
Zoek.exe v5.0.0.0 Updated 23-February-2015
Tool run by Nel on di 24-02-2015 at 10:23:05,76.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nel\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

24-2-2015 10:26:04 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Users\Nel\AppData\Local\Popcorn-Time deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASTSRV deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ASTSRV deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DiscountfinderService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiscountfinderService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DiscountfinderService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DiscountfinderService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.4.0 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.4.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"https://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"ht
---- Lines mysearch removed from prefs.js ----
user_pref("avg.wtu.ext.extParams", "{\"action\":\"extParams\",\"data\":{\"searchParams\":{\"pid\":\"wtu\",\"cid\":\"{0b813923-2926-4fe9-990b-f22ddc5bd
---- FireFox user.js and prefs.js backups ---- 

prefs_24-02-2015_1053_.backup

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_24-02-2015_1053_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Microsoft deleted
C:\PROGRA~2\Temp deleted
C:\PROGRA~2\Uninstall Information deleted
C:\PROGRA~2\BuiyNasavea deleted
C:\PROGRA~2\BuyNsavvE deleted
C:\OneDriveTemp deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\Users\Nel\AppData\Local\node-webkit deleted
C:\Users\Nel\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default\searchplugins\avg-secure-search.xml deleted
"C:\PROGRA~2\AVG Web TuneUp\avgcefrend.exe" deleted
"C:\PROGRA~2\AVG Web TuneUp\icudt.dll" deleted
"C:\PROGRA~2\AVG Web TuneUp\libcef.dll" deleted
"C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Web TuneUp\vprot.exe" deleted
"C:\PROGRA~2\AVG Web TuneUp\WtuSystemSupport.exe" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\Cookies" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_0" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_1" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_2" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\data_3" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache\index" deleted
"C:\PROGRA~2\AVG Web TuneUp\locales\en-US.pak" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp" deleted
"C:\PROGRA~2\AVG Web TuneUp" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE" deleted
"C:\Users\Nel\AppData\Local\AVG Web TuneUp\IE\cef_cache" deleted
"C:\PROGRA~2\AVG Web TuneUp\locales" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.4.0" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.4.0" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Nel\AppData\Local\Temp ====
2015-02-23 09:27:15	3F512AF8DB108FCA028BA731CE0B4700	224408	----a-w-	C:\Users\Nel\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-12 08:27:34	4FD3763F3917201856B0CBCE310003EA	4300800	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-02-12 08:27:34	01BD2653F2185218837CF4A175617F8A	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 07:40:43	B63A6FF4339C9B701A93D3973C7FB6D2	550912	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2015-02-11 07:40:43	7C893DBA0A58855A99DA68B751FD223B	248832	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:40:42	7D94A9161E8432B8521E60E064B1D737	259584	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 07:40:42	3BB446DE24501FEA5FDB9A9DB23A22AE	221184	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 07:40:41	F3F6BE20A03215209B61CA85B4A83E1F	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 07:40:41	A12D64A94EC57079C2D96A741CB4FF53	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2015-02-11 07:40:40	C256EFD3655EC782F8094E96094E8F9E	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2015-02-11 07:39:30	E1A4D24281526DDFEA418F729CDA9DC6	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2015-02-11 07:39:30	D87759889FE7BCAE4461439139E62BAA	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:39:30	B0F7BD3492C2D60A70F15AEADCE1E2A6	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:39:30	3B9EF1B8E154D202D32A7765E2F33554	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:39:29	94B1F7CE1AAA5542923E0AD63C4D0050	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:39:29	