Zoek.exe v5.0.0.0 Updated 24-12-2014 Tool run by puddinkje on zo 28-12-2014 at 20:17:27.76. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\puddinkje\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 28-12-2014 20:22:14 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~3\AMD deleted successfully C:\PROGRA~3\AVAST Software deleted successfully C:\PROGRA~3\CorelDRAW Graphics Suite X6 deleted successfully C:\PROGRA~3\Hi-Rez Studios deleted successfully C:\PROGRA~3\Solid State Networks deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} deleted successfully C:\PROGRA~3\{9AFAA151-B99A-445C-9941-187A5C7E83E3} deleted successfully C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully C:\PROGRA~3\{BCD5E71D-D7DA-44D2-8786-C12CCD8F1E3A} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\puddinkje\AppData\Roaming\FlashPlayer deleted successfully C:\Users\puddinkje\AppData\Roaming\FrameworkUpdate deleted successfully C:\Users\puddinkje\AppData\Roaming\TP deleted successfully C:\Users\puddinkje\AppData\Roaming\windows deleted successfully C:\Users\puddinkje\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\puddinkje\AppData\Local\calibre-cache deleted successfully C:\Users\puddinkje\AppData\Local\Downloaded Installations deleted successfully C:\Users\puddinkje\AppData\Local\kpn deleted successfully C:\Users\puddinkje\AppData\Local\StormFall deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04D26153-B571-4485-87B7-C4590E489F1D} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04ECA348-F723-4021-BB4B-338B05A5111E} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05E44BDD-07D4-4BAC-872B-B6ECCB2CA315} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0A4045A7-56C3-4585-A628-BAA78C3E895B} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BD1B228-2F7D-4713-922E-6AFA8E62AFD5} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D82D848-0009-408E-A451-25576510B432} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11CCF6BF-8A49-4DAA-9FEA-51E7C9EB6B22} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186344D2-0BB6-479B-A56E-DB91F951E606} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B76447E-162F-47DA-9DBB-0420E4707167} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D5CD56C-C248-42D0-B996-BD0F211B6A70} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DE10002-4BD1-4038-ABDA-016BA5618880} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20BD3C25-737D-4F8C-AF35-BA36519FD99F} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2359631A-3FDB-4C0E-85AC-79E9177EAE06} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29236429-4C74-4E26-8446-ED6ACDED6F1D} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31041CF3-D95E-4EF7-B74A-76DFD5127122} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34834CC2-5E33-4BB9-9AAB-0D25522BBED2} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4182B4B7-2611-4CA1-802F-E35873E54872} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E96847B-D6F2-4474-93F7-78E1B7265EC2} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5009009D-B050-417D-8282-EB37F97899D9} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52227B8D-0969-4A80-A8C2-BDA1EB88535D} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531E5217-7E08-4205-95D6-7B149ACAD68F} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{537FDBFF-A511-4C74-8CD6-B50BCB562965} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563F7E52-30BB-4819-B394-EB7EFF7FF27C} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61EEB0F2-B1C7-40B5-82F1-C2E16F622B60} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64FAC1E3-9997-4130-A654-6274CF069174} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{680DE769-94B2-4297-83E6-DE96E9C0DFF2} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A39075D-4772-411E-AB44-E57554E369F9} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BB82634-3F7A-497C-9CDF-949B1EB9C39C} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77F0C956-652E-4997-81D4-63D103A33611} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CF2ACF6-B43B-4F52-8321-FC53A6C382C8} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85CCAB64-8D63-4C3C-9E7B-A75EAE3B86CC} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886302C3-B805-413E-BF10-148EC232E1C4} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E0BAEE-0AC3-4884-A856-31D21A9E1026} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F5AB170-BFA9-4819-ACD2-7F97C95AA7C4} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F83E21A-3E2A-41E2-9462-E5766B6C389F} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{916C4D3A-4F2F-4466-B2D8-B7148FB7B5BB} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{957B1626-BAFE-4D4C-88B4-EB038865CBA6} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C48A10A-06E4-40DF-A323-ADCDE1A15C47} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A589889B-E8B0-418E-BEF3-2C618CE3C487} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6622612-6911-4EF6-85E0-1672A56C8862} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6DE5BA4-D9F1-4F9D-A8C7-C3E571B7091C} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7A2CA14-91CB-4EB1-BB35-468C2FB739B7} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD1E7060-EDD7-4A96-A033-E55D954993FA} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B820DF95-8EFF-4812-A974-97C5197EDBE4} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B83DD32B-9AC9-4E9E-9786-6F59DF9ABCFD} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAD0285F-D928-43DA-A96A-635710961432} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB89A6CA-A05D-422E-B5B9-5F31A77E7808} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D02D52AB-ED2F-422C-A108-20DAB4F4BC36} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D16D9204-335F-4826-B2AA-D4319C3B382B} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D35DDE09-F403-4524-9D80-F1561490BEEA} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6FEA8DF-FE21-4037-9C3E-962458939E10} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D90980F9-EC7B-4530-A6C7-4A8327D7AE8D} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBA31EE9-7FEA-4912-9D11-31ADE488BCBB} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E46F859B-8B9C-49D9-B5FB-036E8B59D07D} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7BDBF64-85F5-4EB4-9BE1-A87313340D83} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E908DF5E-FD65-436F-919C-FF6E33369245} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E97C89BE-943C-4A18-A4BD-7ADF2C09E378} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB338B27-941E-460C-A6A1-6F870578A059} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0DBF59C-9A41-4A26-9753-E0BB2BC3D073} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E817FD-96EE-4901-BB75-B968C4138932} deleted