448DC7978E550FE64B9A984522B963	815616	----a-w-	C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 11:25:49	96FF617934E6A87AA810719D1D911DA9	541184	----a-w-	C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 11:25:48	EDB8F80672DBF24C6C522A29F5854F14	153600	----a-w-	C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 11:25:48	B25C60E9ED641AFF18198CBF6C288DB8	740352	----a-w-	C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 11:25:47	FEAEA5182DB9072EBD493466F8608EB8	1568768	----a-w-	C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 11:25:47	89FBB1C25E02767572AB1F136EE8CD04	1329664	----a-w-	C:\Windows\SysWOW64\quartz.dll
2016-01-13 11:25:47	71C9DDA9ED939361C1CA2CE21EA84DBF	665088	----a-w-	C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 11:25:47	65EED8B27B02573948434B583DACFB39	489984	----a-w-	C:\Windows\SysWOW64\evr.dll
2016-01-13 11:25:46	66EB4C814BF7BD76CF7CBC7F562234BA	67584	----a-w-	C:\Windows\SysWOW64\devenum.dll
2016-01-13 11:25:45	92BBFF13DE00F30DABC03CFF59D8678E	609280	----a-w-	C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 11:25:45	78E7D511C9FB80ADC9A1DD22CCF66C0E	519680	----a-w-	C:\Windows\SysWOW64\qdvd.dll
2016-01-13 11:25:45	5342DCCA8EA8ED193ACAAD14A5046982	354816	----a-w-	C:\Windows\SysWOW64\mfplat.dll
2016-01-13 11:25:45	2C838797F2F6138EF36C8964487775B9	358400	----a-w-	C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 11:25:44	A7FAA81D1622D6AF4467A81B42D30DBE	241152	----a-w-	C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 11:25:44	7C135C38EC6586F7562CFBC184A514E2	2285056	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 11:25:44	6B1BB70E72B573EBDF1235B77DF5706D	1325056	----a-w-	C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 11:25:44	5CF623B21998B8F1D081D55910A0BDA7	206848	----a-w-	C:\Windows\SysWOW64\qasf.dll
2016-01-13 11:25:44	0697FF546D6D70AE7F77EF6398004153	241152	----a-w-	C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 11:25:43	D6A767B747F4D58EBDAAD1925DC863FA	206848	----a-w-	C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 11:25:43	BE2D4165A6845FEE05CBD36D8B41E518	193536	----a-w-	C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 11:25:43	8A2A7AA90CBA77DD44FBAE713B4B3877	415744	----a-w-	C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 11:25:43	24D74CF313DC62C65EEA4726AE2EB3F8	154112	----a-w-	C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 11:25:42	BBE4D9B89B3FBC97C0F381C2F9C4ADEF	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 11:25:42	936E6F6F76136BC73B13D25A254BC84B	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 11:25:42	5DCE986C8D7E91B455FB3D57BF955A2A	79872	----a-w-	C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 11:25:42	4FBCDC326769C31CB283981A51C867F3	53248	----a-w-	C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 11:25:42	41BAC1A440EAA15AD4CC15B0C7870AB0	103424	----a-w-	C:\Windows\SysWOW64\mfps.dll
2016-01-13 11:25:41	FEB2B13697D1C482D84FB626A0F1F73A	2048	----a-w-	C:\Windows\SysWOW64\mferror.dll
2016-01-13 11:25:41	A4C85F362EBB7815676F1CD9CFC5BA59	4608	----a-w-	C:\Windows\SysWOW64\ksuser.dll
2016-01-13 11:25:38	BBCD95BC468665A596D7ED2D6233A34E	509952	----a-w-	C:\Windows\SysWOW64\qedit.dll
2016-01-13 11:25:22	D47060A0923B50FB9E4DD5D9DE0C7402	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 11:25:22	49FBB053E3AC19EEE92AE8492CDA7E91	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2016-01-13 11:25:22	3C9399B72F7FFB9EE63BB173B481340E	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 11:25:22	18B231ACA137116CF16DBE3EBD7FDB5D	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 11:25:21	CA0F8D2342A719DEA69C7840B0BB5F4B	2280448	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2016-01-13 11:25:21	C5B72E7048DEEE1B264D7155C77241C5	341192	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 11:25:21	AB90455CBD34BDE95F463C02C4D3FF50	1311744	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2016-01-13 11:25:21	A786A11EE4C05BC3AE924344F10275DE	496640	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2016-01-13 11:25:21	67527FD222AD6842F98A733DF52C8416	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2016-01-13 11:25:21	06CEABA53DA48B45C2B23F52C8C9EA72	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 11:25:20	D120251F43699D6C08E13950C3C72978	20367360	