
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Mitchel Ramakers on do 14-05-2015 at 15:13:46,94.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mitchel Ramakers\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-05-13-210442.log	53535 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Windows\Sysnative\Tasks\{9CEABB31-29C9-429E-B0E0-71CFE5B4D689} deleted
C:\Windows\Sysnative\Tasks\{92CCC73D-A23D-464E-A3CD-57F38DE20EAE} deleted
C:\Windows\Sysnative\Tasks\{FE55247B-D866-4591-A3DD-6D60A05182E5} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller deleted
C:\PROGRA~3\ProductData deleted
C:\Users\MITCHE~1\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default\jetpack deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-05-02 11:03:37	975C9E323DC5A26A831E0D3382B84268	1436154354	----a-w-	C:\Windows\MEMORY.DMP
2015-04-19 14:39:13	332FEAB1435662FC6C672E25BEB37BE3	2871808	----a-w-	C:\Windows\explorer.exe
2015-04-19 14:35:20	127AA81343A7C6F665C22CB1293B0A90	67072	----a-w-	C:\Windows\splwow64.exe
====== C:\Users\MITCHE~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-05-14 13:14:47	858EB73F68B20A2A5C66B6C000D1C0DD	102608	----a-w-	C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 13:12:24	418AEC0CE89A13200F2820079B9CDFD9	216064	----a-w-	C:\Windows\SysWOW64\InkEd.dll
2015-05-13 21:09:31	70A1C0DC40725B94ADEBB7FB49CE61DE	8192	----a-w-	C:\Windows\SysWOW64\WDPABKP.dat
2015-05-10 21:59:44	C489D8B4D8C64F20CC75A93F541F7D91	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-05-10 21:59:33	D0F574320615303ADECDCB452EBB8930	635392	----a-w-	C:\Windows\SysWOW64\tdh.dll
2015-05-10 21:59:33	A44680B810977EA64E280523E96F2EA9	1310744	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2015-05-10 21:59:33	8D50ED3F0FBE3590AB0D43BF7B60E57A	3989440	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-10 21:59:33	0A66C88B087249742381924AB8F9EFCC	3934144	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-10 21:59:32	7A5824DC9A85FCE4334F57FF0795853E	641536	----a-w-	C:\Windows\SysWOW64\advapi32.dll
2015-05-10 21:59:31	FCB1C8345C794FE89ABA03B4CA3131BB	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2015-05-10 21:59:31	F43CB86F9536B17E5C7CFCFB48ACBE54	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2015-05-10 21:59:31	F286528898342F0F1EB402606750C391	17408	----a-w-	C:\Windows\SysWOW64\diskperf.exe
2015-05-10 21:59:31	EB058143B57ED460AC4F2DFBA104BBFF	364544	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-05-10 21:59:31	D9E25B4BD2120CC5183CCCE9421C7AFE	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2015-05-10 21:59:31	D9716B488CC27652C12B1B5E0944987E	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2015-05-10 21:59:31	D079A408CC3E22A09D1260A6F18FC0FD	146432	----a-w-	C:\Windows\SysWOW64\msaudite.dll
2015-05-10 21:59:31	C6D2D384B6232B0B800234C03C50979F	82944	----a-w-	C:\Windows\SysWOW64\logman.exe
2015-05-10 21:59:31	C34E0F9846D0FF902CED82DB5AB104BA	248832	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-05-10 21:59:31	BF9BB4113E9FCDABD4C703DDD06293F3	60416	----a-w-	C:\Windows\SysWOW64\msobjs.dll
2015-05-10 21:59:31	AFFE5747054D03F8CEE18A8518A9AA34	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-05-10 21:59:31	ABA025664F9F42C568B2C022AADCB18F	43008	----a-w-	C:\Windows\SysWOW64\srclient.dll
2015-05-10 21:59:31	99A508910BB06DFBE99D9AF7D6B4E950	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2015-05-10 21:59:31	97B30711DC6CA0EA4EACEDCE8080A3B4	37888	----a-w-	C:\Windows\SysWOW64\relog.exe
2015-05-10 21:59:31	9638DA21E965E23C85C4319F3F66D824	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
2015-05-10 21:59:31	8C45A65ED20B487085B79EEFCC08D160	92160	----a-w-	C:\Windows\SysWOW64\sechost.dll