successfully HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63B4A65-96D9-425E-9D4E-5B5347373D21} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} not found C:\PROGRA~3\{9AFAA151-B99A-445C-9941-187A5C7E83E3} not found C:\PROGRA~3\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found C:\PROGRA~3\{BCD5E71D-D7DA-44D2-8786-C12CCD8F1E3A} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\ProgramData\Avg_Update_0814avt deleted C:\ProgramData\Avg_Update_1214tb deleted C:\PROGRA~3\Overwolf deleted C:\Users\puddinkje\AppData\Local\AVG Web TuneUp deleted C:\PROGRA~2\Intel Corporation deleted C:\PROGRA~2\AVG Web TuneUp deleted C:\install.exe deleted C:\PROGRA~3\AVG Web TuneUp deleted C:\PROGRA~3\Avg_Update_0414b deleted C:\PROGRA~3\Package Cache deleted C:\Users\puddinkje\AppData\LocalLow\surfcanyon deleted C:\Users\puddinkje\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\Windows\tasks\0814avtUpdateInfo.job deleted C:\windows\SysNative\tasks\0814avtUpdateInfo deleted C:\Windows\Launcher.exe deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\sho139.tmp deleted C:\Windows\Syswow64\sho182C.tmp deleted C:\Windows\Syswow64\sho18A5.tmp deleted C:\Windows\Syswow64\sho18C1.tmp deleted C:\Windows\Syswow64\sho1925.tmp deleted C:\Windows\Syswow64\sho1D06.tmp deleted C:\Windows\Syswow64\sho1F43.tmp deleted C:\Windows\Syswow64\sho20CA.tmp deleted C:\Windows\Syswow64\sho2198.tmp deleted C:\Windows\Syswow64\sho219A.tmp deleted C:\Windows\Syswow64\sho2422.tmp deleted C:\Windows\Syswow64\sho2648.tmp deleted C:\Windows\Syswow64\sho2650.tmp deleted C:\Windows\Syswow64\sho26AC.tmp deleted C:\Windows\Syswow64\sho2757.tmp deleted C:\Windows\Syswow64\sho29EE.tmp deleted C:\Windows\Syswow64\sho2A04.tmp deleted C:\Windows\Syswow64\sho2AEA.tmp deleted C:\Windows\Syswow64\sho2B8F.tmp deleted C:\Windows\Syswow64\sho2EA3.tmp deleted C:\Windows\Syswow64\sho30EB.tmp deleted C:\Windows\Syswow64\sho3127.tmp deleted C:\Windows\Syswow64\sho3183.tmp deleted C:\Windows\Syswow64\sho34DF.tmp deleted C:\Windows\Syswow64\sho3641.tmp deleted C:\Windows\Syswow64\sho3778.tmp deleted C:\Windows\Syswow64\sho37F.tmp deleted C:\Windows\Syswow64\sho399.tmp deleted C:\Windows\Syswow64\sho3BF7.tmp deleted C:\Windows\Syswow64\sho3C65.tmp deleted C:\Windows\Syswow64\sho3FA8.tmp deleted C:\Windows\Syswow64\sho3FB4.tmp deleted C:\Windows\Syswow64\sho4043.tmp deleted C:\Windows\Syswow64\sho4057.tmp deleted C:\Windows\Syswow64\sho408E.tmp deleted C:\Windows\Syswow64\sho42A7.tmp deleted C:\Windows\Syswow64\sho42B1.tmp deleted C:\Windows\Syswow64\sho4477.tmp deleted C:\Windows\Syswow64\sho4486.tmp deleted C:\Windows\Syswow64\sho4642.tmp deleted C:\Windows\Syswow64\sho4714.tmp deleted C:\Windows\Syswow64\sho4753.tmp deleted C:\Windows\Syswow64\sho483B.tmp deleted C:\Windows\Syswow64\sho48C5.tmp deleted C:\Windows\Syswow64\sho4F01.tmp deleted C:\Windows\Syswow64\sho5093.tmp deleted C:\Windows\Syswow64\sho511D.tmp deleted C:\Windows\Syswow64\sho5882.tmp deleted C:\Windows\Syswow64\sho599A.tmp deleted C:\Windows\Syswow64\sho5C55.tmp deleted C:\Windows\Syswow64\sho5D1E.tmp deleted C:\Windows\Syswow64\sho5D38.tmp deleted C:\Windows\Syswow64\sho5D8E.tmp deleted C:\Windows\Syswow64\sho61BC.tmp deleted C:\Windows\Syswow64\sho61C1.tmp deleted C:\Windows\Syswow64\sho6352.tmp deleted C:\Windows\Syswow64\sho63DA.tmp deleted C:\Windows\Syswow64\sho678B.tmp deleted C:\Windows\Syswow64\sho69A9.tmp deleted C:\Windows\Syswow64\sho6A11.tmp deleted C:\Windows\Syswow64\sho6CE2.tmp deleted C:\Windows\Syswow64\sho6D04.tmp deleted C:\Windows\Syswow64\sho6FA4.tmp deleted C:\Windows\Syswow64\sho706C.tmp deleted C:\Windows\Syswow64\sho7094.tmp deleted C:\Windows\Syswow64\sho7404.tmp deleted C:\Windows\Syswow64\sho7D60.tmp deleted C:\Windows\Syswow64\sho7DF1.tmp deleted C:\Windows\Syswow64\sho850A.tmp deleted C:\Windows\Syswow64\sho86F1.tmp deleted C:\Windows\Syswow64\sho90CC.tmp deleted C:\Windows\Syswow64\sho91EB.tmp deleted C:\Windows\Syswow64\sho99A4.tmp deleted C:\Windows\Syswow64\sho9A32.tmp deleted C:\Windows\Syswow64\sho9CA1.tmp deleted C:\Windows\Syswow64\sho9D2E.tmp deleted C:\Windows\Syswow64\sho9DD4.tmp deleted C:\Windows\Syswow64\sho9F4F.tmp deleted C:\Windows\Syswow64\shoA3F3.tmp deleted C:\Windows\Syswow64\shoA3FE.tmp deleted C:\Windows\Syswow64\shoA717.tmp deleted C:\Windows\Syswow64\shoAA6F.tmp deleted C:\Windows\Syswow64\shoACA9.tmp deleted C:\Windows\Syswow64\shoAF47.tmp deleted C:\Windows\Syswow64\shoB0ED.tmp deleted C:\Windows\Syswow64\shoB127.tmp deleted C:\Windows\Syswow64\shoB168.tmp deleted C:\Windows\Syswow64\shoB19.tmp deleted C:\Windows\Syswow64\shoB209.tmp deleted C:\Windows\Syswow64\shoB298.tmp deleted C:\Windows\Syswow64\shoB48D.tmp deleted C:\Windows\Syswow64\shoB9FD.tmp deleted C:\Windows\Syswow64\shoBA61.tmp deleted C:\Windows\Syswow64\shoBB56.tmp deleted C:\Windows\Syswow64\shoBDF0.tmp deleted C:\Windows\Syswow64\shoC096.tmp deleted C:\Windows\Syswow64\shoC18D.tmp deleted C:\Windows\Syswow64\shoC517.tmp deleted C:\Windows\Syswow64\shoC534.tmp deleted C:\Windows\Syswow64\shoC767.tmp deleted C:\Windows\Syswow64\shoC8A.tmp deleted C:\Windows\Syswow64\shoC91E.tmp deleted C:\Windows\Syswow64\shoCBAE.tmp deleted C:\Windows\Syswow64\shoCE96.tmp deleted C:\Windows\Syswow64\shoCEEB.tmp deleted C:\Windows\Syswow64\shoCF.tmp deleted C:\Windows\Syswow64\shoCF82.tmp deleted C:\Windows\Syswow64\shoCFE.tmp deleted C:\Windows\Syswow64\shoD29E.tmp deleted C:\Windows\Syswow64\shoD5D4.tmp deleted C:\Windows\Syswow64\shoD7B0.tmp deleted C:\Windows\Syswow64\shoD804.tmp deleted C:\Windows\Syswow64\shoDB87.tmp deleted C:\Windows\Syswow64\shoDE1.tmp deleted C:\Windows\Syswow64\shoE0C6.tmp deleted C:\Windows\Syswow64\shoE0D2.tmp deleted C:\Windows\Syswow64\shoE16A.tmp deleted C:\Windows\Syswow64\shoE26D.tmp deleted C:\Windows\Syswow64\shoE352.tmp deleted C:\Windows\Syswow64\shoE384.tmp deleted C:\Windows\Syswow64\shoE3A4.tmp deleted C:\Windows\Syswow64\shoE9C5.tmp deleted C:\Windows\Syswow64\shoEA14.tmp deleted C:\Windows\Syswow64\shoEAB4.tmp