Zoek.exe v5.0.0.0 Updated 22-06-2014 Tool run by Bernadette on zo 22-06-2014 at 22:23:15,45. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Bernadette\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-6-2014 22:26:11 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\PROGRA~3\{D19C2D22-6043-47E7-B400-83A351841204} deleted successfully C:\Users\Bernadette\AppData\Roaming\TP deleted successfully C:\Users\Bernadette\AppData\Local\CutePDF Writer deleted successfully C:\Users\Bernadette\AppData\Local\Downloaded Installations deleted successfully C:\Users\Bernadette\AppData\Local\TomTom deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C6D0C577-3AC3-49D0-BE9B-6A62F9A1A8A3} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Bonjour Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bonjour Service deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\PROGRA~3\{D19C2D22-6043-47E7-B400-83A351841204} not found C:\PROGRA~2\Vid-Saver deleted C:\PROGRA~2\Conduit deleted C:\PROGRA~3\Ask deleted C:\PROGRA~3\Package Cache deleted C:\Users\Bernadette\AppData\Local\CRE deleted C:\Users\Bernadette\AppData\Local\Vid-Saver deleted C:\Users\Bernadette\AppData\Local\Conduit deleted C:\Users\Bernadette\Downloads\avg_free_stb_all_2013_2805_cnet.exe deleted C:\Users\Bernadette\Searches deleted C:\Users\Bernadette\AppData\LocalLow\IAC deleted C:\Users\Bernadette\AppData\LocalLow\PriceGong deleted C:\Users\Bernadette\AppData\LocalLow\Conduit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Bernadette\AppData\Local\{9731536A-A9F6-446C-9DF7-CD1AB22BA38A}" deleted "C:\Users\Bernadette\AppData\Local\{B1006F0B-2326-4C60-9DF1-5433B6B7EC40}" deleted "C:\Program Files\Bonjour\mdnsNSP.dll" deleted "C:\Program Files\Bonjour" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\BERNAD~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-06-22 20:18:26 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-06-22 20:18:04 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-06-22 20:18:04 8C7C6D494D86307CDCF63E0478767C16 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-22 20:18:03 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-06-12 17:34:28 A5F833506BF6A1B5D693E1499DEE2444 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2014-06-12 17:34:20 E227B810296AA27E6C69307A7B6456E5 1389056 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2014-06-12 17:34:20 8B8D1CEF498678CAB9DF17145D34BC64 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-06-12 17:34:19 2E673E776136354ECFB57BFD62E7EC3D 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 17:34:18 0789F82BAE171323F74B8F175D406AB8 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 17:33:53 BB9BADED14F0963498855AC28446CED5 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 17:33:52 7E27FB6AB8976897A530FB30F5FF7691 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 17:33:52 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 17:33:51 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-06-12 17:33:49 C1F5812F355D0C9495C1B2E7165DA2AF 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 17:33:47 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-06-12 17:33:47 8DF06ACA017949D37C38B6A0EF747D4E 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 17:33:47 017B99D09904DCA35D5F66AD79084B5F 368128 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 17:33:45 D9F5B424C307B195E16A9B0A21E53BCC 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-06-12 17:33:44 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 17:33:44 9EAAB4305536829D6B7D9C3A47E92861 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-06-12 17:33:42 E0EA58834CD19FDFCD1BC37B22E1D3D8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 17:33:42 D36574C287D0764C95AC777DFF367715 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-06-12 17:33:40 5B5815477A53ED92B89955FFE7EDCB2E 242688 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 17:33:38 814E0D53EF020BD93097F26B53B573F0 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-06-12 17:33:37 688227D38A6FF6403B293D0C50B454B9 11725312 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-06-12 17:33:37 4D3074AA172DCFD5D56BE764B671085A 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 17:33:34 CC0077F9C7ACD7E97707DFC763A4EA99 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 17:33:34 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-06-12 17:33:34 0AC4E3C93D49E37D5B008ED99092115C 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 17:33:33 771CDBC3D62437D6DB070820BB1EDCCF 1790976 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-06-12 17:33:33 22D7FFA4B94916F18EB1F1D107B86839 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-06-12 17:33:33 09771ABC896D2A88370F3AB8BADC242E 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-06-12 17:33:31 EB960643DC62832C88272573204B6DBA 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-06-12 17:34:29 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 801280 ----a-w- C:\Windows\Sysnative\usp10.dll 2014-06-12 17:34:21 ECA6AC33BD9E441F7B47D173D715D268 1882112 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-06-12 17:34:21 0E3A7EC2B9590EA7767BBB1823630DEA 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2014-06-12 17:34:19 3408DD8081DC22858AE2E6ABD2594C02 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2014-06-12 17:34:18 0465A8CFDDB4FFDB569802A70B9443D5 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-06-12 17:33:49 3ED5C9055F7A635399FC12892F565287 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-06-12 17:33:48 DA7AAB5D4E5F7160E906C0D2EB9A2B9F 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-06-12 17:33:45 D5C446B14DC667B7B9FBB30EA1701D92 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-06-12 17:33:44 3A1AB9DE852F2BC1ECE6403BDD01B9F0 1398272 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-06-12 17:33:43 DFD834E89B819B5ECE8E251C56B5A3CE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-06-12 