2015-05-10 21:59:31	86B2AC15999BB4F8B5C84AB6154A1783	686080	----a-w-	C:\Windows\SysWOW64\adtschema.dll
2015-05-10 21:59:31	850F756363237A2EB069B9B25EF8BEC3	172032	----a-w-	C:\Windows\SysWOW64\wdigest.dll
2015-05-10 21:59:31	7F99900705E249E9D5C55E490B7D076E	274944	----a-w-	C:\Windows\SysWOW64\KernelBase.dll
2015-05-10 21:59:31	79AF005633B7E41B7A194A7E7B9D3D93	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2015-05-10 21:59:31	74C0EC1257698176E288DA282F318E1C	40448	----a-w-	C:\Windows\SysWOW64\typeperf.exe
2015-05-10 21:59:31	741DB93796E7D4F3F804C13537FB40F4	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
2015-05-10 21:59:31	6BB13D5E12C5C4D829C1D640DF269EA0	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2015-05-10 21:59:31	66D6A06936088E412E29A182679F0D71	259584	----a-w-	C:\Windows\SysWOW64\msv1_0.dll
2015-05-10 21:59:31	54A01CC4BC47B31C5CD082D064AB37BC	550912	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2015-05-10 21:59:31	3346701038E55BD366F3D5CE31F55483	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2015-05-10 21:59:31	1569F20BB9DB9FDC87A6D3C8A3726ABF	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2015-05-10 21:59:31	0B6E937863837BA3383E9CE9200DDF1E	221184	----a-w-	C:\Windows\SysWOW64\ncrypt.dll
2015-05-10 21:59:27	744AB3C1A73A57DEED49D631F1BDEA1D	2311168	----a-w-	C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 21:59:26	F7F135F7702E0FB3EFE89283E2BE2EBB	67584	----a-w-	C:\Windows\SysWOW64\dwmapi.dll
2015-05-10 21:59:26	B01B8C949EDEC1B8A856E3056BDA7C42	1372160	----a-w-	C:\Windows\SysWOW64\dwmcore.dll
2015-05-10 21:57:15	DCA2C6E7990771209CDD8E9DA90ED0E2	5120	----a-w-	C:\Windows\SysWOW64\shimeng.dll
2015-05-10 21:57:15	D3E8C7FADB758E5D222C639CC65790AD	295936	----a-w-	C:\Windows\SysWOW64\apphelp.dll
2015-05-10 21:57:15	715C060150D969B0DE5DD5B365A712AF	20992	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-05-14 13:14:47	189FB45D7442083AE8A2E4E612233EF7	124112	----a-w-	C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 13:12:24	6B0F962B1EE486FFE7BCABBC9C736976	24576	----a-w-	C:\Windows\Sysnative\jnwmon.dll
2015-05-14 13:12:24	2B36E0C5C262437E1B098344DEFA55F8	275456	----a-w-	C:\Windows\Sysnative\InkEd.dll
2015-05-10 21:59:44	C7E50B04623FC6FF54EAF88938A8936E	142336	----a-w-	C:\Windows\Sysnative\poqexec.exe
2015-05-10 21:59:34	EA8A3E8C674B03CB4AFA1D344DBD7BC1	1254400	----a-w-	C:\Windows\Sysnative\diagtrack.dll
2015-05-10 21:59:34	D449C36379EBEFD3CCDAEC328002BB5B	36864	----a-w-	C:\Windows\Sysnative\UtcResources.dll
2015-05-10 21:59:33	B01B21E15671ACD3F0AD131DC4CABFC7	879104	----a-w-	C:\Windows\Sysnative\advapi32.dll
2015-05-10 21:59:33	A985325F4FE72FB003749A2FBBA9952E	5569984	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-05-10 21:59:33	8453010B6512DAEAFC61CC0836FA137E	1728960	----a-w-	C:\Windows\Sysnative\ntdll.dll
2015-05-10 21:59:33	1C9F2F4A2C603739BD8CC8C64310AFD7	1162752	----a-w-	C:\Windows\Sysnative\kernel32.dll
2015-05-10 21:59:33	10D39E74B0D5011A8C199B9646579C3F	879104	----a-w-	C:\Windows\Sysnative\tdh.dll
2015-05-10 21:59:32	DA8B541825991F6699790E617FF0FF60	1461760	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-05-10 21:59:32	408A8232E84515E4AA819E0C95E65257	314880	----a-w-	C:\Windows\Sysnative\msv1_0.dll
2015-05-10 21:59:31	FE60A67032A5C94F6ACE483C8FE84105	47104	----a-w-	C:\Windows\Sysnative\typeperf.exe
2015-05-10 21:59:31	FDF1E0FD74DED0034BA6FFB665E0641E	424448	----a-w-	C:\Windows\Sysnative\KernelBase.dll
2015-05-10 21:59:31	EE27E1D639E3807229C15AF94320CF0A	404992	----a-w-	C:\Windows\Sysnative\tracerpt.exe
2015-05-10 21:59:31	E55A72876BC5E244D0A8F7F07862A939	338432	----a-w-	C:\Windows\Sysnative\conhost.exe