8FBC9680719ACDA9351B67D906C682F4	688640	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:39:29	8E8137569741D3693F88DDF94CC38C20	1307136	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:39:29	74EA6C792F57E453261DA210C1BCEB53	342712	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:39:29	6FA05244FD2E40A3DC08337146B3C425	285696	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:39:29	61C74D794C14E9FC94D93F5F0F72A3F9	19740160	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:39:28	FD6AF61AF029B9BC2CF4EFF57CDD5821	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:39:28	5FB7E9786F70F4072663746072C9E6CE	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2015-02-11 07:39:28	47B26D89EF9973E2DD586D0C827F61A9	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:39:27	EF05E63ACC834470A07A2E73D519B5FA	418304	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:39:27	AD3F5926EC2C1F21FB45D1CDED6E2A47	2052608	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:39:27	9A91F9B5035F54C2D0BA92CF9B16EE34	2277888	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:39:27	994E7459260D315573DD72783D1B78A7	478208	----a-w-	C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:39:27	55A84600EAAF8F1D3F0E6206E2EF6D48	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:39:27	28B2D3CB1B4306D476200D80AF7D87AD	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:39:26	78A1A938D51D4F83A772123B93EE1612	12829184	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:39:25	9DEE691C8FDBC2DE6957F1AE873C78FC	503296	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:39:25	180168942E4A133C55E7BBF17DA3C142	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:39:24	F285D499EC42969D963CA49EADA63218	1888256	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:39:24	6F10743069DFFC56DEE079204960844E	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2015-02-11 07:38:40	793F6658ED65839FDB2957A4884CB63C	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:38:15	F2A743912D404A8866362836CFE7A648	686080	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2015-02-11 07:38:14	F312300F29620F74E3AF3AF018151935	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2015-02-11 07:38:14	F29BC66CE4A5507A49FB20744A056E61	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2015-02-11 07:38:14	4E6934926B4C923CC0FF61C6D77814EF	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-02-11 07:38:13	43791D2F736C4E9BE9FE0B33A1E92A5D	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2015-02-11 07:38:13	36F152AE2F64B12771A44EA77124332B	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2015-02-11 07:37:09	E365C7B3EBB96451D3C9DF6B6B6900C2	179200	----a-w-	C:\Windows\SysWOW64\wintrust.dll
2015-02-11 07:37:09	623E143F2DF17C0106A9988F5D7DC878	143872	----a-w-	C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 07:37:09	0C96A745A76C7DD75C5503E86D968E49	1174528	----a-w-	C:\Windows\SysWOW64\crypt32.dll
2015-02-11 07:36:32	A208DAC2932649CFF82A6A684D8BB1F6	571904	----a-w-	C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:34:35	B3BC38B886CA53C92D52EF724A9F0D45	308224	----a-w-	C:\Windows\SysWOW64\scesrv.dll
2015-02-11 07:33:51	62C93E47A424A8EC79F3CF1719A2DCC6	3972544	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:33:50	6D227897A458DA8A9518DACDC88F1947	3917760	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:33:48	97B7E7E3356F7F7FE5B948AB3ED707DD	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-12 08:27:34	D363FBB2D0223956FF61ADBDBF5499B1	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2015-02-12 08:27:34	16ACAA0C01F31B39F39446188F6A3593	6041600	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-02-11 07:41:14	B5746809407BDEB18D9D4769CD9FF24E	414720	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-02-11 07:41:14	64EAD6C9D342E7E0CFCA3559FCBFDDAC	894976	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-02-11 07:41:14	5C09611AB8D508CC252BB2D5A069D1AC	1098752	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-02-11 07:41:14	5632EB9633EACCC323CEA2C03A0B4133	762368	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-02-11 07:41:14	47709F1B718859ED8AB5EA3EA3974BEB	609280	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-02-11 07:41:13	EF4FA1D31D146EA0C04D16E75FCA6BCF	192000	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-02-11 07:41:13	7F2F9AACF457CE48CDDBD643FC53487C	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-02-11 07:41:13	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\Sysnative\aitstatic.exe