17:33:41 BFD3178735D97C858FFA467F8199700C 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-06-12 17:33:39 12BA419E27DBC5DBF9262C8A885FA361 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-06-12 17:33:38 867DD52B23D3B0390B88F3D7AD1E600C 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-06-12 17:33:37 EAAA62F272858695814A1F42D5E59BD3 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-06-12 17:33:36 B34D3F303769E65CE7EFBD4E6FB62B25 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-06-12 17:33:35 3FC3828E8820D1C93DBFBAD4BE456D85 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-06-12 17:33:35 063EF4239479F52DAF9F4849B0B304F1 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-06-12 17:33:32 CE6109C73C3A04CC2B8C6110B0F0FEF9 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-06-12 17:33:32 790FD40601502C5FE8213D4F335DA0BD 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-06-12 17:33:27 CB8A91074AE1B5051E240B50A328DCF5 295424 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-06-12 17:33:27 B2C037F50A02D6C057B1E0791BBF41A5 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-06-12 17:33:26 CC603EF96BA456D4BCD9FF849ED07A2A 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-06-12 17:33:26 2DBB9127794BC30BC31D26FA088F8BAB 13522944 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-06-12 17:33:25 A4A58E3171C03A1145D1C3EC488D1B4F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-06-12 17:33:25 770F067D833DC017CEB8A36A2A1EC942 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-06-12 17:33:25 6B9925F498D4E91FB57576CC3776D428 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-06-12 17:33:24 AB3FA3D9B1F1D0571CBC43D1487CCD6F 5782528 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-06-12 17:33:24 2F474D40626B0C694400589F3FBB9AA9 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-06-12 17:33:23 9013D5BBE1B6D3A060F54B4B5BB2C3A3 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-06-12 17:33:23 40BFD9D6EC8E174145F012246CA73CCD 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-06-12 17:33:20 8E3C6008250A904C06943BCEA585E344 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-06-12 17:33:19 F343ECB3C683EBD7E3990C03AD680855 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-06-12 17:33:18 56803B20D168C1B740D12CE0BE4588F5 23414784 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-06-12 17:32:26 2C053C9B2A8249F1F9B38ED1AE455771 506368 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-06-12 17:32:20 84A13AB118F433898B5ABA36E8D7CA91 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll ====== C:\Windows\Sysnative\drivers ===== 2014-06-12 17:34:31 17F685B67C74B8F7BFED4308790B71DE 288192 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2014-06-12 17:34:31 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E 1903552 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-06-16 19:30:16 -------- d-----w- C:\Program Files\trend micro 2014-06-09 19:03:15 -------- d-----w- C:\Program Files\HitmanPro ======= C:\PROGRA~2 ===== 2014-06-22 20:18:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-06-22 20:17:42 -------- d-----w- C:\PROGRA~2\Java 2014-06-04 15:55:51 -------- d-----w- C:\PROGRA~2\NHG-Triagewijzer ======= C: ===== ====== C:\Users\Bernadette\AppData\Roaming ====== 2014-06-22 20:03:59 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun ====== C:\Users\Bernadette ====== 2014-06-22 20:18:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-22 19:54:11 B1BA71EDE129F3D059571E0B8931E12C 918952 ----a-w- C:\Users\Bernadette\Desktop\JavaSetup7u60.com 2014-06-16 19:32:19 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bernadette\Desktop\RSITx64.exe 2014-06-09 19:02:54 -------- d-----w- C:\ProgramData\HitmanPro 2014-06-04 15:56:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NHG-Triagewijzer ====== C: exe-files == 2014-06-22 20:18:26 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe 2014-06-22 20:18:04 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe 2014-06-22 20:18:03 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Windows\SysWOW64\java.exe 2014-06-22 20:17:49 C7C5FF4B0E83702EFBC0C886D87E9743 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe 2014-06-22 20:17:49 3427C247AFEC295CD4A20B53EE445F23 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe 2014-06-22 20:17:48 F9DE7324BDF83F5AFE174354F47C2AE0 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe 2014-06-22 20:17:48 E0FE8B7BE802F8C4A71317AC35E44B00 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe 2014-06-22 20:17:48 B5C9699AA60F74F144DB5A566F6E58F8 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe 2014-06-22 20:17:48 84FB0EC0581C996F445433BD2379A5CC 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe 2014-06-22 20:17:48 8140DCC3064BA8ADC407D956BE19D764 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe 2014-06-22 20:17:48 3002E7E937FCB8985320AA807E762845 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe 2014-06-22 20:17:48 0595B07F96E4F48784A4B772B887AD68 49576 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe 2014-06-22 20:17:47 E87885A59FDC241B6575943A75E495D9 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe 2014-06-22 20:17:47 E2C8F178A57D011518785CF75044CD69 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe 2014-06-22 20:17:47 AEA4E94FC2A2F88FA5EC7FB6BC349E1B 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe 2014-06-22 20:17:47 62CA7ABA57A4FCDB3844F73A156BAE26 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe 2014-06-22 20:17:47 235A2E87C34995F1837283FE76CD2E46 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe 2014-06-22 20:17:47 1EFC992CA271E6D40034FBE7BCEDB724 52648 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe 2014-06-22 20:17:46 ECB3AB701D6E26F5E54C58957E34E719 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe 2014-06-22 20:17:46 CEE4C9E092168CEBD187491AF6FDA8FB 264616 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe 2014-06-22 