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2016-01-13 11:25:20	B26FB4205FDB1542166C1D8D7D1968C0	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 11:25:20	8E5DD507EC43B5C738EB0289A9663670	687104	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 11:25:19	DAEFD0F03CA94242ACB5C3C1359176D3	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2016-01-13 11:25:18	D1348E7209031F20BC8864DA8CA2F955	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 11:25:18	9DA0FD6D5B8E2FAD8967A617FD142C6D	2050560	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 11:25:18	83F409B2EC14007F6D7E2EA485E6B7D9	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 11:25:18	73C47A23B212481ABF01924B5C74C140	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2016-01-13 11:25:17	CFA5159B0C90A82D28314571E8B64775	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 11:25:17	C5BF6D661A8EFB996AD5E4B88FFBD7FD	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2016-01-13 11:25:17	862FF89AEF127D001ADBF75095D5ECB1	12856320	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2016-01-13 11:25:16	C2806F9A73E738CDC0718E5D7375BDCB	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 11:25:15	6D7983A5DFD58E54159D2A03558D4BCE	4610560	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2016-01-13 11:25:15	424300DDB7A1B24199C9B481438F55E9	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 11:25:15	21784CDE61E83DBCB42DA6C2A374D69A	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 11:25:15	0DABE887449758C9E70FFB253A787D44	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2016-01-13 11:25:14	FFA261B9252C71A6910B4F19FDC1EA57	2011136	----a-w-	C:\Windows\SysWOW64\wininet.dll
2016-01-13 11:25:14	D5E9072573EEE8DFEF63CD38640F6D35	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 11:25:14	2C10833C0180FEE2AEB6DAEB76FD16E7	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2016-01-13 11:25:14	063A81A53400EA55D27AFC77C49A5B4B	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2016-01-13 11:23:58	E8D68D619AAF4E78850DF96B5E53EA03	641536	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2016-01-13 11:23:53	7FD1DCF4F11C61621AE9279E26FADCF3	312320	----a-w-	C:\Windows\SysWOW64\gdi32.dll
2016-01-13 11:23:35	68EC4300B8EF8D7E2B857FABB91F3EFB	552960	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2016-01-13 11:23:34	AFCF45621028D4B6D252B1429A07A530	251392	----a-w-	C:\Windows\SysWOW64\schannel.dll
2016-01-13 11:23:34	A8D4C2B034947F2445F5099E6B3173C8	3938240	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 11:23:34	1615874D0262DA99E565D4FE6F74F7DD	3993536	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 11:23:33	DC9222A325ACFC29E019013505AE33DB	171520	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2016-01-13 11:23:33	D92212049589535FBB25B806FF8A20C5	665088	----a-w-	C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 11:23:33	CE283E9E462E8FC95F7DC5DAF39D09FA	223232	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 11:23:32	E149FE1FD23748986551F4E1F5752090	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2016-01-13 11:23:32	9E02351A74A6F1FA0F46405583525959	1311768	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2016-01-13 11:23:32	678A679C5E416A93A71DA3D4241692B0	259584	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 11:23:30	ED43479669D84DC8A4385E6AC2CF5A7F	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2016-01-13 11:23:30	ECA0236432A1C2E695FD50C3AC4CAFCE	36352	----a-w-	C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 11:23:30	69048141035DEDA0D3AFB28367622130	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2016-01-13 11:23:30	4743B91B77F4B8CEF891ABF00C1E0055	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 11:23:30	16A3C3CCDB7ECFD2A72DAFED734B22BB	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 11:23:29	BFDCF4944CC86AB5A59B605637C82090	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2016-01-13 11:23:29	BC5142F61047916EA677908F98F3A7C2	274944	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 11:23:29	41560C9C4CCA31FC3B0CA192B113F68F	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2016-01-13 11:23:28	AE6E759632A0F931CFB626EED55C3E99	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-01-13 11:23:28	8E3915AF90315E4ED96D4CAE316E8F21	