2015-05-10 21:59:31	E1B0C7042BA7B8903D60DF3885F2DFE7	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2015-05-10 21:59:31	DA5EF2CC0764BE7097BAFA9CAF903FE8	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2015-05-10 21:59:31	D2602AC48B38FA10956E32D18E7143B0	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2015-05-10 21:59:31	D205305FB0E352A9D4CF922D6A016BF4	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2015-05-10 21:59:31	D17DD01601460F5899E5C154B3FD0BFA	215040	----a-w-	C:\Windows\Sysnative\winsrv.dll
2015-05-10 21:59:31	CD3770C78AFFC223A3B9D38F27B7A309	309760	----a-w-	C:\Windows\Sysnative\ncrypt.dll
2015-05-10 21:59:31	CCAB9BE9C9100C5F54A5A8F355730841	728064	----a-w-	C:\Windows\Sysnative\kerberos.dll
2015-05-10 21:59:31	BB7BAF9532DBA5AB4009E981687D1EA6	19456	----a-w-	C:\Windows\Sysnative\diskperf.exe
2015-05-10 21:59:31	AF278DB00C43E925E58C8CA2C0CF4C71	686080	----a-w-	C:\Windows\Sysnative\adtschema.dll
2015-05-10 21:59:31	ADC2D7B5BFF277E5A9FACE6A21A24ABC	29184	----a-w-	C:\Windows\Sysnative\sspisrv.dll
2015-05-10 21:59:31	ACE24D86D2714FCC1639F890DF54951B	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2015-05-10 21:59:31	A3DCC3D8BB57E31EA07949313CC3A3CF	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2015-05-10 21:59:31	A0BCD6A64281492EFAE02AC144A335F1	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2015-05-10 21:59:31	9C5DBA74D0C641C2A4ABDC79969B7BEF	104448	----a-w-	C:\Windows\Sysnative\logman.exe
2015-05-10 21:59:31	9262D6E2C239EDD6D87B080F2BCCEC9F	31232	----a-w-	C:\Windows\Sysnative\lsass.exe
2015-05-10 21:59:31	90DC7B112F946B412C9CDC6F459F4053	60416	----a-w-	C:\Windows\Sysnative\msobjs.dll
2015-05-10 21:59:31	90293AAC2AB0908BFF98ADB89CEBC931	6656	----a-w-	C:\Windows\Sysnative\apisetschema.dll
2015-05-10 21:59:31	8C711AF30BE3991050D0D011D92CFBE0	50176	----a-w-	C:\Windows\Sysnative\srclient.dll
2015-05-10 21:59:31	7A448B8CED7F7348C36159D5CC8E19ED	146432	----a-w-	C:\Windows\Sysnative\msaudite.dll
2015-05-10 21:59:31	79F036EB691ABBA84E8EB1715E5F2B17	43008	----a-w-	C:\Windows\Sysnative\relog.exe
2015-05-10 21:59:31	639E3005261836E526263087F64FF888	341504	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-05-10 21:59:31	52935C072F8D5A92508AA3A3CC9133C7	296960	----a-w-	C:\Windows\Sysnative\rstrui.exe
2015-05-10 21:59:31	52146DBFE253B83FAB1980AA704C7974	113664	----a-w-	C:\Windows\Sysnative\sechost.dll
2015-05-10 21:59:31	50EBA6640805F6D5EF4A0DCEF2D180AB	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2015-05-10 21:59:31	4DD0098FFAB4664DB979537C48AE055F	64000	----a-w-	C:\Windows\Sysnative\auditpol.exe
2015-05-10 21:59:31	40C5EA47D4AEC96249B09BF0C076A60C	136192	----a-w-	C:\Windows\Sysnative\sspicli.dll
2015-05-10 21:59:31	2292CD8500725B94B7D2E3C0C84F2D19	210944	----a-w-	C:\Windows\Sysnative\wdigest.dll
2015-05-10 21:59:31	0D9BDBE780DD81757AC5AF87E8B1EBEC	28160	----a-w-	C:\Windows\Sysnative\secur32.dll
2015-05-10 21:59:31	0CD609B1143961F5C3BA691729A6A5DA	503808	----a-w-	C:\Windows\Sysnative\srcore.dll
2015-05-10 21:59:27	E5404072A5A9E0B452ADDF1D1339176C	2543104	----a-w-	C:\Windows\Sysnative\wpdshext.dll
2015-05-10 21:59:26	DDFCECAADEE51EFB82A0548BE5EBD8AC	82944	----a-w-	C:\Windows\Sysnative\dwmapi.dll
2015-05-10 21:59:26	20E761A4D203D5F403B6EC2FB95B7A6B	1632768	----a-w-	C:\Windows\Sysnative\dwmcore.dll
2015-05-10 21:57:15	F55F287810AAF708618793764AF7D1BB	23552	----a-w-	C:\Windows\Sysnative\sdbinst.exe
2015-05-10 21:57:15	83BFCCAC53795E8A5055A93672D0C46C	72192	----a-w-	C:\Windows\Sysnative\aelupsvc.dll
2015-05-10 21:57:15	7E21D3072EB20D5400919D435D549A9B	6656	----a-w-	C:\Windows\Sysnative\shimeng.dll
2015-05-10 21:57:15	31D260ADAF1CCFEFC49DB9FBCE9986DA	342016	----a-w-	C:\Windows\Sysnative\apphelp.dll
