
Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by Nel on ma 19-01-2015 at 13:08:20,38.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nel\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-01-18-141416.log	99552 bytes
C:\zoek-results2015-01-18-193950.log	23112 bytes
C:\zoek-results2015-01-19-103917.log	441 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1583ccb5-a190-4313-87ba-9e97254f764f} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21839DE3-BB-4B4D-9E1D-77A518874152} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2725CCBC-29AF-48F4-81DC-A4FF49F6792E} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E00CFAA-E4D1-47BB-B4B9-F230BE194FE2} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AF9638-2809-4F3E-BAA7-7F5154D0BA14} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE88258-782D-48F7-BE26-78E030DD5A8D} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D7DEC40-765D-4BD0-BE5F-1A827B8783D3} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5143C1FA-E9CD-4B36-8222-7CCAC369B896} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5524D4E7-8BAA-47AD-B429-AB64CAA3D6E8} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5656A30C-3301-4A2F-8FCE-9FEF9362B289} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EA150A-EB3D-4BCA-8147-4D6D8C1DB37C} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ADFDDBC-BC62-4F54-91E1-E8EB98EAE46A} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{621AF51B-1E12-4CFF-ABC9-1DAF34CBBA7E} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68d37fd4-70a3-4835-8f6f-d78609c12b7b} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68E8F267-8995-4E66-80EC-88937DF19CC3} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69A0D6-35DA-41F9-96DA-E06EA3E1FFDC} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EFA384E-122A-418A-B99C-835121DAD727} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FE0359F-90C-40C0-86E2-3B94EC643E0} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75C4AC74-C06A-4EE2-B92B-A03B5D3DE1A4} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7effac9d-73fb-4600-948c-bd31a68f68f4} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8023C7C5-8051-4B03-ABA9-42802E484753} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81AB1AB4-543F-46DA-92D9-5F14ED7398A} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89C6A678-E009-46E0-B6FA-559DA064FBB9} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AAF54F7-B0C3-4AC4-90E7-F0626FAEC18F} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e018f2b-4f4d-42fa-9cef-bc092657e8d1} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F4D0B2A-3A18-479E-A813-A4CBFE65B1} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95B46FE9-9046-4579-8FF3-B7E76E1B9CCA} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A449AF89-1485-4397-AB4C-9CF73D4F9243} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A44D318-9EE0-46F3-8457-BC9496487B3} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5DAE77F-E84E-4E11-8111-F829E31EB16C} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A72E114F-4471-479E-978A-7A176CDDA944} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACDFDB98-8DB-4332-89CB-819031F4D1CC} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3355B12-6520-4C6D-9E31-843125BE619D} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3D8B234-293F-4D4D-8DA7-3C5CE0B1F59E} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C868AD5D-D8EF-4C7A-B51E-CDDE59E360} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5F2A3F8-1E6B-4D72-BFCB-53AB341356B6} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d67e8c0a-1007-43d5-8e9e-be4d02a71687} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEDEDBD2-FFFC-4D88-8025-2F7D4B20C9F} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2048FF7-E3D8-4B28-A75-437AC11E5E5} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF8BFF0-BCA0-4BB8-BF83-8A51CA15E0} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA47D7D-A115-4D25-8960-24BAEAE6BF1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1583ccb5-a190-4313-87ba-9e97254f764f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68d37fd4-70a3-4835-8f6f-d78609c12b7b} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7effac9d-73fb-4600-948c-bd31a68f68f4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8e018f2b-4f4d-42fa-9cef-bc092657e8d1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d67e8c0a-1007-43d5-8e9e-be4d02a71687} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\Nel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Users\Nel\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default