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-01-13 11:23:28	5A3BF056627B6A7C348FD7AF420741E1	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 11:23:28	119F46197BABD04BE1E2DDD50E782DAC	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2016-01-13 11:23:26	1418C1A502A9540A4726B4935229E7B9	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-01-13 11:23:25	59541469E828B311B1E5EEA77E6F6BE7	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2016-01-13 11:23:24	EA5A0A356F6DB3D4177568FF084AD367	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2016-01-13 11:23:24	B9E8D6170C3325895EF3E1E5699A6F8B	686080	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2016-01-13 11:23:24	80497842956847806BC7DAD11A18D9D4	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2016-01-13 11:25:57	73DC9840FE246158ECCBC8270847CCBC	91648	----a-w-	C:\Windows\Sysnative\mapistub.dll
2016-01-13 11:25:57	73DC9840FE246158ECCBC8270847CCBC	91648	----a-w-	C:\Windows\Sysnative\mapi32.dll
2016-01-13 11:25:57	2FFBA1EAE28B45A92E2EA70C61C66F14	17920	----a-w-	C:\Windows\Sysnative\fixmapi.exe
2016-01-13 11:25:54	5BAEB6D045DA253787F3F1984B712835	1888768	----a-w-	C:\Windows\Sysnative\WMVDECOD.DLL
2016-01-13 11:25:54	27221616A71A25E0B7065926FCC417A7	1307136	----a-w-	C:\Windows\Sysnative\msmpeg2adec.dll
2016-01-13 11:25:53	FF5D49FAA86DBD9033DABC1ABCEA3429	1232896	----a-w-	C:\Windows\Sysnative\WMADMOD.DLL
2016-01-13 11:25:53	5EA57A6AD59D0785C9A390DF14736899	978944	----a-w-	C:\Windows\Sysnative\WMSPDMOD.DLL
2016-01-13 11:25:52	55C3F89354C086EFFF1C5AAD1E808134	1160192	----a-w-	C:\Windows\Sysnative\MSMPEG2ENC.DLL
2016-01-13 11:25:51	91E1D7BE8513032B5CCA26AFD0BF0ADC	666112	----a-w-	C:\Windows\Sysnative\WMVSDECD.DLL
2016-01-13 11:25:51	3B6466686CDC57453592E6188C3FA4DC	4121600	----a-w-	C:\Windows\Sysnative\mf.dll
2016-01-13 11:25:49	B7CBAC1F4175C1D59B197020268A290B	1153024	----a-w-	C:\Windows\Sysnative\WMADMOE.DLL
2016-01-13 11:25:49	530B3A72692DB253DE8BB8E8C11468DD	1010688	----a-w-	C:\Windows\Sysnative\mcmde.dll
2016-01-13 11:25:48	E6A0093D872D860BEA437DF6C666DF89	632320	----a-w-	C:\Windows\Sysnative\evr.dll
2016-01-13 11:25:48	BF9CFEE3D22CE61E5B57C9B8A14F172D	1026048	----a-w-	C:\Windows\Sysnative\wmpmde.dll
2016-01-13 11:25:48	82AB148A0E747855F83F332FC83B254F	1573888	----a-w-	C:\Windows\Sysnative\quartz.dll
2016-01-13 11:25:48	759DF4479855EED0D78249798325D373	1955328	----a-w-	C:\Windows\Sysnative\WMVENCOD.DLL
2016-01-13 11:25:48	60957C2BD1C03CF395006FDBC29D2569	189952	----a-w-	C:\Windows\Sysnative\COLORCNV.DLL
2016-01-13 11:25:47	DB018B9F38BC34E9AE21C01448E810D2	1575424	----a-w-	C:\Windows\Sysnative\WMSPDMOE.DLL
2016-01-13 11:25:47	B62CEF4A731EE983D440804A2B9DA0B1	642048	----a-w-	C:\Windows\Sysnative\WMVXENCD.DLL
2016-01-13 11:25:46	EF7F85527404DF16DEE0ADC611155F0B	1393152	----a-w-	C:\Windows\Sysnative\WMALFXGFXDSP.dll
2016-01-13 11:25:46	D66AE152C1EE7DA2548EC2AF4203025D	653824	----a-w-	C:\Windows\Sysnative\MP4SDECD.DLL
2016-01-13 11:25:46	A64D697EA82530530693AA2102FCA420	292352	----a-w-	C:\Windows\Sysnative\VIDRESZR.DLL
2016-01-13 11:25:46	9A2DCBE0A803AF0DF58D8B3EB041065E	447488	----a-w-	C:\Windows\Sysnative\WMVSENCD.DLL
2016-01-13 11:25:46	6C6CF29B05DBCA772AED1551AF0DF6DF	76288	----a-w-	C:\Windows\Sysnative\devenum.dll
2016-01-13 11:25:46	3AECE087DB6F663C2B7F538C81C60F64	432128	----a-w-	C:\Windows\Sysnative\mfplat.dll
2016-01-13 11:25:46	2A8760952F296D6208FE5FC358ECD59A	484864	----a-w-	C:\Windows\Sysnative\MFWMAAEC.DLL
2016-01-13 11:25:45	BEFEDC65A88D44153983455C699F81C8	100864	----a-w-	C:\Windows\Sysnative\MP3DMOD.DLL
2016-01-13 11:25:45	65BA8738CC3C21C62E746A1DDF04EC74	223744	----a-w-	C:\Windows\Sysnative\MP43DECD.DLL
2016-01-13 11:25:45	294B7F30B70E0D7867F5EB69E630884A	225792	----a-w-	C:\Windows\Sysnative\RESAMPLEDMO.DLL
2016-01-13 11:25:45	18A11A96B3C1C9E2FD1E6137C8BD4018	224768	----a-w-	C:\Windows\Sysnative\MPG4DECD.DLL
2016-01-13 11:25:44	C62B3D8C69437192AA58AD6E380E4BC3	371712	----a-w-	C:\Windows\Sysnative\qdvd.dll
2016-01-13 11:25:44	ACA7F078CAD7D225D4F2D973C9812225	250880	----a-w-	C:\Windows\Sysnative\ksproxy.ax
2016-01-13 11:25:44	9524717B1B183A066E0516BFF2888D51	70144	----a-w-	C:\Windows\Sysnative\mfvdsp.dll
2016-01-13 11:25:43	D624DE0DED716916F69D495807C9D787	254464	----a-w-	C:\Windows\Sysnative\qasf.dll
