
Zoek.exe v5.0.0.0 Updated 20-Januari-2014
Tool run by peter on ma 20-01-2014 at 21:14:55,00.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\peter\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-01-20-200634.log	409 bytes

==== Empty Folders Check ======================

C:\Users\peter\AppData\Local\TSVNCache deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\ProgramData\14dc770721b6144e deleted
C:\ProgramData\InstallMate deleted
C:\Users\peter\.android deleted
C:\Users\peter\AppData\Roaming\burnaware.ini deleted
C:\Users\peter\AppData\Roaming\CamStudio.Producer.Data.ini deleted
C:\Users\peter\AppData\Roaming\CamStudio.Producer.ini deleted
C:\Windows\wininit.ini deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCall.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla2.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla21.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla31.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla31.exe" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla32.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla33.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla34.dll" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla37.exe" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseData.ini" deleted
"C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP" deleted

==== Folders Found In C:\Users\peter\AppData\Roaming\Poedit ======================

2013-12-29 22:25:12	d-----w-	C:\Users\peter\AppData\Roaming\Poedit\TranslationMemory

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-01-19 15:25:23	E185BDA84E5F03F4E1D8DCA30E209277	1912	----a-w-	C:\Windows\epplauncher.mif
====== C:\Users\peter\AppData\Local\Temp ====
2014-01-19 19:18:47	6BA3DEFF639290E84D20A89CBE820AC8	1524736	----a-w-	C:\Users\peter\AppData\Local\Temp\lptmp760271832\nplastpass.dll
2014-01-19 19:18:47	1558AD88A9564E31A7007224987481F9	1977344	----a-w-	C:\Users\peter\AppData\Local\Temp\lptmp760271832\nplastpass64.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-01-17 18:45:45	4A90FD7998398028205D12E141911EBF	507240	----a-w-	C:\Windows\SysWOW64\hmpalert.dll
2014-01-17 18:38:45	95E15A2DE75AB48728AB8E1911C3EDB1	264616	----a-w-	C:\Windows\SysWOW64\javaws.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-17 18:45:45	4036CC9D88931741CF6EE934428E9DD6	530768	----a-w-	C:\Windows\Sysnative\hmpalert.dll
2014-01-17 18:23:06	B0E0319F238AAF6B0A35EB019BD7101C	3868	----a-w-	C:\Windows\Sysnative\.crusader
2014-01-15 19:09:10	F2BF71FCEAB8FB8A691408C478E2FF4C	3156480	----a-w-	C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2014-01-19 13:50:19	0CBEA4B225BCE9276D7B2DEF49AF5766	1200	----a-w-	C:\Windows\Sysnative\drivers\kgpcpy.cfg
2014-01-19 13:09:11	1490E7C7A22329BE5641D4C2E16B868E	61216	----a-w-	C:\Windows\Sysnative\drivers\sbhips.sys
2014-01-19 13:09:08	D8E08D2D24E777894744B657EA78796A	258848	----a-w-	C:\Windows\Sysnative\drivers\SbFw.sys
2014-01-19 13:09:08	032CBD1D453D3BD4B38DE06AC4F8B8B4	120064	----a-w-	C:\Windows\Sysnative\drivers\SbFwIm.sys
2014-01-17 18:45:45	89F3348D9E277EBA4FDFCEE1970692DE	50920	----a-w-	C:\Windows\Sysnative\drivers\hmpalert.sys
2014-01-15 19:09:10	FFA06EF43987ED0DD42AD59B260C0C78	7808	----a-w-	C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 19:09:10	DD253AFC3BC6CBA412342DE60C3647F3	30720	----a-w-	C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 19:09:10	DCA68B0943D6FA415F0C56C92158A83A	99840	----a-w-	C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 19:09:10	8D1196CFBB223621F2C67D45710F25BA	343040	----a-w-	C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 19:09:10	765A92D428A8DB88B960DA5A8D6089DC	25600	----a-w-	C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 19:09:10	18A85013A3E0F7E1755365D287443965	53248	----a-w-	C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 19:09:10	12FEB33791920678F8433701C822BCFD	325120	----a-w-	C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 19:09:09	3555BA97171CD153118F73FDCCC8BFDE	376768	----a-w-	C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-01-19 19:00:57	--------	d-----w-	C:\Program Files\trend micro