deleted C:\Windows\Syswow64\shoEB3F.tmp deleted C:\Windows\Syswow64\shoEEFD.tmp deleted C:\Windows\Syswow64\shoF3C5.tmp deleted C:\Windows\Syswow64\shoF632.tmp deleted C:\Windows\Syswow64\shoF832.tmp deleted C:\Windows\Syswow64\shoF892.tmp deleted C:\Windows\Syswow64\shoF934.tmp deleted C:\Windows\Syswow64\shoFA77.tmp deleted C:\Windows\Syswow64\shoFAB9.tmp deleted C:\Windows\Syswow64\shoFC28.tmp deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\puddinkje\Desktop\4K Video Downloader.lnk deleted "C:\Users\puddinkje\AppData\Roaming\qwertyuiop1234567890" deleted "C:\Users\puddinkje\AppData\Roaming\????" not deleted "C:\Users\puddinkje\AppData\Roaming\logs\launcher_init.log" deleted "C:\Users\puddinkje\AppData\Roaming\Nero\OnlineServices\1registrationinfo.xml" deleted "C:\Users\puddinkje\AppData\Roaming\skyz\mod_prerequisites\Forge10.13.2.1230.zip" deleted "C:\Users\puddinkje\AppData\Roaming\skyz\mod_temp\Pixelmon1.7.10.zip" deleted "C:\Users\puddinkje\AppData\Roaming\skyz\mod_temp\Pixelmon1.7.10.zip.txt" deleted "C:\Users\puddinkje\AppData\Local\Ifsoft\mc_net_source.dll" deleted "C:\Users\puddinkje\AppData\Local\Ifsoft\mc_net_source.dll" deleted "C:\Users\puddinkje\AppData\Local\YnPack\BthpanContextHandler.dll" deleted "C:\Program Files (x86)\Arc\Arc.exe" deleted "C:\Program Files (x86)\Arc\ArcOSBrowser.exe" deleted "C:\Program Files (x86)\Arc\ArcOverlayStub.dll" deleted "C:\Program Files (x86)\Arc\clientlog.txt" not deleted "C:\Program Files (x86)\Arc\CoreUI.dll" deleted "C:\Program Files (x86)\Arc\D3DCompiler_43.dll" deleted "C:\Program Files (x86)\Arc\D3DX9_43.dll" deleted "C:\Program Files (x86)\Arc\devtools_resources.pak" deleted "C:\Program Files (x86)\Arc\HttpDownloader.dll" deleted "C:\Program Files (x86)\Arc\icudt.dll" deleted "C:\Program Files (x86)\Arc\libcef.dll" deleted "C:\Program Files (x86)\Arc\libeay32.dll" deleted "C:\Program Files (x86)\Arc\libEGL.dll" deleted "C:\Program Files (x86)\Arc\libGLESv2.dll" deleted "C:\Program Files (x86)\Arc\PDL.dll" deleted "C:\Program Files (x86)\Arc\sqlite3.dll" deleted "C:\Program Files (x86)\Arc\winhttp.dll" deleted "C:\Program Files (x86)\Arc\ZUnZip.dll" deleted "C:\Users\puddinkje\AppData\Roaming\Arc\chat_a89723c453c3fa277e1ee70e0e01aabf.db" deleted "C:\Program Files (x86)\Arc\cef_cookies\Cookies" deleted "C:\Program Files (x86)\Arc\cef_cookies\Cookies-journal" deleted "C:\Program Files (x86)\Arc\font\Lucida Grande.ttf" deleted "C:\Program Files (x86)\Arc\font\OpenSans-Light.ttf" deleted "C:\Program Files (x86)\Arc\font\OpenSans-Regular.ttf" deleted "C:\Program Files (x86)\Arc\font\OpenSans-Semibold_0.ttf" deleted "C:\Program Files (x86)\Arc\locales\en-US.pak" deleted "C:\Program Files (x86)\Arc\Log\2014122820_85428.log" not deleted "C:\Program Files (x86)\Arc\Sounds\Message_Recieved.wav" deleted "C:\Program Files (x86)\Arc\pdlconfig\Log\2014122820_85428.log" not deleted "C:\Users\puddinkje\AppData\Roaming\logs" deleted "C:\Users\puddinkje\AppData\Roaming\Nero" deleted "C:\Users\puddinkje\AppData\Roaming\skyz" deleted "C:\Users\puddinkje\AppData\Roaming\Nero\OnlineServices" deleted "C:\Users\puddinkje\AppData\Roaming\skyz\mod_prerequisites" deleted "C:\Users\puddinkje\AppData\Roaming\skyz\mod_temp" deleted "C:\Users\puddinkje\AppData\Local\Ifsoft" not deleted "C:\Users\puddinkje\AppData\Local\Ifsoft" not deleted "C:\Users\puddinkje\AppData\Local\YnPack" not deleted "C:\Program Files (x86)\Arc" not deleted "C:\Users\puddinkje\AppData\Roaming\Arc" deleted "C:\Program Files (x86)\Arc\cef_cookies" deleted "C:\Program Files (x86)\Arc\font" deleted "C:\Program Files (x86)\Arc\locales" deleted "C:\Program Files (x86)\Arc\Log" not deleted "C:\Program Files (x86)\Arc\pdlconfig" not deleted "C:\Program Files (x86)\Arc\Sounds" deleted "C:\Program Files (x86)\Arc\pdlconfig\Log" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\PUDDIN~1\AppData\Local\Temp ==== 2014-12-28 15:05:54 2F8F1D62382AD78ACEB22C4E22C5EC59 53248 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\catchme.dll 2014-12-28 13:52:22 F78940628EB76AB6E654C19EE33F2F89 24743106 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\vlc-2.1.5-win32.exe 2014-12-27 09:56:09 9A5B14DAC3A09889A68D952A08E9666F 501416 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\tmpA1CA.exe 2014-12-20 15:08:39 F4F883EAF7F7413A085D9868511AF8A9 17408 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll 2014-12-20 15:08:33 1F2E782F590FD99E3E8820565A5D5EFB 17408 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll 2014-12-19 16:24:16 B9C125314A025127FE562C116D614AA3 178824 ----a-r- C:\Users\puddinkje\AppData\Local\Temp\ose00001.exe 2014-12-19 16:00:35 376962E46C0A36EA4AEDC40C9798483A 839760 ----a-w- C:\Users\puddinkje\AppData\Local\Temp\burnsetup.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-28 19:10:13 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-27 15:29:54 ADFB31FA72AFE0298A60BF4AC1045A42 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-12-27 15:29:53 98B3C919C6B9C5F810FF2CAFA339822B 186880 ----a-w- C:\Windows\SysWOW64\pku2u.dll 2014-12-27 15:29:51 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-12-27 15:29:51 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-12-27 15:29:34 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2014-12-20 09:51:56 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-12-20 09:51:56 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-12-20 09:41:07 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-12-20 09:41:07 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-12-20 09:41:05 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-12-20 09:41:04 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-12-20 09:41:04 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-12-20 09:41:03 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-12-20 09:40:56 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2014-12-20 09:31:41 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL 2014-12-20 09:31:32 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-12-20 09:31:31 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-12-20 09:31:31 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-28 19:05:26 1738AF59D7E2D56078A35CD2D2E1D5F4 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll 2014-12-27 15:29:55 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-12-27 15:29:55 