user.js not found
---- Lines finder removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"leethax@leethax.net\":{\"d\":\"C:\\\\Users\\\\Nel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\
---- Lines extensions.AuX72XZhNUSWGsea removed from prefs.js ----
user_pref("extensions.AuX72XZhNUSWGsea.epoch", "1418991727");
user_pref("extensions.AuX72XZhNUSWGsea.url", "http://fastgroupchinayour.net/sync2/?q=hfZ9oetKCGhEAen0rHnMg708BNmGWj8pjchGheDUojw9rjsFqTa4rjCHrShIC7n0r
---- FireFox user.js and prefs.js backups ---- 

prefs_19-01-2015_1324_.backup

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0

user.js not found
---- Lines mysearch removed from prefs.js ----
user_pref("browser.startup.homepage", "http://mysearch.avg.com?cid={FF7659E2-AECA-4A90-AD22-AE4E460FBB78}&mid=3d02e831c45e47d0bbc93909b44f856b-a7d92a3
user_pref("keyword.URL", "http://mysearch.avg.com/search?cid={FF7659E2-AECA-4A90-AD22-AE4E460FBB78}&mid=3d02e831c45e47d0bbc93909b44f856b-a7d92a34c0451
---- FireFox user.js and prefs.js backups ---- 

user_14-10-2013_0926_.backup
user_25-10-2013_0807_.backup
prefs_12-08-2013_0710_.backup
prefs_14-10-2013_0926_.backup
prefs_19-01-2015_1324_.backup
prefs_25-10-2013_0807_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b}] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\LyricsSay-16 not found
C:\Program Files (x86)\BatBrowse not found
C:\Program Files (x86)\BonanzaDeals not found
C:\Program Files (x86)\MyPC Backup not found
C:\PROGRA~3\13294326225291952893 deleted
C:\PROGRA~2\Photo Notifier and Animation Creator deleted
C:\PROGRA~2\ver4BlockAndSurf deleted
C:\Users\Nel\AppData\Roaming\iSafe deleted
C:\Users\Nel\AppData\Roaming\SpeedyPC Software deleted
C:\Users\Nel\AppData\Roaming\DriverCure deleted
C:\PROGRA~3\SpeedyPC Software deleted
C:\PROGRA~3\RegClean deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nel\AppData\Local\SoftonicAssistant deleted
C:\Users\Nel\AppData\Local\Mobogenie deleted
C:\Users\Nel\AppData\Local\cache deleted
C:\Users\Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software deleted
C:\Users\Nel\Downloads\P40 Xmas Bundle.zip deleted
C:\Users\Nel\AppData\LocalLow\LyricsSay-16 deleted
C:\END deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\shoF1FA.tmp deleted
C:\Users\Nel\Documents\Mobogenie deleted
C:\Users\Nel\Documents\Add-in Express deleted
C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\firefox@batbrowse.com.xpi deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3935 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2529,6 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Algemeen PnP-beeldscherm | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  450,2GB | E:  298,0GB | Q:  0,0MB
Hard Disks - Free: C:  356,7GB | E:  119,0GB | Q:  0,0MB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 06/08/12 | ACRSYS - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Type2 - Board Vendor Name1 VA70_HC
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG Internet Security 2015 disabled (Outdated)
Firewall: AVG Internet Security 2015 disabled
Default Browser: Firefox	35.0
Internet Explorer Version: 11.0.9600.17501 
Mozilla Firefox version: 35.0 (x86 nl)
Adobe Reader version: 10.1.12.15
Sun Java version: 1.8.0_25 (32-bit) 
Sun Java version: 1.8.0_25 (64-bit) 
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Nel\AppData\Local\Temp ====
2015-01-17 18:12:09	3F512AF8DB108FCA028BA731CE0B4700	224408	----a-w-	C:\Users\Nel\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe
2015-01-15 16:35:12	2A276BA2B7782476302C59D0F760F4BC	117560	------w-	C:\Users\Nel\AppData\Local\Temp\{2A735270-FAD2-4783-94C1-C2FA0050282C}\ISBEW64.exe
2015-01-15 16:34:12	E17BC8B35F06807103A812C8E18AB467	944016	----a-w-	C:\Users\Nel\AppData\Local\Temp\4215A522-74AA-43E8-BC6D-479BC5B6808E\Setup.exe