2014-01-17 18:17:31	--------	d-----w-	C:\Program Files\HitmanPro
======= C:\PROGRA~2 =====
2014-01-19 12:54:04	--------	d-----w-	C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-01-17 18:45:45	--------	d-----w-	C:\PROGRA~2\HitmanPro.Alert
2013-12-30 16:19:39	--------	d-----w-	C:\PROGRA~2\DiskImager
======= C: =====
2013-12-28 16:33:01	CE35E52B8EB8C7C9C537FF8543E91291	291274	----a-w-	C:\Mijn_Tips_Icoon.ico
====== C:\Users\peter\AppData\Roaming ======
2014-01-17 14:27:39	F5F755235D9E280848248EB70320F088	40	----a-w-	C:\Users\peter\AppData\Roaming\mbam.context.scan
2014-01-17 14:12:55	--------	d-----w-	C:\Users\peter\AppData\Local\Comodo
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Gast\AppData\Local\Torch
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Gast\AppData\Local\Google
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Gast\AppData\Local\Comodo
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Administrator\AppData\Local\Torch
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Administrator\AppData\Local\Google
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Administrator\AppData\Local\Comodo
2013-12-30 18:28:23	--------	d-----w-	C:\Users\peter\AppData\Roaming\PDAppFlex
2013-12-29 22:25:12	--------	d-----w-	C:\Users\peter\AppData\Roaming\Poedit
====== C:\Users\peter ======
2014-01-20 17:16:07	--------	dc-h--w-	C:\ProgramData\{1D26C5A0-32ED-4A2F-996D-A31EF7CD305F}
2014-01-19 19:16:42	76A8C7C28321C2FD6AC92443A137B08B	13024768	----a-w-	C:\Users\peter\Downloads\lastpass_x64.exe
2014-01-19 19:00:21	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\peter\Downloads\RSITx64.exe
2014-01-19 15:12:56	15C61EC80C64A98C12518956D0E0C45A	3571656	----a-w-	C:\Users\peter\Downloads\ccsetup409_slim.exe
2014-01-19 15:09:27	F32D460C13482011E7BEA3B2F07A9965	379904	----a-w-	C:\Users\peter\Downloads\7ty4rnms.exe
2014-01-19 14:13:35	EE386D5ACB945089BCD91766697224BB	1037068	----a-w-	C:\Users\peter\Downloads\JRT.exe
2014-01-19 14:13:05	23DDCE98703DBD12117308D86464B9A3	4406784	----a-w-	C:\Users\peter\Downloads\RogueKillerX64.exe
2014-01-19 13:42:27	29702C25639B549AC5221E546545D56B	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer (2).exe
2014-01-19 13:08:30	3CC50BD1A83575B24647106271785B6D	10728088	----a-w-	C:\Users\peter\Downloads\XoftSpy_AV_Setup.exe
2014-01-19 13:07:34	3BF5608BD9B2592070D02EE4BDAD96D6	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer (1).exe
2014-01-19 13:03:36	8F41B14286A6667D7713E9D6B33A1EA2	707664	----a-w-	C:\Users\peter\Downloads\SZSetup_AID10121_AV.exe
2014-01-19 12:38:24	3BF5608BD9B2592070D02EE4BDAD96D6	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer.exe
2014-01-17 18:45:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-01-17 18:40:39	1393FBD6435180ABCD55AA93C56579E4	1830768	----a-w-	C:\Users\peter\Downloads\hmpalert.exe
2014-01-17 18:20:09	D093FD9D7785AE45700C1DDAB5215426	1855848	----a-w-	C:\Users\peter\Downloads\hmpalert25.exe
2014-01-17 18:16:58	--------	d-----w-	C:\ProgramData\HitmanPro
2014-01-17 18:16:41	76874123C258B0FE7A5E7E8F71555D52	10264904	----a-w-	C:\Users\peter\Downloads\HitmanPro_x64.exe
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Gast\AppData
2014-01-17 14:12:55	--------	d-----w-	C:\Users\Administrator\AppData
2014-01-12 12:24:57	28C78DEB8457C6740406BFD9BE65390F	14221336	----a-w-	C:\Users\peter\Downloads\AiRoboForm-cnetc.exe

