Zoek.exe v5.0.0.0 Updated 15-07-2014 Tool run by Patrick on wo 16/07/2014 at 20:40:25,80. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patrick\Downloads\zoek (2).exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 16/07/2014 20:47:03 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\log deleted successfully C:\Users\Patrick\AppData\Roaming\iolo deleted successfully C:\Users\Patrick\AppData\Roaming\Mozilla deleted successfully C:\Users\Patrick\AppData\Roaming\QuickScan deleted successfully C:\Users\Patrick\AppData\Local\LogiShrd deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-179884550-3252423631-3083744117-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\APN deleted C:\PROGRA~3\OberonGameConsole deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search and Recover deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\Patrick\Searches deleted C:\Users\Patrick\Downloads\SoftonicDownloader_for_logitech-vid-hd.exe deleted C:\Windows\wininit.ini deleted "C:\Users\Patrick\AppData\Roaming\Themes" deleted "C:\Users\Patrick\AppData\Roaming\Track Settings" deleted "C:\Users\Patrick\AppData\Roaming\Trance Pad" deleted "C:\ProgramData\business-inkjet" deleted "C:\ProgramData\Treble Reduction" deleted "C:\ProgramData\Tribal Masks" deleted "C:\ProgramData\Woodwind" deleted "C:\ProgramData\Work - Home" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Patrick\AppData\Local\Temp ==== 2014-07-13 13:16:13 22385EE33688B10B61DA1D8CA9549E4B 120192 ----a-w- C:\Users\Patrick\AppData\Local\Temp\clear.fiClient\cabarc.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-07-10 08:23:20 E3065F51EE0BB099EAAE48C3FC3A25B6 592896 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-07-10 08:23:20 67EA1BB7F6428A10C64D5A732976F871 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-07-10 08:23:20 448854C4FE94C0FA329CC38FF103DC74 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-10 08:23:19 E739AEDCA67F214F96C2520BA293B12B 526336 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-07-10 08:23:19 DFA59840BB1220AFD261FDAE83543959 17276416 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-07-10 08:23:19 BE0EA764820239F7785410CBE3880086 32256 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-10 08:23:19 9385D7C5DF2566D01B1FB150F381D50B 367616 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-07-10 08:23:19 91CF46BBB827E461C498A1D7D1A71AD6 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-07-10 08:23:19 7C44C697BA6D0B698B91AC6516A731C3 1139200 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-07-10 08:23:18 CE94480E78CC3A1A17B53F2BB65639BD 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-07-10 08:23:18 4B774E842F268D51DB942EF9637828B9 1964544 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-07-10 08:23:18 42BF66A4DC35DAD3564065173372CCE9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-07-10 08:23:18 084FB28A790685F32A6D7D003777696D 2179072 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-07-10 08:23:17 FC733FD7721200D5136F6F8112E97B00 11742208 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-07-10 08:23:17 F2A99A4293CAF7956FF7801D36D5A3B2 442368 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-07-10 08:23:17 A9F8343A3234FC7A42DDA4569827B411 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-07-10 08:23:17 A98E303FCB7058C6E78FD1FBBCBB5EEF 240824 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-07-10 08:23:17 573E522A27210701EB8A6C476D36FFF6 239616 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-07-10 08:23:15 FDA05E78813F543A6E9AC6B23EC696F2 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-10 08:23:15 CCC198257901BEEA2FBF8EB1E7678356 1791488 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-07-10 08:23:15 98C7B1AFA0A99EE3BE99EAABEFB72CA0 4254720 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-07-10 08:23:15 8046CF629D8AE766C22145F4A6AFFBE1 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-07-10 08:23:15 557D60DF85D61C290A1D09E7115B294B 62464 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-10 08:23:15 175A663547805367C10746FC416D4605 704512 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-07-10 08:23:15 09CBE4B1AEF497FC05493B09EA2C1757 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-07-10 08:23:15 045A91095A605BB20FF2B37546FE62B0 455168 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-07-10 08:12:45 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll 2014-07-10 08:12:42 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe 2014-07-10 08:12:36 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-07-10 08:12:36 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-07-10 08:12:36 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-07-10 08:12:35 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-07-10 08:12:34 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-07-10 08:12:34 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-07-10 08:12:34 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-07-10 08:07:33 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-07-10 08:07:33 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-07-08 18:15:05 5893E2393BBEAD344BC726B280B1CC79 10603008 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-07-16 18:42:10 E78AE6B4B73E8DCA1B0873644C599252 28672 ----a-w- C:\Windows\Sysnative\bddel.exe 2014-07-16 18:42:10 E662D020DD55F2653B4C807A582BD0B7 28128 ----a-w- C:\Windows\Sysnative\bddel.dat 2014-07-10 08:23:20 FC50DF22550C565DD096ACFAF18A37ED 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-07-10 08:23:20 DA5BAC4C5BDB22BBC6771534EA95AD33 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-07-10 08:23:19 C2F62DF01E3552DB0571FEF4D514675B 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-07-10 