2016-01-13 11:25:43	A54381C84F3CEBF4D339778339D141F0	2777088	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2016-01-13 11:25:43	2F0BA9348CB8D62FF8C28B4B83D57FA3	378880	----a-w-	C:\Windows\Sysnative\SysFxUI.dll
2016-01-13 11:25:42	8B995A315448ABFC6E41A200079E7DBA	55808	----a-w-	C:\Windows\Sysnative\rrinstaller.exe
2016-01-13 11:25:42	777654DB4C306B22A5A54690A258650D	24576	----a-w-	C:\Windows\Sysnative\mfpmp.exe
2016-01-13 11:25:42	6727B79444C3C8362DB4045E86152707	206848	----a-w-	C:\Windows\Sysnative\mfps.dll
2016-01-13 11:25:41	A2877C3165FCD229D1BFC9CC4FFC2B2E	2048	----a-w-	C:\Windows\Sysnative\mferror.dll
2016-01-13 11:25:41	6D21051C8EA17C1DD0A6FD07CCAB8232	5120	----a-w-	C:\Windows\Sysnative\ksuser.dll
2016-01-13 11:25:39	D33DF59002203FED8DE6087256DFDE89	624640	----a-w-	C:\Windows\Sysnative\qedit.dll
2016-01-13 11:25:35	EC1E743D4DB6C6EBEDCEB4B4C8E1905A	1164800	----a-w-	C:\Windows\Sysnative\aeinv.dll
2016-01-13 11:25:34	F094FCE25E33140B5F7AEE2E5BDF6931	3211264	----a-w-	C:\Windows\Sysnative\win32k.sys
2016-01-13 11:25:22	FEB22838B5A1EA29FAEBBEEA14107049	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2016-01-13 11:25:22	E8CA48B9CB7F0ACEA28DDDE9EFF22C80	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2016-01-13 11:25:22	16D24DE8CB771F481152CA186814CA16	2887168	----a-w-	C:\Windows\Sysnative\iertutil.dll
2016-01-13 11:25:21	E341F64F351629296178A872C7666620	718336	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2016-01-13 11:25:21	5794608757509D090F5B48B0A1F7A192	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2016-01-13 11:25:20	DA52C6C0BA729466416B3F086C97B570	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2016-01-13 11:25:19	7A566BAD311137B88DDF444D13C1C594	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2016-01-13 11:25:19	5794E3E7388205B0D7E87D665054A12A	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2016-01-13 11:25:18	D9A22C7E960A41500D5B76C31D3222D0	1546752	----a-w-	C:\Windows\Sysnative\urlmon.dll
2016-01-13 11:25:18	4718E9DE3101969567EC0F148BF66006	387784	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2016-01-13 11:25:18	20773DBF4A2DC49785831FDA12530A0A	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2016-01-13 11:25:17	A32269075B35C5C9C2A3641A0E7AA0A5	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2016-01-13 11:25:17	359B81512F7A45213180DD3D821F11BB	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2016-01-13 11:25:17	26509D490CC4DFE3291DC5E3847EBB14	798208	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2016-01-13 11:25:16	65CCD789E06B82989596D584D1AE6D46	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2016-01-13 11:25:15	CF6B70A265ADA05CC55D57D9DE8B06E0	2123264	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2016-01-13 11:25:15	7300C7AB7EF1CDE5C19EEB6970C71473	571904	----a-w-	C:\Windows\Sysnative\vbscript.dll
2016-01-13 11:25:14	B67D37636216B98F70064C3A2B295EF7	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2016-01-13 11:25:13	9C9E498EA2527F96EC7ADDF3634BF624	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2016-01-13 11:25:11	65E6158EF33AE88A412D3CEB33A20F47	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2016-01-13 11:25:09	80322AAB422075922A0EA3CFEA35061C	14457856	----a-w-	C:\Windows\Sysnative\ieframe.dll
2016-01-13 11:25:08	F66091A35F4810BD501CD7B65778D4B1	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2016-01-13 11:25:08	AC8410A5877FFBC98D1ECFF949A2E0A4	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2016-01-13 11:25:08	9E30C99BBB024E1CFC4B9A387132B0BE	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2016-01-13 11:25:08	0236A801C4907B13E5BADEE62EB3284B	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2016-01-13 11:25:07	F604E67A3B37B21485DEE9CC14AA2AAB	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2016-01-13 11:25:07	8100C63E02EC310C0E8712D6603E3DBA	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2016-01-13 11:25:07	789E93204829D6519F55D5A61586B7B5	6051328	----a-w-	C:\Windows\Sysnative\jscript9.dll
2016-01-13 11:25:07	207D3D17F61029FD0FB7B6DF1244E5E2	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2016-01-13 11:25:06	5F08FC1143F907E990F0E1EB4C8E77F2	417792	----a-w-	C:\Windows\Sysnative\html.iec
2016-01-13 11:25:06	1258BDEE548BCD771DD35485CDD176EA	2487808	----a-w-	C:\Windows\Sysnative\wininet.dll