8A8CB073A4B9F9D97CFA8CA9C1C851CE 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-12-27 15:29:53 1306E6A1BF4D506CD687DF9F947270F2 241152 ----a-w- C:\Windows\Sysnative\pku2u.dll 2014-12-27 15:29:35 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2014-12-20 09:51:56 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-12-20 09:51:56 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-12-20 09:41:08 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-12-20 09:41:07 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-12-20 09:41:05 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-12-20 09:41:05 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-12-20 09:41:04 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-12-20 09:41:03 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-12-20 09:40:56 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2014-12-20 09:40:55 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-12-20 09:31:42 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL 2014-12-20 09:31:32 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-12-20 09:31:32 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-12-20 09:31:32 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-12-20 09:31:32 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-12-20 09:31:31 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-27 15:29:54 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-12-25 12:07:21 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-12-25 12:06:56 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-12-25 12:06:56 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-12-25 12:06:56 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys ====== C:\Windows\Tasks ====== 2014-12-28 19:05:14 43F7B9DCF75C3408F720FAFFD6257206 3754 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS 2014-12-04 17:23:44 035BDD68F3207C8D296AC7F468EDB29B 3518 ----a-w- C:\Windows\Sysnative\Tasks\AdobeAAMUpdater-1.0-puddinkje-HP-puddinkje ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-28 19:04:28 -------- d-----w- C:\Program Files\Java 2014-12-28 17:36:26 -------- d-----w- C:\Program Files\trend micro 2014-12-19 16:56:55 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2014-12-19 16:56:26 -------- d-----w- C:\Program Files\Microsoft.NET 2014-12-19 16:55:31 -------- d-----w- C:\Program Files\Microsoft SQL Server 2014-12-19 16:52:48 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2014-12-19 16:52:38 -------- d-----w- C:\Program Files\Microsoft Office 2014-12-12 18:09:54 -------- d-----w- C:\Program Files\Handbrake 2014-12-05 14:57:57 -------- d-----w- C:\Program Files\OBS 2014-12-02 11:47:17 -------- d-----w- C:\Program Files\Adobe ======= C:\PROGRA~2 ===== 2014-12-28 19:09:36 -------- d-----w- C:\PROGRA~2\Java 2014-12-28 19:05:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-12-27 16:56:11 -------- d-----w- C:\PROGRA~2\Neverwinter_en 2014-12-27 16:19:21 -------- d-----w- C:\PROGRA~2\Arc 2014-12-20 10:05:37 -------- d-----w- C:\PROGRA~2\MSECache 2014-12-19 16:56:27 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server 2014-12-19 16:52:48 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services 2014-12-19 16:52:40 -------- d-----w- C:\PROGRA~2\Microsoft Office 2014-12-09 16:38:49 -------- d-----w- C:\PROGRA~2\Pivot Animator 2014-12-06 13:44:15 -------- d-----w- C:\PROGRA~2\Xvid 2014-12-05 14:57:56 -------- d-----w- C:\PROGRA~2\OBS 2014-12-04 16:06:14 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe AIR 2014-12-02 19:32:25 -------- d-----w- C:\PROGRA~2\Mirillis ======= C: ===== ====== C:\Users\puddinkje\AppData\Roaming ====== 2014-12-28 19:05:31 -------- d-----w- C:\Users\puddinkje\AppData\Locallow\Oracle 2014-12-28 14:34:43 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\MPC-HC 2014-12-27 21:53:49 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help 2014-12-27 21:53:49 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help 2014-12-21 13:29:46 -------- d-----w- C:\Users\puddinkje\AppData\Local\YnPack 2014-12-21 12:08:03 -------- d-----w- C:\Users\puddinkje\AppData\Local\Ifsoft 2014-12-19 16:01:09 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-05 15:05:46 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\OBS 2014-12-05 14:57:59 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-12-03 14:58:14 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\Mirillis 2014-12-02 14:18:54 8E7F352786FABCF9D34CC63B9E952058 132 ----a-w- C:\Users\puddinkje\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-12-02 12:03:42 -------- d-----w- C:\Users\puddinkje\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 ====== C:\Users\puddinkje ====== 2014-12-28 19:04:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-28 18:46:44 733F8838A4FA8CF66FE0799A467E5EB5 92658088 ----a-w- C:\Users\puddinkje\Downloads\jre-8u25-windows-x64.exe 2014-12-28 18:27:32 B02DE97F5B3024F63A5C108BBFFD905B 638376 ----a-w- C:\Users\puddinkje\Downloads\jre-8u25-windows-i586-iftw.exe 2014-12-28 17:35:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\puddinkje\Desktop\RSITx64.exe 2014-12-28 14:32:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack 2014-12-28 14:27:08 227B084CE0B1EDC6F73159C6D229A6B2 31894592 ----a-w- C:\Users\puddinkje\Downloads\media.player.codec.pack.v4.3.4.setup.exe 2014-12-27 16:22:12 -------- d-----w- C:\Users\Public\Documents\Arc 2014-12-27 16:19:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-12-27 16:10:15 21A38FB692EDA13CBDF1E0A55C1B0953 10306616 ----a-w- C:\Users\puddinkje\Downloads\ArcInstall_NW_20141223.exe 2014-12-27 10:17:50 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\puddinkje\Desktop\adwcleaner_4.106.exe 2014-12-19 17:16:32 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2014-12-19 16:57:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-12-19 16:56:14 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft 2014-12-19 16:01:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs 2014-12-18 13:47:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\@system.temp 2014-12-09 16:39:01 -------- d-----w- C:\ProgramData\Pivot Animator 2014-12-09 16:38:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Animator 2014-12-06 13:44:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2014-12-06 08:55:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs 2014-12-06 