08:23:19 C0F9F52C36E584C0339406ABF6DA1FBA 266424 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-07-10 08:23:19 5E646AD50848A409291418B5759595B9 38400 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-07-10 08:23:18 73C7D1FCF6F58F3BF077FB42B0214BC0 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-07-10 08:23:18 391D68668CFC061F26BE593A61F745E0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-07-10 08:23:17 D8E6706AECD7AA50764E126CE3F36555 631808 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-07-10 08:23:17 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-07-10 08:23:17 2E40D5E11BCC597352EE0314AF629A0F 452608 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-07-10 08:23:16 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-07-10 08:23:16 A21C6231459F4CAC212676A9367A1A68 2768384 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-07-10 08:23:16 7469D4E046BD7D155CAC2697BD28B58B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-07-10 08:23:16 1685AA234852657C4A6D253CCBBE84E0 2040832 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-07-10 08:23:15 8B2ADE09864BF3F7AA6D395DAFEC41B5 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-07-10 08:23:14 854C5F171F5CEE272232AC0286F3B3B9 598016 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-07-10 08:23:14 415DF2B045167D6D85223CFFF00FCFC7 292864 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-07-10 08:23:14 366FA6D38406DC8BED62825C196144D1 13527040 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-07-10 08:23:14 1FD6C2F6AC489C271565730F6E9E1A05 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-07-10 08:23:13 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-07-10 08:23:13 BDD4A74421B023C81DA63168BD10C01B 846336 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-07-10 08:23:13 945FA19B388FCF0FEA6124B5FD71C72F 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-07-10 08:23:13 50FF2DD806CC6CF3B3F98F9A1A711603 752640 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-07-10 08:23:13 4EC7738394D2BC7BCB5F7A3657F57252 5721088 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-07-10 08:23:13 2EE102DF0EDD8A1EDD3D1E9B99A91BEC 2266112 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-07-10 08:23:13 00401347C3BC466E5F2516387EBBCA7D 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-07-10 08:23:12 F876957CA193B20A21D52F91418657D7 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-07-10 08:23:12 89A53CDE0DA5680AF48A181D82C752CA 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-07-10 08:23:11 FEC19C351EF1B2C998A85D1BFD765675 23464448 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-07-10 08:23:11 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-07-10 08:14:49 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-07-10 08:14:48 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-07-10 08:12:45 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll 2014-07-10 08:12:42 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-07-10 08:12:42 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe 2014-07-10 08:12:36 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-07-10 08:12:36 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-07-10 08:12:35 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-07-10 08:12:35 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-07-10 08:12:35 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-07-10 08:12:34 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-07-10 08:12:34 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-07-10 08:07:33 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll ====== C:\Windows\Sysnative\drivers ===== 2014-07-12 07:16:56 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf 2014-07-10 08:12:45 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys ====== C:\Windows\Tasks ====== 2014-07-15 14:58:55 066F0A9674A01E8A47156C306038AD27 3826 ----a-w- C:\Windows\Sysnative\Tasks\Opera scheduled Autoupdate 1405436332 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-07-15 19:26:30 -------- d-----w- C:\Program Files\trend micro 2014-07-14 21:14:43 -------- d-----w- C:\Program Files\Microsoft Silverlight ======= C:\PROGRA~2 ===== 2014-07-15 14:58:52 -------- d-----w- C:\PROGRA~2\Opera 2014-07-14 21:14:43 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight ======= C: ===== ====== C:\Users\Patrick\AppData\Roaming ====== 2014-07-15 14:59:05 -------- d-----w- C:\Users\Patrick\AppData\Local\Opera Software 2014-07-15 14:59:04 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Opera Software 2014-07-15 14:30:19 -------- d-sh--w- C:\Users\Patrick\AppData\Locallow\EmieUserList 2014-07-15 14:30:04 -------- d-sh--w- C:\Users\Patrick\AppData\Local\EmieUserList 2014-07-15 14:30:04 -------- d-sh--w- C:\Users\Patrick\AppData\Local\EmieSiteList 2014-07-15 14:27:18 -------- d-sh--w- C:\Users\Patrick\AppData\Locallow\EmieSiteList 2014-07-07 19:25:14 5B57DC235240448DF9A8213E0D665A20 7607 ----a-w- C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg ====== C:\Users\Patrick ====== 2014-07-15 19:25:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patrick\Downloads\RSITx64.exe 2014-07-15 14:57:57 6E66D97AD186B712E28A8BBFBD863E82 27641968 ----a-w- C:\Users\Patrick\Downloads\Opera_22.0.1471.70_Setup.exe 2014-07-15 14:25:58 11DB1879DE4EB5DEDCCAE5399E349C4A 59087056 ----a-w- C:\Users\Patrick\Downloads\IE11-Windows6.1-x64-nl-nl.exe 2014-07-14 21:14:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-14 21:14:09 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\Patrick\Downloads\Silverlight_x64 (1).exe 2014-07-11 18:44:21 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\Patrick\Downloads\Silverlight_x64.exe ====== C: exe-files == 2014-07-16 