2016-01-13 11:25:05	FB3047038F1800A0891B4D35F40E4F59	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2016-01-13 11:25:05	DD2AC5827D111001E805C19786D2DE41	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2016-01-13 11:25:04	6AEBA30A9AF45D0C83385F48EC943426	25837568	----a-w-	C:\Windows\Sysnative\mshtml.dll
2016-01-13 11:23:58	35A6E891DF89085216F18F5B998D6CB4	879104	----a-w-	C:\Windows\Sysnative\advapi32.dll
2016-01-13 11:23:57	CB1854DDBDDB963A5F189252E696BB43	1381376	----a-w-	C:\Windows\Sysnative\appraiser.dll
2016-01-13 11:23:56	FD94F46A5B1A1F7638F52F0C98819DD4	705536	----a-w-	C:\Windows\Sysnative\invagent.dll
2016-01-13 11:23:56	C96B880CE00D71939A9E982307589029	210432	----a-w-	C:\Windows\Sysnative\aepic.dll
2016-01-13 11:23:56	C2CA43A7E2B9D47B2DAC703CAC6281B5	505856	----a-w-	C:\Windows\Sysnative\devinv.dll
2016-01-13 11:23:56	BD09F16C81099AC527F1C9CD7DB8119F	76800	----a-w-	C:\Windows\Sysnative\acmigration.dll
2016-01-13 11:23:56	5510E75671B909D0D3FAB008144646B9	25024	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2016-01-13 11:23:56	3F4B89439044001B6E984DFA9A98B38C	792064	----a-w-	C:\Windows\Sysnative\generaltel.dll
2016-01-13 11:23:53	AD46BED774CF502E9C0100CFC29C1F82	405504	----a-w-	C:\Windows\Sysnative\gdi32.dll
2016-01-13 11:23:37	35D570D5191EE48A6D5091033C71B7CE	729600	----a-w-	C:\Windows\Sysnative\kerberos.dll
2016-01-13 11:23:37	2E4FF62CC7B88ABBF59C242DED7F919F	5572544	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2016-01-13 11:23:37	1E22F3C99BB02A51179F9CCFEE242925	1214464	----a-w-	C:\Windows\Sysnative\rpcrt4.dll
2016-01-13 11:23:36	CD2249AEDD225CAB5CC88B40126C987F	344064	----a-w-	C:\Windows\Sysnative\schannel.dll
2016-01-13 11:23:34	6872BBF984E6FA0AA910926D2F127372	1461248	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2016-01-13 11:23:34	10DDB11D4451AAB9A32FFCEE8045BA6F	312320	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2016-01-13 11:23:33	FE0C67D8D5D54F37B3A92E129A15C03A	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2016-01-13 11:23:33	F557804C926BE42B0DCF0CB2AC138156	210432	----a-w-	C:\Windows\Sysnative\wdigest.dll
2016-01-13 11:23:33	D55C59AD1C93B728AB508F4F6529ED8F	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2016-01-13 11:23:33	28E55B4DA450C29326A25BE29C72FB1B	315392	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2016-01-13 11:23:32	FAF7892DD731F0649046B3AA3A5166AA	1730496	----a-w-	C:\Windows\Sysnative\ntdll.dll
2016-01-13 11:23:31	CE14A4BBF890A7D4C898CF886D145EC9	215040	----a-w-	C:\Windows\Sysnative\winsrv.dll
2016-01-13 11:23:31	B29C53B81C690394A2327AB2609B55FE	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2016-01-13 11:23:31	928F79CDCE323CFEB221C7D2D539F86A	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2016-01-13 11:23:31	8645BD647D1ECEB0E6F90E01A4C412EA	43520	----a-w-	C:\Windows\Sysnative\cryptbase.dll
2016-01-13 11:23:30	FA792622268EE423FC5E6AE23FB43599	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2016-01-13 11:23:30	CB2A49FFC4390EC0C757B1FC07A07E17	135680	----a-w-	C:\Windows\Sysnative\sspicli.dll
2016-01-13 11:23:30	CB0E57424A776C51EF42469064ADBF08	30720	----a-w-	C:\Windows\Sysnative\lsass.exe
2016-01-13 11:23:30	B25B3DE2FA73735074CA62AFEFE4AE47	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2016-01-13 11:23:30	5124EA325CF0806FFA9514DC11593DA9	28672	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2016-01-13 11:23:29	FACF1586F756E0B154EE6887FA017446	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2016-01-13 11:23:29	FA3E172432AFA1A7D43847C7AC58812B	424448	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2016-01-13 11:23:29	D23C252F866CE3599336D547722B4A9D	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2016-01-13 11:23:29	7AC830607D940A3DABB8E5EB6EB22DF2	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2016-01-13 11:23:29	5CB16703E4E4203C5B1D0717D16D48D6	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2016-01-13 11:23:29	56157CA130B661080B9DC97FE63F6D50	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2016-01-13 11:23:29	50AC63ADB9F92D5141703986C66AB61C	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2016-01-13 11:23:29	499545FF756FA6AFFB4F6679EA88BCB1	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2016-01-13 11:23:29	2E479BB995A0C130D6FF9F55E7DDA61F	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2016-01-13 11:23:28	A582574464654555D17338C6657EF69B	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2016-01-13 11:23:28	5EBDD597DDCD94AE47CEFE6AFE41874A	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2016-01-13 11:23:25	BBF3E0FAFE3179FFED231D2266247476	686080	----a-w-	C:\Windows\Sysnative\adtschema.dll