====== C:\Windows\Sysnative\drivers =====
2015-05-10 21:59:31	F7DFAE6040AC910B7C64EE208A34157D	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-05-10 21:59:31	8FE94F2EF9BF444E93E35D87E210D02F	155584	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-04-29 22:01:06	D0335A55E5C3F812548E18300C2ACB62	23200	----a-w-	C:\Windows\Sysnative\drivers\wdcsam64.sys
2015-04-21 22:08:14	8DE922CD4FEA6F83B10805DF965B9A08	230864	----a-w-	C:\Windows\Sysnative\drivers\truecrypt.sys
2015-04-21 02:37:05	8E98D21EE06192492A5671A6144D092F	33240	----a-w-	C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
2015-04-19 14:39:14	F61634BEC53F73702A10DE69F6DCAF57	754688	----a-w-	C:\Windows\Sysnative\drivers\http.sys
====== C:\Windows\Tasks ======
2015-05-13 13:37:26	--------	d-----w-	C:\Windows\Sysnative\Tasks\Western Digital
2015-05-04 23:53:16	AA18966F89B2A5AE7721FC4099142773	892	----a-w-	C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-04 23:53:16	4FB4C2B852D9F90D21DD6EA82D5637B2	3922	----a-w-	C:\Windows\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier
2015-05-04 23:49:01	0550367B1C50D4D8A8940DDF3639DABD	3856	----a-w-	C:\Windows\Sysnative\Tasks\Opera scheduled Autoupdate 1430783338
2015-04-20 17:12:55	10401F50AF86066826F460946BBA7415	3804	----a-w-	C:\Windows\Sysnative\Tasks\GyazoUpdateTaskMachine
2015-04-16 12:30:13	0B77BAFF61677E85E44F861E52C9F989	2940	----a-w-	C:\Windows\Sysnative\Tasks\Uninstaller_SkipUac_Mitchel_Ramakers
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-05-13 16:05:26	--------	d-----w-	C:\Program Files\trend micro
2015-05-13 13:31:07	--------	d-----w-	C:\Program Files\Common Files\Western Digital
2015-05-13 13:31:06	--------	d-----w-	C:\Program Files\Western Digital
2015-05-07 23:19:51	--------	d-----w-	C:\Program Files\Firestorm-Betax64
2015-05-04 13:32:07	--------	d-----w-	C:\Program Files\ChrisTrains
2015-04-24 21:31:05	--------	d-----w-	C:\Program Files\TrueCrypt
2015-04-21 22:37:35	--------	d-----w-	C:\Program Files\Axantum
2015-04-21 20:51:44	--------	d-----w-	C:\Program Files\Securely File Shredder
2015-04-21 02:36:40	--------	d-----w-	C:\Program Files\iPod
2015-04-21 02:36:39	--------	d-----w-	C:\Program Files\iTunes
2015-04-21 02:35:38	--------	d-----w-	C:\Program Files\Bonjour
2015-04-21 02:35:23	--------	d-----w-	C:\Program Files\Common Files\Apple
======= C:\PROGRA~2 =====
2015-05-13 13:34:06	--------	d-----w-	C:\PROGRA~2\State of Decay Year-One
2015-05-13 13:31:06	--------	d-----w-	C:\PROGRA~2\Western Digital
2015-05-13 13:31:06	--------	d-----w-	C:\PROGRA~2\COMMON~1\Western Digital
2015-05-12 23:10:11	--------	d-----w-	C:\PROGRA~2\AirPort
2015-05-10 23:44:51	--------	d-----w-	C:\PROGRA~2\FirestormOS-Release
2015-05-10 22:00:36	--------	d-----w-	C:\PROGRA~2\Microsoft ASP.NET
2015-05-08 21:32:11	--------	d-----w-	C:\PROGRA~2\Trillian
2015-05-04 23:48:49	--------	d-----w-	C:\PROGRA~2\Opera
2015-05-04 13:20:04	--------	d-----w-	C:\PROGRA~2\RailSimulator.com
2015-05-02 11:15:25	--------	d-----w-	C:\PROGRA~2\Adobe
2015-04-30 14:39:58	--------	d-----w-	C:\PROGRA~2\Construction Simulator 2015
2015-04-24 21:48:14	--------	d-----w-	C:\PROGRA~2\The Walking Dead Survival Instinct
2015-04-22 13:05:19	--------	d-----w-	C:\PROGRA~2\COMMON~1\Adobe AIR
2015-04-22 13:04:18	--------	d-----w-	C:\PROGRA~2\COMMON~1\Adobe
2015-04-21 20:41:18	--------	d-----w-	C:\PROGRA~2\VideoLAN
2015-04-21 02:36:40	--------	d-----w-	C:\PROGRA~2\iTunes
2015-04-21 02:35:38	--------	d-----w-	C:\PROGRA~2\Bonjour
2015-04-20 17:12:52	--------	d-----w-	C:\PROGRA~2\Gyazo
2015-04-19 14:45:30	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2015-04-18 12:58:40	--------	d-----w-	C:\PROGRA~2\7-Zip