20:17:46 96777405AB93AF8FCF6C9B6F5C3F1E51 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe 2014-06-22 20:17:46 82517DE5984F3EA3A49E0B5C8825DA63 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 2014-06-22 20:17:46 2251971694E17BAC4E344DC2B7CD7ADD 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe 2014-06-22 20:17:46 07643C3AF27179144C9800AF0819DE75 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe 2014-06-22 20:16:10 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Bernadette\AppData\LocalLow\Sun\Java\jre1.7.0_60\lzma.exe 2014-06-22 16:57:46 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateBroker.exe 2014-06-22 16:57:46 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe 2014-06-22 16:57:45 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateSetup.exe 2014-06-22 16:56:52 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe 2014-06-22 16:56:51 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe 2014-06-22 16:56:49 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe 2014-06-22 16:56:11 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Bernadette\AppData\Local\Google\Update\1.3.24.15\GoogleUpdate.exe 2014-06-22 16:55:32 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Users\Bernadette\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe 2014-06-16 19:32:19 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bernadette\Desktop\RSITx64.exe 2014-06-16 19:30:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Bernadette.exe 2014-06-16 19:30:00 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2YJ1EQL5\RSITx64.exe === C: other files == 2014-06-22 20:17:51 8E29BBCCC8D802D36701633A7842FE74 18636 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip 2014-06-22 19:54:11 B1BA71EDE129F3D059571E0B8931E12C 918952 ----a-w- C:\Users\Bernadette\Desktop\JavaSetup7u60.com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3468268236-3224893684-4235404376-1000\Software\Microsoft\Windows\CurrentVersion\Run] "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "Google Update"="C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe /c" "APISupport"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Bernadette\AppData\Local\TB\APISupport\APISupport.dll,DLLRunAPISupport" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe /m" "Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2" "Desktop Disc Tool"="c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min" "Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "Google Update"="C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe /c" "APISupport"="C:\Windows\SysWOW64\Rundll32.exe C:\Users\Bernadette\AppData\Local\TB\APISupport\APISupport.dll,DLLRunAPISupport" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Broadcom Wireless Manager UI"="C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" "QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Google Update"="\"C:\\Users\\Bernadette\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Folders ====================== 2010-10-15 16:45:39 1984 ----a-w- C:\Users\Bernadette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk 2010-08-14 00:34:58 2000 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2010-08-14 00:34:58 2000 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk 2012-03-13 20:27:16 2033 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [22-06-2014 22:14] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15-10-2010 20:28] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468268236-3224893684-4235404376-1000Core.job --a------ C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe [18-06-2012 12:58] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468268236-3224893684-4235404376-1000UA.job --a------ C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe [18-06-2012 12:58] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3468268236-3224893684-4235404376-1000Core" [C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3468268236-3224893684-4235404376-1000UA" [C:\Users\Bernadette\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{837D3D48-148E-4AA2-A9D0-4CBADD848C94}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\DCQ6Q5N1\Administrator - Start WLAN Tray Applet" [C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Bernadette\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] pgmfkblbflahhponhjmkcnpjinenhlnc - C:\Users\Bernadette\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Bernadette\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] YouTube - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo uTorrentBar_NL - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb Google Search - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Vid-Saver - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc Gmail - Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_storage.conduit.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service8.pricegong.com_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_service8.pricegong.com_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cjofdnhdkbflacojpfpkchgafjahijbb_0 deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage-journal deleted successfully C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0 deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Search Page"="http://www.google.com" "Default_Page_URL"="http://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bernadette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Bernadette\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Bernadette\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Bernadette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=837 folders=165 54174542 bytes) ==== Empty Temp Folders ====================== C:\Users\Bernadette\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\BERNAD~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Bonjour" not found ==== EOF on ma 23-06-2014 at 7:46:40,61 ======================