2016-01-13 11:23:24	F6BD25ED678D2A5866FFC3355EC1E2C2	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2016-01-13 11:23:24	377FEC833CC924E83029A83F99230663	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
====== C:\Windows\Sysnative\drivers =====
2016-01-13 20:17:45	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-01-13 20:17:08	D61070CFAD43038DC56AEAD9BFE9CE2A	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2016-01-13 20:17:08	CFBC6C6D8A492697CABD1D353EE64933	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2016-01-13 20:17:08	42B3F5C9FBC9B3F0E0BA6B5D7FC8E849	109272	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-01-13 11:25:42	647599CAE8CA0EF2FB09C4B150BC97FF	230400	----a-w-	C:\Windows\Sysnative\drivers\portcls.sys
2016-01-13 11:25:41	C51B07394A087DA666A410DBFD26663A	116736	----a-w-	C:\Windows\Sysnative\drivers\drmk.sys
2016-01-13 11:25:41	26FE888505E5A945B0536AF9A2A27A6F	5632	----a-w-	C:\Windows\Sysnative\drivers\drmkaud.sys
2016-01-13 11:23:33	28E75F316CCCD79337E4957C53017D4B	154560	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-01-13 11:23:32	0F776895884B8DC430A307D57FD867BB	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2016-01-13 11:23:30	A572BEF41F3C55D7DAF24D2340C91FEC	290816	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-01-13 11:23:30	32B85C4923D895B2FB35821A799BA38D	159232	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-01-13 11:23:29	C49F1C4CA74FC52AFB2E892D8E50EA39	129024	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Bernardus\AppData\Roaming ======
====== C:\Users\Bernardus ======

====== C: exe-files ==
2016-01-13 20:12:27	49E3825ACB348F848D9B841E4D48FD3B	22908888	----a-w-	C:\Users\Bernardus\Contacts\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-13 17:30:38	8247271FD4F1D82E9864A5E991EB09DE	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1615721754-973694573-1832378917-1000\$IT3W0BL.exe
2016-01-13 17:30:20	6AD77BB0E99704440DE1A8A3885FEA79	1754112	----a-w-	C:\Users\Bernardus\Contacts\Downloads\AdwCleaner (1).exe
2016-01-13 15:29:45	6AD77BB0E99704440DE1A8A3885FEA79	1754112	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1615721754-973694573-1832378917-1000\$RT3W0BL.exe
2016-01-13 13:27:32	B5CA1250951FF3685E67AC8B48A0D835	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1615721754-973694573-1832378917-1000\$IO6BHEE.exe
2016-01-13 13:23:56	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Bernardus\Contacts\Downloads\RSITx64 (1).exe
2016-01-13 12:31:46	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1615721754-973694573-1832378917-1000\$RO6BHEE.exe
2016-01-13 11:25:57	4489D5077C5D2396E3A94D652ADAE1CA	14336	----a-w-	C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 11:25:57	2FFBA1EAE28B45A92E2EA70C61C66F14	17920	----a-w-	C:\Windows\System32\fixmapi.exe
2016-01-13 11:25:42	BBE4D9B89B3FBC97C0F381C2F9C4ADEF	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 11:25:42	936E6F6F76136BC73B13D25A254BC84B	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 11:25:42	8B995A315448ABFC6E41A200079E7DBA	55808	----a-w-	C:\Windows\System32\rrinstaller.exe
2016-01-13 11:25:42	777654DB4C306B22A5A54690A258650D	24576	----a-w-	C:\Windows\System32\mfpmp.exe
2016-01-13 11:25:22	FEB22838B5A1EA29FAEBBEEA14107049	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2016-01-13 11:25:21	E341F64F351629296178A872C7666620	718336	----a-w-	C:\Windows\System32\ie4uinit.exe
2016-01-13 11:25:21	40234FBF2AC1FE6BB16BF967782C124C	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2016-01-13 11:25:18	C9B76533B304B3FEE41ED5C2500A0668	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2016-01-13 11:25:18	B778A5AAE66E7F1AC3414DDF41E4359E	473600	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2016-01-13 11:25:18	0E5C2FBD4CF9CB08DCDA586247195FF2	815304	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2016-01-13 11:25:17	359B81512F7A45213180DD3D821F11BB	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2016-01-13 11:25:16	EDA0948BAA8ED2FCF64942026A0B3457	491008	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2016-01-13 11:25:15	CB76755799B821A9D8779DA004840E9C	814288	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2016-01-13 11:25:15	424300DDB7A1B24199C9B481438F55E9	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 11:25:08	AC8410A5877FFBC98D1ECFF949A2E0A4	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2016-01-13 11:23:56	CCF0EAACC822EC72830AB56EA29D952F	88256	----a-w-	C:\Windows\System32\CompatTel\diagtrackrunner.exe