2015-01-15 16:34:12	969E4F07A2B59B1B49DE2C8CE84227A8	341904	----a-w-	C:\Users\Nel\AppData\Local\Temp\4215A522-74AA-43E8-BC6D-479BC5B6808E\Script.dll
2015-01-15 16:34:12	53E73A4F03B80747C937FF152F04BB2A	276368	----a-w-	C:\Users\Nel\AppData\Local\Temp\4215A522-74AA-43E8-BC6D-479BC5B6808E\SetupXML.dll
2015-01-15 16:16:54	E17BC8B35F06807103A812C8E18AB467	944016	----a-w-	C:\Users\Nel\AppData\Local\Temp\F2D87B5F-89C2-4ECE-B2DC-AF8D65BE4735\Setup.exe
2015-01-15 16:16:54	969E4F07A2B59B1B49DE2C8CE84227A8	341904	----a-w-	C:\Users\Nel\AppData\Local\Temp\F2D87B5F-89C2-4ECE-B2DC-AF8D65BE4735\Script.dll
2015-01-15 16:16:54	53E73A4F03B80747C937FF152F04BB2A	276368	----a-w-	C:\Users\Nel\AppData\Local\Temp\F2D87B5F-89C2-4ECE-B2DC-AF8D65BE4735\SetupXML.dll
====== Java Cache =====
2015-01-18 12:36:28	C1BBA7F1278F193AB584FFF460DB5E2A	17878	----a-w-	C:\Users\Nel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-5fbe714f
2015-01-18 12:36:04	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Users\Nel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-564462f5
2015-01-18 12:36:04	BA509314252AA335B024D1028EF8D573	99	----a-w-	C:\Users\Nel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap
2015-01-18 12:36:03	415FC9732A3F4D89A0E01251CD66E136	646	----a-w-	C:\Users\Nel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-200e53a4
2015-01-18 12:36:04	34FA8033B50A3F99D3AB8209C72C0ABA	6860	----a-w-	C:\Users\Nel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-31707ed9
====== C:\Windows\SysWOW64 =====
2015-01-18 12:34:55	A042349B7208BF8BED858B1E9B48B06D	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 08:03:11	8A289EF0AE709327D6AA9769E108B5A6	3916728	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:03:11	2AF481C03C0383ADE09FFEDA0C583140	3971512	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:03:10	9606307F5E1EABA98ACB61206EFC2127	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:24:34	FE48346938C1CDDDF4E4097DB9B99764	52224	----a-w-	C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 07:24:34	92940397DFFB4D237EA5BB22FF912BDC	156672	----a-w-	C:\Windows\SysWOW64\ncsi.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-15 08:03:13	0A70B8D78AF95894E221DDAC6482DF6D	5553592	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-01-15 08:03:11	F4846789B3795F14DCB7D92ED1DAF74F	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-01-15 08:03:10	DE595EACC79006E7B15B848BF0831E78	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-01-15 08:03:10	BA6D609BAB615991E8791CA1DFFD034C	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-01-14 07:24:34	B6A58491307B4CADA572583D863DC602	210432	----a-w-	C:\Windows\Sysnative\profsvc.dll
2015-01-14 07:24:34	8B301D474B478E9A92823BAB50A7BC49	303616	----a-w-	C:\Windows\Sysnative\nlasvc.dll
2015-01-14 07:24:33	2A9C3ADBC3B9D061CACDEFFBED67683C	87040	----a-w-	C:\Windows\Sysnative\TSWbPrxy.exe
====== C:\Windows\Sysnative\drivers =====
2015-01-15 08:03:27	AE3334958D8F631FF14A0AEB3D7EFB3A	141312	----a-w-	C:\Windows\Sysnative\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-18 12:35:14	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2015-01-18 12:34:02	--------	d-----w-	C:\PROGRA~2\Java
2015-01-15 16:46:27	--------	d-----w-	C:\PROGRA~2\COMMON~1\Protexis
======= C: =====
====== C:\Users\Nel\AppData\Roaming ======
2015-01-15 16:47:20	--------	d-----w-	C:\Users\Nel\AppData\Roaming\Ulead Systems
2015-01-15 16:47:18	--------	d-----w-	C:\Users\Nel\AppData\Local\Corel PaintShop Pro
====== C:\Users\Nel ======
2015-01-18 12:34:45	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-18 12:22:08	92F975B07E65EF3AE67D89A016FDAACC	638888	----a-w-	C:\Users\Nel\Desktop\JavaSetup8u25.com
2015-01-15 16:45:33	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X4