====== C: exe-files ==
2014-01-20 17:16:08	A5B8A4F4529B3EBCC80E257122944A09	4179344	-c--a-w-	C:\ProgramData\{1D26C5A0-32ED-4A2F-996D-A31EF7CD305F}\FlashFXP_Setup.exe
2014-01-20 17:16:07	FBB21E2C2A048E3D3D348F7BB30F01AC	5567312	-c--a-w-	C:\ProgramData\{1D26C5A0-32ED-4A2F-996D-A31EF7CD305F}\OFFLINE\5460B22C\7457FE6A\FlashFXP.exe
2014-01-19 19:19:37	466836178A61766DCFD76CFAB36742D7	1616384	----a-w-	C:\Program Files (x86)\LastPass\nplastpass.exe
2014-01-19 19:18:47	1AF1DE0DEE762C1F4D6A4DE2A1975CF1	169984	----a-w-	C:\Users\peter\AppData\LocalLow\LastPass\wlandecrypt.exe
2014-01-19 19:18:47	1AF1DE0DEE762C1F4D6A4DE2A1975CF1	169984	----a-w-	C:\Program Files (x86)\LastPass\wlandecrypt.exe
2014-01-19 19:18:22	D6B5B449F450B5CBB81F69BB625D48AB	180736	----a-w-	C:\Program Files (x86)\LastPass\WinBioStandalone.exe
2014-01-19 19:18:22	786BB3F501406196DA7AAE8B5180994E	64536	----a-w-	C:\Program Files (x86)\LastPass\LastPassBroker.exe
2014-01-19 19:18:21	786BB3F501406196DA7AAE8B5180994E	64536	----a-w-	C:\Users\peter\AppData\LocalLow\LastPass\LastPassBroker.exe
2014-01-19 19:18:00	76A8C7C28321C2FD6AC92443A137B08B	13024768	----a-w-	C:\Program Files (x86)\LastPass\lastpass.exe
2014-01-19 19:16:42	76A8C7C28321C2FD6AC92443A137B08B	13024768	----a-w-	C:\Users\peter\Downloads\lastpass_x64.exe
2014-01-19 19:00:59	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\peter.exe
2014-01-19 19:00:21	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\peter\Downloads\RSITx64.exe
2014-01-19 15:12:56	15C61EC80C64A98C12518956D0E0C45A	3571656	----a-w-	C:\Users\peter\Downloads\ccsetup409_slim.exe
2014-01-19 15:09:27	F32D460C13482011E7BEA3B2F07A9965	379904	----a-w-	C:\Users\peter\Downloads\7ty4rnms.exe
2014-01-19 14:13:35	EE386D5ACB945089BCD91766697224BB	1037068	----a-w-	C:\Users\peter\Downloads\JRT.exe
2014-01-19 14:13:05	23DDCE98703DBD12117308D86464B9A3	4406784	----a-w-	C:\Users\peter\Downloads\RogueKillerX64.exe
2014-01-19 13:42:27	29702C25639B549AC5221E546545D56B	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer (2).exe
2014-01-19 13:08:30	3CC50BD1A83575B24647106271785B6D	10728088	----a-w-	C:\Users\peter\Downloads\XoftSpy_AV_Setup.exe
2014-01-19 13:07:34	3BF5608BD9B2592070D02EE4BDAD96D6	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer (1).exe
2014-01-19 13:03:36	8F41B14286A6667D7713E9D6B33A1EA2	707664	----a-w-	C:\Users\peter\Downloads\SZSetup_AID10121_AV.exe
2014-01-19 12:38:24	3BF5608BD9B2592070D02EE4BDAD96D6	728960	----a-w-	C:\Users\peter\Downloads\SpyHunter-Installer.exe
2014-01-17 18:45:45	3B7336F78A1B47FA58B87FF053AF8636	1850728	----a-w-	C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2014-01-17 18:40:39	1393FBD6435180ABCD55AA93C56579E4	1830768	----a-w-	C:\Users\peter\Downloads\hmpalert.exe
2014-01-17 18:38:45	95E15A2DE75AB48728AB8E1911C3EDB1	264616	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-01-17 18:37:46	3842C46F2FBC7522EF625F1833530804	145408	----a-w-	C:\Users\peter\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe
2014-01-17 18:20:09	D093FD9D7785AE45700C1DDAB5215426	1855848	----a-w-	C:\Users\peter\Downloads\hmpalert25.exe
2014-01-17 18:17:31	76874123C258B0FE7A5E7E8F71555D52	10264904	----a-w-	C:\Program Files\HitmanPro\HitmanPro.exe
2014-01-17 18:16:41	76874123C258B0FE7A5E7E8F71555D52	10264904	----a-w-	C:\Users\peter\Downloads\HitmanPro_x64.exe
2014-01-17 15:58:34	6B11E9E8B6C4DDC773875D508A685253	904872	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.76\32.0.1700.76_32.0.1700.72_chrome_updater.exe
=== C: other files ==
2014-01-19 19:47:34	2C754BE9D164653A138FA5A802099662	4711	----a-w-	C:\Users\peter\Downloads\quovolver_v1.0.zip
2014-01-19 19:18:47	C44A10895A7EB2F5A14AC99B461FFF18	3502418	----a-w-	C:\Program Files (x86)\LastPass\lpchrome.crx
2014-01-19 19:17:44	4FDE5FE0C208269A22F849990B4730FF	3983319	----a-w-	C:\Users\peter\AppData\Local\Temp\lptmp760271832\lp_languages.zip
2014-01-19 13:09:11	1490E7C7A22329BE5641D4C2E16B868E	61216	----a-w-	C:\Windows\System32\drivers\sbhips.sys
2014-01-19 13:09:08	D8E08D2D24E777894744B657EA78796A	258848	----a-w-	C:\Windows\System32\drivers\SbFw.sys
2014-01-19 13:09:08	032CBD1D453D3BD4B38DE06AC4F8B8B4	120064	----a-w-	C:\Windows\System32\drivers\SbFwIm.sys
2014-01-19 08:19:47	18EE1BD31A779B0DF3BBF37D036FF31E	3814	----a-w-	C:\Users\peter\Downloads\GW-Apeldoorn-455 (1).zip
2014-01-19 08:19:46	18EE1BD31A779B0DF3BBF37D036FF31E	3814	----a-w-	C:\Users\peter\Downloads\GW-Apeldoorn-455.zip
2014-01-17 18:45:45	89F3348D9E277EBA4FDFCEE1970692DE	50920	----a-w-	C:\Windows\System32\drivers\hmpalert.sys
2014-01-15 19:09:10	FFA06EF43987ED0DD42AD59B260C0C78	7808	----a-w-	C:\Windows\System32\drivers\usbd.sys
2014-01-15 19:09:10	F2BF71FCEAB8FB8A691408C478E2FF4C	3156480	----a-w-	C:\Windows\System32\win32k.sys
2014-01-15 19:09:10	DD253AFC3BC6CBA412342DE60C3647F3	30720	----a-w-	C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 19:09:10	DCA68B0943D6FA415F0C56C92158A83A	99840	----a-w-	C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 19:09:10	8D1196CFBB223621F2C67D45710F25BA	343040	----a-w-	C:\Windows\System32\drivers\usbhub.sys
2014-01-15 19:09:10	765A92D428A8DB88B960DA5A8D6089DC	25600	----a-w-	C:\Windows\System32\drivers\usbohci.sys
2014-01-15 19:09:10	18A85013A3E0F7E1755365D287443965	53248	----a-w-	C:\Windows\System32\drivers\usbehci.sys
2014-01-15 19:09:10	12FEB33791920678F8433701C822BCFD	325120	----a-w-	C:\Windows\System32\drivers\usbport.sys
2014-01-15 19:09:09	3555BA97171CD153118F73FDCCC8BFDE	376768	----a-w-	C:\Windows\System32\drivers\netio.sys
2014-01-15 08:51:58	8774504873F67AA78E6056579D916DD8	3502	----a-w-	C:\Users\peter\AppData\Local\TechSmith\Snagit\{9F3386BF-B4A2-4534-89A4-0034F704BD0A}.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3890923107-1474753591-597757355-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"AMD AVT"="Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"AdobeCEPServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe -launchedbylogin"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe"