08:55:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-02 19:32:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2014-11-28 20:32:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberStep, Inc ====== C: exe-files == 2014-12-28 19:09:51 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2014-12-28 19:09:51 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2014-12-28 19:09:51 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2014-12-28 19:09:51 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2014-12-28 19:09:51 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2014-12-28 19:09:51 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2014-12-28 19:09:51 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2014-12-28 19:09:51 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2014-12-28 19:09:51 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2014-12-28 19:09:51 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2014-12-28 19:09:51 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2014-12-28 19:09:51 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-12-28 19:09:51 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2014-12-28 19:09:51 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-12-28 19:09:51 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2014-12-28 19:09:51 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2014-12-28 19:09:51 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2014-12-28 19:09:50 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2014-12-28 19:09:50 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2014-12-28 19:09:50 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2014-12-28 19:09:50 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2014-12-28 19:04:58 83A17CFF2CF0E9E02B342F52B5F1EF6C 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-12-28 19:04:58 70CF52440D822C531623014383EB860F 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-12-28 19:04:58 689BF70CD2AAFF5F9853F8AAF69847C0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-12-28 19:04:39 E512E19ABB0905DDD6966D8A285378F1 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmid.exe 2014-12-28 19:04:39 E4637864454A133F78366F9EE8F13DAE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\keytool.exe 2014-12-28 19:04:39 D2440F16BB04B2BA00E6B7D3B16386B0 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jjs.exe 2014-12-28 19:04:39 B46B4608D10D2999F09F610E1F3598C1 99240 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-12-28 19:04:39 ABE7423B4F03500EE51BCCA239856F75 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\pack200.exe 2014-12-28 19:04:39 A7812249FF577AE77DC2974C4179C233 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-12-28 19:04:39 A18D9444F006007569AE38BA4BC7587D 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\policytool.exe 2014-12-28 19:04:39 74295D477250AD744520D5C0321D6486 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\tnameserv.exe 2014-12-28 19:04:39 2BF5652B3E0ACABE545186725B47BB7B 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ktab.exe 2014-12-28 19:04:39 1C95FFFA46178E256C878AC59501303A 66472 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\ssvagent.exe 2014-12-28 19:04:39 19FBC4DF38E7813B541AF6056454ABB6 197544 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\unpack200.exe 2014-12-28 19:04:39 15FC3374508FCDBFA9EE6BCEE79516AE 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\kinit.exe 2014-12-28 19:04:39 15F93809B280128FB304AD7F3480A544 16808 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\servertool.exe 2014-12-28 19:04:39 147355AED2BC7E5E4AD517F8460F70F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\klist.exe 2014-12-28 19:04:39 0111B4B086BC3FC50A6A2A3BB4FF33B6 16296 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\orbd.exe 2014-12-28 19:04:38 C1228BDB2C61E626F8E4F3C1D1AA3169 34216 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\jabswitch.exe 2014-12-28 19:04:38 83A17CFF2CF0E9E02B342F52B5F1EF6C 190888 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java.exe 2014-12-28 19:04:38 70CF52440D822C531623014383EB860F 191400 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaw.exe 2014-12-28 19:04:38 689BF70CD2AAFF5F9853F8AAF69847C0 320936 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javaws.exe 2014-12-28 19:04:38 0D1BED637BC1D3B5EE6A66B1A92005D5 15784 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\java-rmi.exe 2014-12-28 19:04:38 0181F6F681D28D596D71FAEBAEBFB9CB 77224 ----a-w- C:\Program Files\Java\jre1.8.0_25\bin\javacpl.exe 2014-12-28 18:03:21 050CC7FA558FFA36657EC889DE72638F 40353656 ----a-w- C:\Program Files (x86)\Neverwinter_en\Neverwinter\Live\GameClient.exe 2014-12-28 18:03:16 B692BCA816211338BBBB5FCFB0ED5384 7652864 ----a-w- C:\Program Files (x86)\Neverwinter_en\Neverwinter\Live\crypticError.exe 2014-12-28 17:36:29 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\puddinkje.exe 2014-12-28 15:20:09 E77A980884B0FAAF8A7DF79A8DF29CFF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$INPDE2U.exe 2014-12-28 14:50:48 E3A4B873FDCCC484A4F2C4172949E38B 126976 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\zip.exe 2014-12-28 14:50:48 CE3C47F895F74A090EFAE7CE558335F1 8192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\RestartIt!.exe 2014-12-28 14:50:48 C9EC50F5C28F9A4D979347E31A7D0781 41472 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\WINMSG.EXE 2014-12-28 14:50:48 C742F34713915F957B70CCEF2630F930 49152 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\LS.exe 2014-12-28 14:50:48 C16B1595E3C2FFC875EF28BF66EC557F 40960 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\swsc.exe 2014-12-28 14:50:48 B836BA4579DE0FADD1142CC47A3AF756 204800 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\UnRAR.exe 2014-12-28 14:50:48 AB44CCD0FA8E55EF88DB941EEF95560A 49152 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\vfind.exe 2014-12-28 14:50:48 A48B1C06219A01A60CD8D4D45440BDE9 31232 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\sc.exe 2014-12-28 14:50:48 A28D30E464E6172E00A99784FA66F517 61440 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\psservice.exe 2014-12-28 14:50:48 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\grep.exe 2014-12-28 14:50:48 7CD73A47284F352988E7FD76975D3604 49152 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\SF.exe 2014-12-28 