2015-04-17 12:20:21	--------	d-----w-	C:\PROGRA~2\IrfanView
2015-04-17 02:26:56	--------	d-----w-	C:\PROGRA~2\NifTools
2015-04-16 12:00:54	--------	d-----w-	C:\PROGRA~2\Mod Organizer
======= C: =====
====== C:\Users\Mitchel Ramakers\AppData\Roaming ======
2015-05-13 18:55:38	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-05-13 18:55:38	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Temp
2015-05-13 18:55:38	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-05-13 18:55:38	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-05-13 13:33:13	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Western_Digital_Technolog
2015-05-12 01:42:50	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\ESN
2015-05-10 23:16:06	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Firestorm
2015-05-10 23:16:06	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\FirestormOS
2015-05-08 21:32:13	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Trillian
2015-05-07 23:04:15	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Firestorm_x64
2015-05-07 23:04:15	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\FirestormOS_x64
2015-05-04 23:49:06	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Opera Software
2015-05-04 23:49:06	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Opera Software
2015-05-04 13:43:29	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\SKIDROW
2015-05-04 13:33:45	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChrisTrains
2015-04-30 22:42:43	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Steam
2015-04-24 21:32:17	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\TrueCrypt
2015-04-21 20:57:22	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\vlc
2015-04-21 02:37:14	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Apple Computer
2015-04-21 02:35:52	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Apple Computer
2015-04-20 22:37:28	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\ElevatedDiagnostics
2015-04-20 17:13:14	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Gyazo
2015-04-17 12:20:24	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-04-17 12:20:21	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\IrfanView
2015-04-16 13:24:38	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Black_Tree_Gaming
2015-04-16 13:03:43	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Nexus
2015-04-16 12:46:24	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\LOOT
2015-04-16 12:29:18	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mod Organizer
2015-04-16 12:11:28	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Locallow\EmieUserList
2015-04-16 12:11:28	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Locallow\EmieSiteList
2015-04-16 12:11:28	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Locallow\EmieBrowserModeList
2015-04-15 22:00:20	--------	d-----w-	C:\Users\Mitchel Ramakers\AppData\Local\Fallout3
2015-04-15 15:50:46	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Local\EmieUserList
2015-04-15 15:50:46	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Local\EmieSiteList
2015-04-15 15:50:46	--------	d-sh--w-	C:\Users\Mitchel Ramakers\AppData\Local\EmieBrowserModeList
====== C:\Users\Mitchel Ramakers ======
2015-05-13 16:05:05	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Mitchel Ramakers\Downloads\RSITx64.exe
2015-05-13 13:34:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay Year-One
2015-05-13 13:32:23	--------	d-----w-	C:\Users\Public\Documents\Downloads
2015-05-13 13:31:41	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-05-13 13:31:06	--------	d-----w-	C:\ProgramData\Western Digital