2015-02-11 07:40:44	DDACB408E607655EC64269706BFD504C	341504	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-02-11 07:40:43	C1F9E139B8AE80803CE44DC0377CA342	728064	----a-w-	C:\Windows\Sysnative\kerberos.dll
2015-02-11 07:40:42	A46A6C5AD462071B718EBF3C9E117849	309760	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2015-02-11 07:40:42	8F33880F1863BE3925D3A0121FAC5E8F	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2015-02-11 07:40:42	6A06BCED1DF1CFE8A32E7D10ABAA7188	314880	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2015-02-11 07:40:42	5350A548BEC957978B7014CDFF091542	210944	----a-w-	C:\Windows\Sysnative\wdigest.dll
2015-02-11 07:40:41	22E30E28865C32C3CF4F4E0E7E277FDC	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2015-02-11 07:39:30	71EBA93C5322A52A7E177E03E1AE7161	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2015-02-11 07:39:30	68A2B96528F58D995882FBEB4D9658A5	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2015-02-11 07:39:30	01A314677CC80041A63ED109B56A76B0	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2015-02-11 07:39:29	F42B1DAAB5B7621341243878180446CD	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2015-02-11 07:39:29	92BD5080B81EDFA32B0CEE8B923D62C3	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-02-11 07:39:29	8076BB31004C1D763D5D4AEF9F0BDD4B	718848	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-02-11 07:39:28	1D824B5A200C284E1A546C2C50704471	389808	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2015-02-11 07:39:27	DF39C79DFC1C063493D2DB9B3237B29F	316928	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2015-02-11 07:39:27	CB2528D522FF1F5A7BF9B27D2FB250FF	1548288	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-02-11 07:39:27	97F037E09A706ACDA681D740DEE16AE4	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-02-11 07:39:27	76DB5845E168173BBA2D3CCC4B363E42	801280	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-02-11 07:39:27	2E4F8664B54426C2F5523665B279E984	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2015-02-11 07:39:26	7A388AFC6885D22F4D988EE9B8D1291A	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-02-11 07:39:26	512DD29CE6CDCB22EA615286DA7022E7	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2015-02-11 07:39:25	A7A3775B0014B165D75A00A1F632E4B5	2885632	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-02-11 07:39:25	15842FB41A3BF2A2F5071518B38C957A	2125824	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-02-11 07:39:24	D7922F3AC6BF1EA77240E0061D648174	490496	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2015-02-11 07:39:24	CA3F410410DE9E5234217D33B9628224	633856	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-02-11 07:39:24	A7814E76ED4ACE0694A83F6E4B6A7272	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2015-02-11 07:39:24	6916B0663357B183B120D1A4DD7DDAB0	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2015-02-11 07:39:23	E0F76B5B904E4F448641B2B506496351	14401024	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-02-11 07:39:23	A04F0C4A0B80C92F92E854E7157D6466	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-02-11 07:39:23	4CE68D160D80AF6C9FDB5C60BA087DA5	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2015-02-11 07:39:22	BF57C911895454A8874E9DFA5716C624	584192	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-02-11 07:39:22	9DFE41A69DF70AAB75CB5BA8C1109EA2	2358272	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-02-11 07:39:22	47162151E35EA0B7152B7C841FA21FDB	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2015-02-11 07:39:21	CD726C899BD9A398E8420564A957320B	25056256	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-02-11 07:39:21	4701399F7BA312353ADE8225F6EB512B	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2015-02-11 07:38:40	4861B9AF67E1B0154A55FDE4B3A61EB9	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2015-02-11 07:38:15	C97662B6752BFEF07C565D96E8ECC98F	1461760	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-02-11 07:38:15	857CED230A6B87E84FCA04B472A3CB1A	136192	----a-w-	C:\Windows\Sysnative\sspicli.dll
2015-02-11 07:38:15	6EAD88B508E4785F4AFDFD24F76E8839	686080	----a-w-	C:\Windows\Sysnative\adtschema.dll
2015-02-11 07:38:14	E0105F3B5B1C4B0F5B3D788A13504EC6	31232	----a-w-	C:\Windows\Sysnative\lsass.exe