14:50:48 783AFC80383C176B22DBF8333343992D 146432 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\regedit.exe 2014-12-28 14:50:48 774DF97A82E9465F7B22FEF21E84B87F 6656 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\MD5File.exe 2014-12-28 14:50:48 75375C22C72F1BEB76BEA39C22A1ED68 167936 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\unzip.exe 2014-12-28 14:50:48 7397F6EE4A9601A123B645C0CD428017 53248 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Process.exe 2014-12-28 14:50:48 6F06118F68E7BD7EBD1C66255DF5CAC8 19456 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\shutdown.exe 2014-12-28 14:50:48 6D2C398E03397C9D089EDC0F00AB3FCB 61440 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\download.exe 2014-12-28 14:50:48 467F6D528EA1A9B8444041EA288A2EEA 33280 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\isadmin.exe 2014-12-28 14:50:48 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\ERUNT.EXE 2014-12-28 14:50:48 245B0677824FA45EDC375E4314F3ED47 10240 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\cliptext.exe 2014-12-28 14:50:48 142056CE2D303BF3E78B876F3F67040B 27136 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\FixPath.exe 2014-12-28 14:50:48 0B66968310A86CAB547AC1539446266D 16414 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\procs.exe 2014-12-28 14:50:48 098D1E9C1B749142F999973C794BE54D 38400 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\moveex.exe 2014-12-28 14:50:47 20BB6E71B06C072260C51E6325B33B3C 145920 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\catchme.exe 2014-12-28 14:50:47 20BB6E71B06C072260C51E6325B33B3C 145920 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Cghtme.exe 2014-12-28 14:49:14 0B7A73062DA31DEB362EFF28BFD4076E 1529241 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$RNPDE2U.exe 2014-12-27 16:19:19 39F85A2FC72F25CD1FE3A67E0E20DADE 867200 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe 2014-12-27 14:58:45 1979CA9787490CE253483544CFAC52D1 310272 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD02.exe 2014-12-26 21:12:11 47FE2159F58CE309EC65578425320261 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$I9J4PZ3.exe 2014-12-26 21:02:14 D23E9952A915FA40E3176228C412E1C2 123552 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\customhook\AdobeIPCBrokerCustomHook.exe 2014-12-26 21:02:14 1F540E698C9E7B1558D64F863C9B04D8 769696 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe 2014-12-26 21:01:58 FD027C7EC2FB691FE63249FF66CB61FA 385192 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\AAM Registration Notifier.exe 2014-12-26 21:01:58 7820EBCCA532B3DE02E52D0DA17A4929 2598544 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe 2014-12-26 21:01:52 ABB241C563C9E817B95DFA59974268C7 557768 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe 2014-12-26 21:01:51 59AE2CEBFA0DCE535162043253247BDC 301256 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updatercorehelper.exe 2014-12-26 21:01:50 D895A1B39039D083F7535C9215E3BD95 3122376 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\Adobe Application Manager (Updater).exe 2014-12-26 21:01:50 4733CDEE221045083EDA6B5D23D5650B 504520 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAMLauncher.exe 2014-12-26 21:01:49 AAA4631DB753E09927A75F36E8ABEB4D 1038504 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe 2014-12-26 21:01:44 81BFE542A8A2762229FBC08CACCF6391 357520 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\LWA\adobe_licutil.exe 2014-12-26 21:01:44 28F9D71A30C9F9B9965F7EEE064EAC07 268456 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\LWA\AAM Registration Notifier.exe 2014-12-26 21:01:38 A8D246A787498A7E92489FE3ADA24EA3 1749136 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe 2014-12-26 21:01:38 528A2D2922A5B146DD5BDE0F2E93DD14 297128 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\AAM Registration Notifier.exe 2014-12-26 21:01:37 716633BFB1E36D136865CC9CF2F71577 119464 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\TokenGenerator64.exe 2014-12-26 21:01:37 4C2E4B210A8DE1999922C1D2D0BEB93A 404120 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\Setup.exe 2014-12-26 21:01:36 91631B3688BA2C3AE2E13CFA0FEC45C4 355992 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\CustomHook_Helperx64.exe 2014-12-26 21:01:36 84AB620F19770A7186CF58CE34F05959 80536 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\TokenResolverx64.exe 2014-12-26 21:01:35 6EAFA76D2C2D655977D5EC29E0528E1F 2050712 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx32.exe 2014-12-26 21:01:35 65360056BE3773330AED9E99F8B5D9FE 108696 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\TokenResolverx64.exe 2014-12-26 21:01:35 17DDD6077F6AF58B285A4EEECE917A2C 2591896 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE5\resources\libraries\Adobe_Helperx64.exe 2014-12-26 21:01:35 170CEF40D1C2A6A0FB598A8F0D854E07 381592 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\CustomHook_Helperx64.exe 2014-12-26 21:01:34 E71790ADE62E60BF58AA3E9ACC20A5BC 2591384 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx64.exe 2014-12-26 21:01:34 57611A9B724A4C99F901AE632CD19935 2050712 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\DE6\resources\libraries\Adobe_Helperx32.exe 2014-12-26 21:01:33 8A5AACE1A07FE8356F6C9AC19B42614F 710808 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\Setup.exe 2014-12-26 21:01:33 2B2504BF09D2CC6EDE263A10AD4FDFA8 30360 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DECore\PlatformUtil.exe 2014-12-26 21:01:31 CF25786649E1212488D86036A81D714C 273064 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\D6\TokenGenerator64.exe 2014-12-26 21:01:31 263205D5A83E3D7F105DE68684B292CC 140440 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\D6\Setup.exe 2014-12-26 21:01:27 346556D43E314FA0468B2B69A636645E 2752168 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe 2014-12-26 21:01:26 AA00D9A681DD5B86122A02B27B6C436D 446120 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\AAMLauncherUtil.exe 2014-12-26 21:01:25 BAB3D7EF49A4719DA9AE7278C020E49A 279208 ------w- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\AAMCustomHook.exe 2014-12-26 17:31:52 D96B2101BC1E2973C3A081859BB0E84B 16262656 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R1I7LTJ\Action\Mirillis Action! 