2015-05-13 13:29:16	12C07F3255481185B701D1689DD78321	41599376	----a-w-	C:\Users\Mitchel Ramakers\Desktop\WD SmartWare Installer.exe
2015-05-12 23:09:07	1B7A3379B0E4097419B55465DD35AA57	10815592	----a-w-	C:\Users\Mitchel Ramakers\Downloads\AirPortSetup.exe
2015-05-10 23:45:50	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FirestormOS-Release
2015-05-10 23:11:26	F3B5416538337F624660131569D28060	47230302	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Phoenix-FirestormOS-Release-4-6-8-42696_Setup.exe
2015-05-10 21:57:17	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-08 14:56:30	--------	d-----w-	C:\Users\Mitchel Ramakers\firestorm backup
2015-05-07 23:37:11	--------	d-----w-	C:\Users\Mitchel Ramakers\sound cache firestorm
2015-05-07 23:19:53	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-05-07 22:58:10	E369CE84DD644B631BD36A200119339E	72046336	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-05-04 23:48:24	6A0EED8B1E7BD71E51B0B86E5EB1B0D8	684208	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Opera_NI_stable.exe
2015-05-04 13:32:21	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisTrains
2015-05-04 13:27:49	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RailSimulator.com
2015-05-04 12:59:26	EA81F9F2C748A52F7F53E3AB9ACF34C0	34176225	----a-r-	C:\Users\Mitchel Ramakers\Downloads\ChrisTrains NS SLT.exe
2015-04-30 14:40:16	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construction Simulator 2015
2015-04-25 19:26:53	--------	d-----w-	C:\ProgramData\REVOLT
2015-04-24 23:43:31	--------	d-----w-	C:\ProgramData\Steam
2015-04-24 21:31:26	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-04-22 13:06:50	--------	d-----w-	C:\ProgramData\regid.1986-12.com.adobe
2015-04-22 13:01:04	--------	d-----w-	C:\ProgramData\Adobe
2015-04-21 22:37:35	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
2015-04-21 20:51:44	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
2015-04-21 20:41:30	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-21 02:37:10	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-20 18:29:15	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS FIFA World
2015-04-20 18:26:27	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theme Hospital
2015-04-20 18:26:10	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syndicate
2015-04-20 18:25:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity�
2015-04-20 18:24:06	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 3
2015-04-20 18:22:39	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space 2
2015-04-20 18:20:51	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2015-04-20 18:12:19	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
2015-04-20 18:08:16	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\De Sims 4
2015-04-20 17:53:50	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2 Ultimate Collection
2015-04-20 17:12:53	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-04-19 14:45:31	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-18 12:58:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-17 02:26:59	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NifTools
2015-04-16 13:27:29	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager

====== C: exe-files ==
2015-05-14 13:12:24	D5E35700566B225CBF8ECD7F92C460C8	2164224	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2015-05-14 13:12:24	0DBC9BB05703CA0D8792E2075D62B3C3	51200	----a-w-	C:\Program Files\Windows Journal\PDIALOG.exe
2015-05-13 21:06:43	CBEE56BA774ACACB74B9CCB40450220F	837824	----a-w-	C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