18:42:10 E78AE6B4B73E8DCA1B0873644C599252 28672 ----a-w- C:\Windows\System32\bddel.exe 2014-07-15 19:26:35 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Patrick.exe 2014-07-15 19:25:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Patrick\Downloads\RSITx64.exe 2014-07-15 14:58:52 BAB0967ACAFBE71350782E8819FD0F72 3092088 ----a-w- C:\Program Files (x86)\Opera\22.0.1471.70\opera_autoupdate.exe 2014-07-15 14:58:52 B78BA9D9AADBE07ED62F3E17D804DB56 1396344 ----a-w- C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe 2014-07-15 14:58:52 8A2D1237EE967B19DCF432F681F44313 73336 ----a-w- C:\Program Files (x86)\Opera\22.0.1471.70\wow_helper.exe 2014-07-15 14:58:52 71E5E3A0125E07AE7364066B04F3E13A 46805112 ----a-w- C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe 2014-07-15 14:58:52 1C0C05E56A8C306E53F90602E9D79351 468088 ----a-w- C:\Program Files (x86)\Opera\launcher.exe 2014-07-15 14:58:52 1853B7D042FB22E73483AFFC03459758 3534968 ----a-w- C:\Program Files (x86)\Opera\22.0.1471.70\installer.exe 2014-07-15 14:57:57 6E66D97AD186B712E28A8BBFBD863E82 27641968 ----a-w- C:\Users\Patrick\Downloads\Opera_22.0.1471.70_Setup.exe 2014-07-15 14:25:58 11DB1879DE4EB5DEDCCAE5399E349C4A 59087056 ----a-w- C:\Users\Patrick\Downloads\IE11-Windows6.1-x64-nl-nl.exe 2014-07-14 21:14:09 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\Patrick\Downloads\Silverlight_x64 (1).exe 2014-07-13 13:16:13 22385EE33688B10B61DA1D8CA9549E4B 120192 ----a-w- C:\Users\Patrick\AppData\Local\Temp\clear.fiClient\cabarc.exe 2014-07-11 18:44:21 E9B9148F1590CFC520712A7B7205BF22 13084896 ----a-w- C:\Users\Patrick\Downloads\Silverlight_x64.exe 2014-07-10 08:23:20 24868C9D422EDB5B249C0C81B01A0C19 810160 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-07-10 08:23:19 61FF1A9683EDD471797FE0F56057FD09 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-07-10 08:23:18 CD900EFB4F8946A2BB1950D9F45915C2 812216 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-07-10 08:23:18 65D0ECD485C8605B07C8338708224818 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-07-10 08:23:18 2168067C03FADB690B77633104A2E64B 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-07-10 08:23:17 7176CB0FFAAC3E54ABB2014E821120F9 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-07-10 08:23:16 CA67F68CEC788C0C69AD47C5125DDD8E 608768 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-07-10 08:23:16 8395829B1CE9E11C6441753257DC7591 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-07-10 08:23:13 CD76B3D60D28634A67B0AD7CB2E45929 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-07-10 08:23:11 52012C83F7E9AF65D13F04415F0508F5 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-07-10 08:14:49 B1544CE66FD0135A170F09B66A9E7800 172200 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-07-10 08:14:48 679A800CFFBB8EA970506887045F2E41 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-07-10 08:14:45 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Windows\System32\Dism\DismHost.exe 2014-07-10 08:12:42 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\System32\osk.exe 2014-07-10 08:12:42 89D2706FCD45E33CECFBD46BCBAD7E16 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 2014-07-10 08:12:42 20235ED4653CFDDCDEF721F5126A1C47 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe === C: other files == 2014-07-15 16:56:24 0D57D7E5B60C7489D3301A69EAB41235 637279 ----a-w- C:\Users\Patrick\AppData\Roaming\Opera Software\Opera Stable\dictionaries\nl.zip 2014-07-15 14:45:24 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Patrick\AppData\Local\Temp\_MEI40602\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2014-07-10 08:12:45 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2014-07-10 08:12:42 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-179884550-3252423631-3083744117-1000\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Spotify Web Helper"="C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "Facebook Update"="C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d" "BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iolo Startup"="C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" "Nikon Message Center 2"="C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s" "LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "Spotify Web Helper"="C:\Users\Patrick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "CAHeadless"="C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" "Facebook Update"="C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Norton Online Backup" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe" ==== Startup Folders ====================== 2014-02-16 12:44:13 2007 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-179884550-3252423631-3083744117-1000Core.job --a------ [Undetermined Task] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-179884550-3252423631-3083744117-1000UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Patrick-PC-Patrick" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"] "C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-179884550-3252423631-3083744117-1000Core" [C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-179884550-3252423631-3083744117-1000UA" [C:\Users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1405436332" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{C3263BAF-353A-4713-91AA-0CE46215BE8A}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] Google Docs - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1160 folders=110 34510535 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Patrick\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patrick\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 16/07/2014 at 21:11:42,98 ======================