2015-02-11 07:38:14	94C6BCF9212E20866AC1558A32E9F228	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2015-02-11 07:38:14	51BB93FF96AE3882B4AF7CA11000D3A3	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2015-02-11 07:38:14	2EE57F4491A402C04FCAA7D012493884	29184	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2015-02-11 07:38:13	BE4927689BA39E18A104986CB1363C97	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2015-02-11 07:38:13	1798826FE9FFEA9E93E74A5868559D4A	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2015-02-11 07:37:10	E5AF792AB409F600D416CB257C84305D	1480192	----a-w-	C:\Windows\Sysnative\crypt32.dll
2015-02-11 07:37:09	7FC292D1527EDFEBA2576B6789DE6AB5	229376	----a-w-	C:\Windows\Sysnative\wintrust.dll
2015-02-11 07:37:09	19D511CC455C19DE1ADF60E6C39C85B6	187904	----a-w-	C:\Windows\Sysnative\cryptsvc.dll
2015-02-11 07:36:32	AE4FEDD98096C09A8A86E021FC5E9D67	861696	----a-w-	C:\Windows\Sysnative\oleaut32.dll
2015-02-11 07:34:35	FE72C89986E1BA32AD926A820491F23F	406528	----a-w-	C:\Windows\Sysnative\scesrv.dll
2015-02-11 07:33:52	9819614CA9EFB5A96493B379170B9D89	5554112	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-02-11 07:33:49	F7A3018D8F1825427BC11E912D5287CD	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-02-11 07:33:49	0147AA370862201A443752351F135D31	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-02-11 07:33:48	D6CDCAF84810641D1D2B455750825ACA	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-02-11 07:32:16	DF07110F77639E73D0537188703F44F6	3201536	----a-w-	C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2015-02-11 07:38:15	E45CDE1C8340DFEDF1D6724263F39E5B	458824	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2015-02-11 07:38:15	C60C6B9A2E50B0404F6789C62B428C03	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-02-11 07:38:15	78D152A9FD5747FF6AA89C79F0346F62	155072	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-02-23 13:51:28	--------	d-----w-	C:\PROGRA~2\AVG Web TuneUp
======= C: =====
====== C:\Users\Nel\AppData\Roaming ======
2015-02-14 18:55:17	--------	d-sh--w-	C:\Users\Nel\AppData\Locallow\EmieBrowserModeList
====== C:\Users\Nel ======
2015-02-23 15:37:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Nel\Desktop\RSITx64.exe
2015-02-07 16:54:34	F8932BE6334220FAD89E7B2809A1E21C	78755	----a-w-	C:\Users\Nel\1475981_552180761551436_7061623334296705360_n.jpg

====== C: exe-files ==
2015-02-24 08:03:30	1161BB47FAD83215B74B9AFFEE9DEABA	161472	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\MSOSREC.EXE
2015-02-24 08:03:08	E11DD3F9C8109852B9D7D3AFE7D38DBE	39584	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe
2015-02-24 08:03:07	A72CEB121A9DFFFBE64758C6A8966E85	1130192	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
2015-02-24 08:03:07	04D5CDDFC37410CF388AD731E655E277	550576	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe
2015-02-24 08:03:07	011C9364C06CD88AF22CB21FC9C34EBF	207520	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msoxmled.exe
2015-02-24 08:02:52	97A9054B52205BD3928EC655D50F0C4B	82664	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
2015-02-24 08:02:52	23D2F874CC7C82CA7141DB46D118AD0D	5736144	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe
2015-02-24 08:02:47	20AC510BBA1E34DCECBF021CD4AD1434	474336	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe
2015-02-24 08:02:46	7250DFAB9713EBA0E21A277FDAC8A4CC	842448	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe
2015-02-24 08:02:45	12F7672F0C7DEC5ACDE9871A6B3F2817	217768	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\msoxmled.exe
2015-02-24 08:02:43	715D597FC1C623BA0595021BA9B5487F	7838928	----a-w-	C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe
2015-02-24 08:02:36	FEC5FFC0B51C78D9376A74CD2855D479	1923232	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\winword.exe
2015-02-24 08:02:35	17A720BA70DB29EAD31D671C7A886D72	528576	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe
2015-02-24 08:02:31	09F43BE9496D73B4E495F9D746AF5962	480976	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe
2015-02-24 08:02:29	37A499D0DB01F791D0D1314181CD883E	873640	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2015-02-24 08:02:28	A7650F3411A8A514F026973E0BA94121	18968224	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
2015-02-24 08:02:26	8F0E681FE259466A8F413D41B00A738A	9597096	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\pdfreflow.exe
2015-02-24 08:02:16	7F6C945DDDD925AAF868993F0008D05B	569592	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe
2015-02-24 08:02:15	4540F6B53B487DABE95EB33A35A4F5FE	1761960	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\onenote.exe
2015-02-24 08:02:12	5FAF8F6701998DAE59E983502CE6AA7F	87232	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\namecontrolserver.exe
2015-02-24 08:02:10	E15BFD4DC7F7C7428DD45071C312594A	10757288	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\mspub.exe
2015-02-24 08:02:09	3F4B6FA15745147D819A99B9E95875F8	498872	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msouc.exe
2015-02-24 08:02:08	3315198A32EDC709016D34B137AFD34F	449216	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
2015-02-24 08:02:06	A5602EACBA58F7BEA692B3C64F4AB7C9	15519400	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe
2015-02-24 08:02:01	F8262D68C22249B4C7509233FA4DBE3E	990368	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\firstrun.exe
2015-02-24 08:02:01	E522FD755C90D737F0F2A54548C51BE0	4522680	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\graph.exe
2015-02-24 08:02:01	845EC5B53C6CD35C60FC84AD6009BDD0	517360	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe
2015-02-24 08:02:00	FB823E67BF4C6A31C80E9999453AE66B	25713304	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excel.exe
2015-02-24 08:01:59	C437817EE0936E7F3C10D4966E95B7DA	21936792	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2015-02-24 08:01:54	E7A2F7B6BE87002994BF5686922D0905	229048	----a-w-	C:\Program Files\Microsoft Office 15\root\office15\clview.exe
2015-02-24 08:01:19	454A4443DD702EBA58593930FC048899	627912	----a-w-	C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe
2015-02-23 12:50:24	DA676F1DD9265DCF6035E218E09EAC22	7140600	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
2015-02-23 09:27:15	3F512AF8DB108FCA028BA731CE0B4700	224408	----a-w-	C:\Users\Nel\AppData\Local\Temp\{AC76BA86-7AD7-1043-7B44-AB0000000001}\FixTransforms.exe
2015-02-19 16:16:34	F0C39523A8CE378D1D1E1094C3FD2F89	281256	----a-w-	C:\Users\Nel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
2015-02-19 16:16:13	2DB1A1A9973E9F6927300EF74160E650	7210160	----a-w-	C:\Users\Nel\AppData\Local\Microsoft\SkyDrive\Update\OneDriveSetup.exe
2015-02-19 16:16:13	2DB1A1A9973E9F6927300EF74160E650	7210160	----a-w-	C:\Users\Nel\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\OneDriveSetup.exe
2015-02-19 16:16:07	C75AA0828C5D9BC7D597731448A8585C	112808	----a-w-	C:\Users\Nel\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\FileSyncConfig.exe
=== C: other files ==
2015-02-23 11:14:10	ACE8C7FF38B0E97BD47211A55FD54072	6912615	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\RDInspiredByVictoriaFox.zip
2015-02-22 15:21:28	7BCE1F547FCCF6D39411609ADC040BF7	8719272	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\116461_std.zip
2015-02-22 11:59:05	79A2E3CDA03AF65329FD4B29CD7F5286	909420	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\a touch of colour.zip
2015-02-22 11:58:43	ABEA938C1E3E4DF6E7279E68F1D8484E	883511	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\aquarelle.zip
2015-02-20 09:26:22	F161D8BBC42068E14ADDB5B9603049A7	1330371	----a-w-	C:\Users\Nel\Downloads\coffeetime.zip
2015-02-19 16:16:05	6DA967AC75C23FBFB920A54A40607812	5843	----a-w-	C:\Users\Nel\AppData\Local\Microsoft\OneDrive\17.3.4713.0209\CollectOneDriveLogs.bat
2015-02-17 16:38:16	857DE3B9BD09AE0EAE710287198314E1	7756141	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\SimoneAni251-255.zip
2015-02-17 16:36:18	D529ADECE4321FB05344F966B0CE24E6	23163688	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\SimoneAni211-225.zip
2015-02-17 16:34:51	55933EA956E12CCFBE6E511CCBAB807F	23385570	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\SimoneAni186-199.zip
2015-02-17 16:34:20	5B4C81770F482F2EDE9BFD285D3712F4	11652439	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\SimoneAni-200-205.zip
2015-02-17 10:28:24	A2E5C0D0F91228E1510A356408783925	5729241	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\CD_SeaShoreSampler.zip
2015-02-17 10:27:10	13B171862B56AE197E10BBF4B47637BB	15918683	----a-w-	C:\Users\Nel\Desktop\DREAMLAND8\CD_SeaShore.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Nel\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Nel\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s                                                                                                                                                                                                                       "
"RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AthBtTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtherosBtStack"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackupManagerTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BkupTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BkupTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\NTI Backup Now 5\\BkupTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlazeServoTool"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\NTI\\NTI Digital Flix 2.5.0.4\\MediaDetector.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Home Theater v4]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dolby Home Theater v4"
"hkey"="HKLM"
"command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstantUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InstantUpdate"
"hkey"="HKLM"
"command"="C:\\Program Files\\Acer\\Acer Instant Service\\InstantUpdate\\iuDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="USB3MON"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk]
"path"="C:\\Users\\Nel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Jacquie Lawson Quick Send Widget.lnk"
"backup"="C:\\Windows\\pss\\Jacquie Lawson Quick Send Widget.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\JACQUI~1\\JACQUI~1.EXE "
"item"="Jacquie Lawson Quick Send Widget"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BUNAgentSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fshoster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Live Updater Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTIBackupSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTISchedulerSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ProtexisLicensing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TuneUp.UtilitiesSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater15.3.0]


==== Startup Folders ======================

2013-08-25 13:46:44	1296	----a-w-	C:\Users\Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10-02-2015 08:33]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2011" [C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2012" [C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe]
"C:\Windows\SysNative\tasks\UALU notificatin" ["C:\Program Files\Acer\Acer Updater\UALU.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1740CD31-5BE6-454A-85A4-6AA557B6EAD3}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{37071B0F-6FA3-409B-9519-267D9A3A9ACF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.73.107.456/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
user_pref("browser.startup.homepage", "https://www.google.nl/");
user_pref("browser.search.defaultenginename", "AVG Secure Search");
user_pref("browser.search.selectedEngine", "AVG Secure Search");

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
- Undetermined - leethax@leethax.net
- Undetermined - avg@toolbar
- AVG Web TuneUp - %ProfilePath%\extensions\avg@toolbar
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default
C62322C77D1AAB77B1CF1130FCC3673A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -	Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Deleted Firefox Extensions ======================

C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\wa9eznum.default\extensions\avg@toolbar deleted

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.nl/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6C14A864-64CE-94C7-DF1B-0C95441B65C8} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_nlNL558"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACF8CKTT will be deleted at reboot
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGNCU5U4 will be deleted at reboot
C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7LHOBJM will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nel\AppData\Local\Mozilla\Firefox\Profiles\wa9eznum.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=267 folders=84 97426052 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gast\AppData\Local\temp emptied successfully
C:\Users\Nel\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG Web TuneUp"  not found
"C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACF8CKTT" not found
"C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGNCU5U4" not found
"C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7LHOBJM" not found

==== EOF on di 24-02-2015 at 11:24:12,65 ======================