1.12.1.0 Full Con Crack\Crack\Action.exe 2014-12-26 17:31:49 CDC248E9846B713DE6538ECC2F5F8AFD 18783952 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R1I7LTJ\Action\Mirillis Action! 1.12.1.0 Full Con Crack\action_1_12_1_setup.exe 2014-12-25 12:10:29 73C45C27346E86D2CAB834238419AC3E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IQARJ04.exe 2014-12-25 12:06:24 6F4F64F8A0C7D5BECB3BAABB18DCA9F4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$ISXGRDZ.exe 2014-12-25 12:06:13 D2C7B60536DF9C63B9842AC60C5BEE19 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$I9UPWPG.exe 2014-12-25 12:06:13 62D592C8912D1C974165BF2C9ADE3773 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$I4KDO5Y.exe 2014-12-25 12:05:16 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R9J4PZ3.exe 2014-12-25 12:04:20 4821A6F8A8080470BADE70086DBAEF36 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IZ9SGBS.exe 2014-12-25 12:03:45 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$RSXGRDZ.exe 2014-12-25 12:03:10 2AF5A9D3571462BDBFCC6225E98520B3 829042 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$RZ9SGBS.exe 2014-12-24 16:30:10 87BFF3C950A27E31AF136F4DDC8DAE1A 189952 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp288.exe === C: other files == 2014-12-28 19:09:51 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-28 19:04:40 E6188BE460746F84D5F3EAEE736FE1CA 14130 ----a-w- C:\Program Files\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-28 14:50:48 DF012C2853281CE2BF536E8DE871C8C1 4080 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\w2k\beep.sys 2014-12-28 14:50:48 DA1F27D85E0D1525F6621372E7B685E9 4224 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\xp\beep.sys 2014-12-28 14:50:48 79C42F486A1186BF71BCC9C345C20AB3 1024 ---ha-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\dummy.sys 2014-12-28 14:50:48 79C42F486A1186BF71BCC9C345C20AB3 1024 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\dummy.sys 2014-12-28 14:50:48 73C1E1F395918BC2C6DD67AF7591A3AD 2944 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\xp\null.sys 2014-12-28 14:50:48 280209CDE798720A24D232BF9CFDA8E9 2800 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\w2k\null.sys 2014-12-28 14:50:47 D92A15991E72C49BBA284963CC037B4A 964661 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\RunThis.bat 2014-12-28 14:50:47 D86C4FB68554EF14AECEBAAE2E378663 11932 ---ha-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\DBFix.bat 2014-12-28 14:50:47 BE67D29CA914DE072D9971E3FFFC4050 50620 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\xp\command.com 2014-12-28 14:50:47 637FBE19B26D3B7A6BC06EC270559A2E 50620 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\Replace\w2k\command.com 2014-12-28 14:50:47 321E0B208545A9C4610A2146417E7E2C 11254 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$R7YVXFJ\apps\locate.com 2014-12-25 12:11:54 2AFCD5ABA0EF8AA86257B39CE09BF4AF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IJ04LYC.zip 2014-12-25 12:10:45 C91250758D9C31F9D57D13DD9B5F860D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IRJZU6G.zip 2014-12-25 12:10:34 D28CFBF25B13111F8C713BDEBE190536 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IEV20OI.zip 2014-12-25 12:10:34 735A9FCCF80B2F09A72975B69369C4C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2580859804-3844054461-1287543860-1000\$IF93YRC.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2580859804-3844054461-1287543860-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe" "Uhmedia"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\puddinkje\AppData\Local\Ifsoft\mc_net_source.dll" "YnPack"="regsvr32.exe C:\Users\puddinkje\AppData\Local\YnPack\BthpanContextHandler.dll" "HP Photosmart 5510 series (NET)"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe -deviceID CN16K050T505NR:NW -scfn HP Photosmart 5510 series (NET) -AutoStart 1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "HPConnectionManager"="C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "Codec Settings UAC Manager"="C:\Windows\system32\C2MP\CodecUACManager.exe" "KPN Assistent"="C:\Program Files (x86)\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe /auto" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe" "Uhmedia"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\puddinkje\AppData\Local\Ifsoft\mc_net_source.dll" "YnPack"="regsvr32.exe C:\Users\puddinkje\AppData\Local\YnPack\BthpanContextHandler.dll" "HP Photosmart 5510 series (NET)"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe -deviceID CN16K050T505NR:NW -scfn HP Photosmart 5510 series (NET) -AutoStart 1" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel Wireless Tray" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming" "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe /startup" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "AVG-Secure-Search-Update_0214c"="C:\\Users\\puddinkje\\AppData\\Roaming\\AVG 0214c Campaign\\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=47ee8bc971c747d094376d3e71014997-811b38da5d5beaf491a0685e2227c9f93b9b038a /CMPID=0214c" "MicroUpdate"="C:\\Windows\\system32\\MSDCSC\\4WJigGCiUWUJ\\msdcsc.exe" "IExplorer"="C:\\ProgramData\\IExplorer.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\"" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "HP Software Update"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Creative Cloud" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\puddinkje\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Connectify Dispatch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Connectify Dispatch" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Connectify\\DispatchUI.exe autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Connectify Hotspot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Connectify Hotspot" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Connectify\\Connectify.exe autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kxesc] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kxesc" "hkey"="HKLM" "command"="\"c:\\program files (x86)\\kingsoft\\kingsoft antivirus\\kxetray.