2016-01-13 11:23:56	5510E75671B909D0D3FAB008144646B9	25024	----a-w-	C:\Windows\System32\CompatTelRunner.exe
2016-01-13 11:23:37	2E4FF62CC7B88ABBF59C242DED7F919F	5572544	----a-w-	C:\Windows\System32\ntoskrnl.exe
2016-01-13 11:23:34	A8D4C2B034947F2445F5099E6B3173C8	3938240	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 11:23:34	1615874D0262DA99E565D4FE6F74F7DD	3993536	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 11:23:30	FA792622268EE423FC5E6AE23FB43599	112640	----a-w-	C:\Windows\System32\smss.exe
2016-01-13 11:23:30	CB0E57424A776C51EF42469064ADBF08	30720	----a-w-	C:\Windows\System32\lsass.exe
2016-01-13 11:23:29	7AC830607D940A3DABB8E5EB6EB22DF2	338432	----a-w-	C:\Windows\System32\conhost.exe
2016-01-13 11:23:29	50AC63ADB9F92D5141703986C66AB61C	296960	----a-w-	C:\Windows\System32\rstrui.exe
2016-01-13 11:23:28	AE6E759632A0F931CFB626EED55C3E99	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2016-01-13 11:23:28	8E3915AF90315E4ED96D4CAE316E8F21	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2016-01-13 11:23:28	5EBDD597DDCD94AE47CEFE6AFE41874A	64000	----a-w-	C:\Windows\System32\auditpol.exe
2016-01-13 11:23:26	1418C1A502A9540A4726B4935229E7B9	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2016-01-13 11:23:25	59541469E828B311B1E5EEA77E6F6BE7	2048	----a-w-	C:\Windows\SysWOW64\user.exe
=== C: other files ==
2016-01-13 20:17:45	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-01-13 20:17:08	D61070CFAD43038DC56AEAD9BFE9CE2A	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2016-01-13 20:17:08	CFBC6C6D8A492697CABD1D353EE64933	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2016-01-13 20:17:08	42B3F5C9FBC9B3F0E0BA6B5D7FC8E849	109272	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2016-01-13 20:08:25	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Bernardus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOXGQ1Y5\Orion.Host[1].zip
2016-01-13 19:56:34	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Bernardus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D0A6QE41\Orion.Host[1].zip
2016-01-13 18:16:32	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Bernardus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O33N2ROG\Orion.Host[1].zip
2016-01-13 11:25:42	647599CAE8CA0EF2FB09C4B150BC97FF	230400	----a-w-	C:\Windows\System32\drivers\portcls.sys
2016-01-13 11:25:41	C51B07394A087DA666A410DBFD26663A	116736	----a-w-	C:\Windows\System32\drivers\drmk.sys
2016-01-13 11:25:41	26FE888505E5A945B0536AF9A2A27A6F	5632	----a-w-	C:\Windows\System32\drivers\drmkaud.sys
2016-01-13 11:25:34	F094FCE25E33140B5F7AEE2E5BDF6931	3211264	----a-w-	C:\Windows\System32\win32k.sys
2016-01-13 11:23:33	28E75F316CCCD79337E4957C53017D4B	154560	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2016-01-13 11:23:32	0F776895884B8DC430A307D57FD867BB	95680	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2016-01-13 11:23:30	A572BEF41F3C55D7DAF24D2340C91FEC	290816	----a-w-	C:\Windows\System32\drivers\mrxsmb10.sys
2016-01-13 11:23:30	32B85C4923D895B2FB35821A799BA38D	159232	----a-w-	C:\Windows\System32\drivers\mrxsmb.sys
2016-01-13 11:23:29	C49F1C4CA74FC52AFB2E892D8E50EA39	129024	----a-w-	C:\Windows\System32\drivers\mrxsmb20.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1615721754-973694573-1832378917-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Google Update"="C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HPCam_Menu"="c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe c:\Program Files (x86)\Hewlett-Packard\Media\Webcam UpdateWithCreateOnce Software\Hewlett-Packard\Media\Webcam"