====== C: exe-files ==
2015-01-18 12:34:47	75D477E868CA51EC1B09D730570F322B	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-01-18 12:34:47	691D49FB44EDE9788288CABE4F7E0DAF	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-01-18 12:34:46	AA3520FB0133A56BEE1DB34D74DBEF64	0	----a-we	C:\ProgramData\Oracle\Java\javapath\java.exe
2015-01-18 12:34:35	67F763B09F4BC8689E6FA9761E068D74	159656	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2015-01-18 12:34:35	28FC00F89631B0F6E1E9CA386FADD566	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2015-01-18 12:34:34	DC197DCE6325CBAC905DE0D0E3BA3E8E	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2015-01-18 12:34:34	57E1F756FAA787623DFCD2C1B2AACC68	51112	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2015-01-18 12:34:34	33D2AF53E209DA3E2BA939EB89801DC0	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2015-01-18 12:34:34	29E65AC6AFD8A0A9CAA361FF6F7B4886	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2015-01-18 12:34:33	E3E6B18458FFB07CB24D7A0BA77C9FDF	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2015-01-18 12:34:33	7AB1F1B3FB6C3DACA34EA2F988CDF5AC	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2015-01-18 12:34:33	75EE99C7F0038C746D82C76221ECA4EF	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2015-01-18 12:34:32	B719E0F43166037DF46B5CFBE60A5118	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2015-01-18 12:34:32	A458E2535E46151690E53E2A03FAA711	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2015-01-18 12:34:32	9BFAEF308D50779F6B255CB7BA7DCA5A	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2015-01-18 12:34:32	4367C05B0CF5553E71B34F51003D0615	76200	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2015-01-18 12:34:32	4109C4DB4BD48F5BF8115C7523A6B6F8	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2015-01-18 12:34:32	26C7F32186B1F0364CD06EA69227A79D	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2015-01-18 12:34:31	BB8C890E3E6372F2720709262BD42BF4	30632	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2015-01-18 12:34:31	AA3520FB0133A56BEE1DB34D74DBEF64	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2015-01-18 12:34:31	75D477E868CA51EC1B09D730570F322B	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2015-01-18 12:34:31	74713E9C1B01B152DDD3A1A3519A3647	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2015-01-18 12:34:31	70E67429D2C011FD0419AF899A8D0D70	68520	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2015-01-18 12:34:31	691D49FB44EDE9788288CABE4F7E0DAF	272296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2015-01-17 18:12:09	3F512AF8DB108FCA028BA731CE0B4700	224408	----a-w-	C:\Users\Nel\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe
2015-01-15 16:35:12	2A276BA2B7782476302C59D0F760F4BC	117560	------w-	C:\Users\Nel\AppData\Local\Temp\{2A735270-FAD2-4783-94C1-C2FA0050282C}\ISBEW64.exe
2015-01-15 16:34:12	E17BC8B35F06807103A812C8E18AB467	944016	----a-w-	C:\Users\Nel\AppData\Local\Temp\4215A522-74AA-43E8-BC6D-479BC5B6808E\Setup.exe
2015-01-15 16:16:54	E17BC8B35F06807103A812C8E18AB467	944016	----a-w-	C:\Users\Nel\AppData\Local\Temp\F2D87B5F-89C2-4ECE-B2DC-AF8D65BE4735\Setup.exe
=== C: other files ==
2015-01-18 19:10:43	0B0ACBA32817B3544582BC60E7AB331F	60422926	----a-w-	C:\Users\Nel\Pictures\DREAMLAND\kit 12- felicidades.zip
2015-01-18 17:47:34	E4735CD61E593E27BEACE58C0BA9B5D7	650120	----a-w-	C:\Users\Nel\Downloads\verjaardagskit(1).zip
2015-01-18 17:43:39	E4735CD61E593E27BEACE58C0BA9B5D7	650120	----a-w-	C:\Users\Nel\Desktop\DREAMLAND2\verjaardagskit.zip
2015-01-18 17:41:40	E4735CD61E593E27BEACE58C0BA9B5D7	650120	----a-w-	C:\Users\Nel\Downloads\verjaardagskit.zip
2015-01-18 12:34:36	CE44A9D4918DCDC7CCCF5503BF4D7A3D	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2015-01-18 12:22:08	92F975B07E65EF3AE67D89A016FDAACC	638888	----a-w-	C:\Users\Nel\Desktop\JavaSetup8u25.com
2015-01-15 08:03:27	AE3334958D8F631FF14A0AEB3D7EFB3A	141312	----a-w-	C:\Windows\System32\drivers\mrxdav.sys