==== Startup Folders ======================

2013-02-10 15:23:55	1212	----a-w-	C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-02-10 14:46:01	2743	----a-w-	C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
2013-02-10 14:41:42	2210	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
2014-01-19 19:18:47	2110	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2013-02-09 19:05:20	1150	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-12-2013 23:08]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09-02-2013 14:23]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMNMNJJMOMOJPMNJCNGMJJNMMMCNLMKMLJMMCNOJHMNJPMCNMJJMLMPMHMKMOJJJMMMMNMKJJNJICMIMCNHMCNJMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMPIKJLIKJNIJNKJCMJNNICMJNDJCMBJDJ"]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" [C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" [C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" [C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [12-01-2014 13:26]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bmiabdepfhhiieiipmeecdmeljggmfee - No path found[]

YTBookeMArk - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Administrator\AppData\Local\Torch\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Gast\AppData\Local\Torch\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Gast\AppData\Local\Torch\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Gast\AppData\Local\Torch\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Gast\AppData\Local\Torch\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
Google Docs - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Firebug Lite for Google Chrome\u2122 - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench
YTBookeMArk - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
FlashBlock - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie
Last updated at time on date - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Slick RSS - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealjoljnibpdkocmldliaoojpgdkcdob
User-Agent Switcher - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake
FlashBlock - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
PageRank Status - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn
LastPass - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
There was an error. - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpjnehmoiabkefmnjegmpdddgcdnpo
Slick RSS : Feed Finder - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpajmofiejfjgeaakelmjklenjaekppa
Google Wallet - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Buffer - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh
Gmail - peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
YTBookeMArk - peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli
YTBookeMArk - peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil
YoutubeAdblocker - peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk
ggreAtssaever - peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh
tinyFilter - peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli

==== Chrome Fix ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cdinlbbjcolgnlimnlkigeiaepcgaiil deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\cpiejajbibikehflnlfcadflmeeiemjk deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\ilgcmkkbaengfdfjpjpnibmopajimogh deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Administrator\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\Gast\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\peter\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully
C:\Users\peter\AppData\Local\COMODO\Dragon\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.nu.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.nu.nl/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=252 folders=88 2667515 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\peter\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\peter\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 20-01-2014 at 21:41:12,41 ======================