"UpdatePRCShortCut"="C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Hewlett-Packard\Recovery UpdateWithCreateOnce Software\CyberLink\PowerRecover"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Google Update"="C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QlbCtrl.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-01-2016 17:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 09:45]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31-08-2015 09:45]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615721754-973694573-1832378917-1000Core.job --a------ C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe [30-08-2015 11:02]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1615721754-973694573-1832378917-1000UA.job --a------ C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe [30-08-2015 11:02]
C:\Windows\tasks\HPCeeScheduleForBernardus.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CapSchedInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe]
"C:\Windows\SysNative\tasks\CapSvcInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe]
"C:\Windows\SysNative\tasks\CapUninst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1615721754-973694573-1832378917-1000Core" [C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1615721754-973694573-1832378917-1000UA" [C:\Users\Bernardus\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForBernardus" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\TVAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe]
"C:\Windows\SysNative\tasks\{669B02A7-B98D-46F0-A5B2-4AA307623D79}" [C:\Users\Bernardus\Downloads\Scrabble Deluxe NL\scrabbledownload.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade" [C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\BERNAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\rdot3j7h.default
user_pref("browser.search.defaulturl", "");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20-04-2013 20:04]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20-04-2013 20:04]

==== Firefox Extensions ======================

ProfilePath: C:\Users\BERNAR~1\AppData\Roaming\TomTom\HOME\Profiles\f7e2f2p1.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.8.010.9369@tomtom.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Bernardus\AppData\Roaming\Mozilla\Firefox\Profiles\rdot3j7h.default
CE3D390F8BC1FECF847ABAA6E887931E	- C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll -	Zylom Plugin
3D1497F3F1A344FFB733CE616BB9096D	- C:\Users\Bernardus\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll -	Google Update


==== Chromium Look ======================


Google Wallet - Bernardus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.startpagina.nl/"
"Start Page Restore"="http://www.startpagina.nl/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.startpagina.nl/"
"Start Page Restore"="http://www.startpagina.nl/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes "Backup.Old.DefaultScope"="{EEE6C360-6118-11DC-9C72-001320C79847}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "Backup.Old.DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SUNC_nl

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Low\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Temp\Low\Temporary I 654\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Temp\Temporary I c4b\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Low\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Temp\Low\Temporary I 654\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge�mporteer 7a0\AppData\Local\Temp\Temporary I c4b\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge?mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge?mporteer 7a0\AppData\Local\Microsoft\Windows\Temporary I 77d\Low\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge?mporteer 7a0\AppData\Local\Temp\Low\Temporary I 654\Content.IE5 emptied successfully
C:\Users\Bernardus\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Ge?mporteer 7a0\AppData\Local\Temp\Temporary I c4b\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Bernardus\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Bernardus\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5 folders=1 29794 bytes)

==== Empty Temp Folders ======================

C:\Users\Bernardus\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BERNAR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 14-01-2016 at 11:18:38,94 ======================