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogMeIn Hamachi Ui" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Lync" "hkey"="HKCU" "command"="\"C:\\Program Files\\Microsoft Office\\Office15\\lync.exe\" /fromrunkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Raptr" "hkey"="HKCU" "command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\puddinkje\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\puddinkje\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" "item"="Uninstall C:\\Users\\puddinkje\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910\\amd64" "hkey"="HKCU" "command"="C:\\Windows\\system32\\cmd.exe /q /c rmdir /s /q \"C:\\Users\\puddinkje\\AppData\\Local\\Microsoft\\SkyDrive\\16.4.6013.0910\\amd64\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uninstall C:\Users\puddinkje\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk] "item"="CodecPackUpdateChecker" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CodecPackUpdateChecker.lnk" "backup"="C:\\Windows\\pss\\CodecPackUpdateChecker.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\SysWOW64\\C2MP\\UPDATE~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^puddinkje^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk] "path"="C:\\Users\\puddinkje\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Curse.lnk" "backup"="C:\\Windows\\pss\\Curse.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\PUDDIN~1\\AppData\\Roaming\\CURSEC~1\\Bin\\Curse.exe /startup" "item"="Curse" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^puddinkje^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^start.lnk] "path"="C:\\Users\\puddinkje\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\start.lnk" "backup"="C:\\Windows\\pss\\start.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\PUDDIN~1\\9C5N7K~1\\90645.vbs " "item"="start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Connectify] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HiPatchService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\tor] ==== Startup Folders ====================== 2012-09-02 15:41:53 1952 ----a-w- C:\Users\puddinkje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - .lnk 2014-11-03 15:44:34 1952 ----a-w- C:\Users\puddinkje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 5510 series (netwerk).lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\HP Photo Creations Messager.job --a------ C:\ProgramData\HP Photo Creations\MessageCheck.exe [15-02-2011 11:11] C:\Windows\tasks\HPCeeScheduleForpuddinkje.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-puddinkje-HP-puddinkje" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForpuddinkje" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCustParticipation HP Photosmart 5510 series" ["C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe"] "C:\Windows\SysNative\tasks\hpUrlLauncher.exe_{6F285966-73F3-4017-A8C0-FBC0D7BC860A}" [C:\Program Files\HP\HP Photosmart 5510 series\Bin\utils\hpUrlLauncher.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1390580060" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\SetupManager" ["C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe"] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7D60E71F-9576-456D-9960-72FAC07E2415}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A18A7052-D752-4294-BF69-8BCFCA73721F}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{2EB39FE8-FC0B-47C5-8D73-CDFFBE30DB56}" [C:\Users\puddinkje\Downloads\OSBot\OSBot\OSBot.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [31-08-2013 12:00] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\puddinkje\AppData\Local\Google\Chrome deleted Fake profile C:\Users\puddinkje\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\puddinkje\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aepeildmfnnehghlknddebgjghlompfe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[11-02-2011 11:37] ==== Chromium Fix ====================== C:\Users\puddinkje\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\puddinkje\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.bing.com?pc=HPNTDF" "Default_Search_URL"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Default_Search_URL"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Bar"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Page"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Default_Search_URL"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Bar"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Page"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=42826&st=bs&tid=3373&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=42826&st=bs&tid=3373&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.certified-toolbar.com?si=42826&st=bs&tid=3373&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.certified-toolbar.com?si=42826&st=bs&tid=3373&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="www.google.com/" "Default"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Default_Search_URL"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Bar"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Page"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Start Default_Page_URL"="http://search.certified-toolbar.com?si=42826&st=home&tid=3373" "Default_Search_URL"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Bar"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" "Search Page"="http://search.certified-toolbar.com?si=42826&tid=3373&st=bs&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify Dispatch deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify Hotspot deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxesc deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\puddinkje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\puddinkje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\puddinkje\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1149 folders=175 542371768 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\puddinkje\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\PUDDIN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Users\puddinkje\AppData\Roaming\????" not deleted "C:\Program Files (x86)\Arc\clientlog.txt" not found "C:\Program Files (x86)\Arc\Log\2014122820_85428.log" not found "C:\Program Files (x86)\Arc\pdlconfig\Log\2014122820_85428.log" not found "C:\Users\puddinkje\AppData\Local\Ifsoft" not found "C:\Users\puddinkje\AppData\Local\Ifsoft" not found "C:\Users\puddinkje\AppData\Local\YnPack" not found "C:\Program Files (x86)\Arc" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 28-12-2014 at 21:02:16.57 ======================