2015-01-14 19:00:30	82A2A5B28C845743FA3E07D6CEE11CBF	18695134	----a-w-	C:\Users\Nel\Desktop\vzzipje11-01-2015.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="C:\Users\Nel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="C:\Users\Nel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s                                                                                                                                                                                                                       "
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AthBtTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtherosBtStack"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVG_UI"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AVG\\AVG2013\\avgui.exe\" /TRAYONLY"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackupManagerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BkupTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BkupTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlazeServoTool"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\NTI\\NTI Digital Flix 2.5.0.4\\MediaDetector.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Home Theater v4]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dolby Home Theater v4"
"hkey"="HKLM"
"command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstantUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InstantUpdate"
"hkey"="HKLM"
"command"="C:\\Program Files\\Acer\\Acer Instant Service\\InstantUpdate\\iuDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USB3MON"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk]
"path"="C:\\Users\\Nel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Jacquie Lawson Quick Send Widget.lnk"
"backup"="C:\\Windows\\pss\\Jacquie Lawson Quick Send Widget.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\JACQUI~1\\JACQUI~1.EXE "
"item"="Jacquie Lawson Quick Send Widget"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BUNAgentSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fshoster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Live Updater Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTIBackupSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTISchedulerSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ProtexisLicensing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater15.3.0]


==== Startup Folders ======================

2013-08-25 13:46:44	1296	----a-w-	C:\Users\Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17-01-2015 22:07]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2011" [C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2012" [C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe]
"C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1740CD31-5BE6-454A-85A4-6AA557B6EAD3}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{37071B0F-6FA3-409B-9519-267D9A3A9ACF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.107.456/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
user_pref("browser.startup.homepage", "https://www.google.nl/");

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"discountfinder@moneymillionaire.com"="C:\ProgramData\Qassa+\FFExtension20141010093724" [10-10-2014 08:37]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
- Undetermined - leethax@leethax.net
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
8560995C727974F27F2A1CE68909FEB9	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6C14A864-64CE-94C7-DF1B-0C95441B65C8} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_nlNL558"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftonicAssistant deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Nel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DiscountfinderService - Unknown owner - C:\ProgramData\Qassa+\DFService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXZ0DN8O will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nel\AppData\Local\Mozilla\Firefox\Profiles\wa9eznum.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1099 folders=172 241916362 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gast\AppData\Local\temp emptied successfully
C:\Users\Nel\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXZ0DN8O" deleted

==== EOF on ma 19-01-2015 at 13:37:02,21 ======================