2015-05-13 21:06:03	C6EA9BB5E313BAB6FC1BA93A6A26CCC4	101728	----a-w-	C:\Program Files (x86)\Origin\UpdateTool.exe
2015-05-13 16:05:26	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Mitchel Ramakers.exe
2015-05-13 16:05:05	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Mitchel Ramakers\Downloads\RSITx64.exe
2015-05-13 13:34:28	CFC19A6C3D1380B678E9386F7339B4E8	1582449	----a-w-	C:\Program Files (x86)\State of Decay Year-One\unins000.exe
2015-05-13 13:34:08	D00025CE4558F9DD53A1E54774AF0B04	22872576	----a-w-	C:\Program Files (x86)\State of Decay Year-One\StateOfDecay.exe
2015-05-13 13:34:08	BF3F290275C21BDD3951955C9C3CF32C	517976	----a-w-	C:\Program Files (x86)\State of Decay Year-One\_CommonRedist\DirectX\Jun2010\DXSETUP.exe
2015-05-13 13:34:08	7F52A19ECAF7DB3C163DD164BE3E592E	6554576	----a-w-	C:\Program Files (x86)\State of Decay Year-One\_CommonRedist\vcredist\2012\vcredist_x86.exe
2015-05-13 13:34:08	3C03562B5AF9ED347614053D459D7778	7186992	----a-w-	C:\Program Files (x86)\State of Decay Year-One\_CommonRedist\vcredist\2012\vcredist_x64.exe
2015-05-13 13:29:16	12C07F3255481185B701D1689DD78321	41599376	----a-w-	C:\Users\Mitchel Ramakers\Desktop\WD SmartWare Installer.exe
2015-05-12 23:09:07	1B7A3379B0E4097419B55465DD35AA57	10815592	----a-w-	C:\Users\Mitchel Ramakers\Downloads\AirPortSetup.exe
2015-05-12 22:47:04	0409E9951C802195107286AB4D373606	1254200	----a-w-	C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayWebCore.exe
2015-05-12 11:26:50	E37EB755E4337385E644B7E07B277058	451616	----a-w-	C:\Users\Mitchel Ramakers\AppData\Local\NVIDIA\NvBackend\Packages\00007694\CoProc update.19567778.exe
2015-05-10 23:45:51	8B65C34B6C224E72330F28D5B2001CC6	551307	----a-w-	C:\Program Files (x86)\FirestormOS-Release\uninst.exe
2015-05-10 23:11:26	F3B5416538337F624660131569D28060	47230302	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Phoenix-FirestormOS-Release-4-6-8-42696_Setup.exe
2015-05-10 21:59:44	C7E50B04623FC6FF54EAF88938A8936E	142336	----a-w-	C:\Windows\System32\poqexec.exe
2015-05-10 21:59:44	C489D8B4D8C64F20CC75A93F541F7D91	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-05-10 21:59:33	A985325F4FE72FB003749A2FBBA9952E	5569984	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-05-10 21:59:33	8D50ED3F0FBE3590AB0D43BF7B60E57A	3989440	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-10 21:59:33	0A66C88B087249742381924AB8F9EFCC	3934144	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-10 21:59:31	FE60A67032A5C94F6ACE483C8FE84105	47104	----a-w-	C:\Windows\System32\typeperf.exe
2015-05-10 21:59:31	F43CB86F9536B17E5C7CFCFB48ACBE54	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2015-05-10 21:59:31	F286528898342F0F1EB402606750C391	17408	----a-w-	C:\Windows\SysWOW64\diskperf.exe
2015-05-10 21:59:31	EE27E1D639E3807229C15AF94320CF0A	404992	----a-w-	C:\Windows\System32\tracerpt.exe
2015-05-10 21:59:31	EB058143B57ED460AC4F2DFBA104BBFF	364544	----a-w-	C:\Windows\SysWOW64\tracerpt.exe
2015-05-10 21:59:31	E55A72876BC5E244D0A8F7F07862A939	338432	----a-w-	C:\Windows\System32\conhost.exe
2015-05-10 21:59:31	DA5EF2CC0764BE7097BAFA9CAF903FE8	112640	----a-w-	C:\Windows\System32\smss.exe
2015-05-10 21:59:31	D9E25B4BD2120CC5183CCCE9421C7AFE	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2015-05-10 21:59:31	D9716B488CC27652C12B1B5E0944987E	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2015-05-10 21:59:31	C6D2D384B6232B0B800234C03C50979F	82944	----a-w-	C:\Windows\SysWOW64\logman.exe
2015-05-10 21:59:31	BB7BAF9532DBA5AB4009E981687D1EA6	19456	----a-w-	C:\Windows\System32\diskperf.exe
2015-05-10 21:59:31	AFFE5747054D03F8CEE18A8518A9AA34	50176	----a-w-	C:\Windows\SysWOW64\auditpol.exe
2015-05-10 21:59:31	9C5DBA74D0C641C2A4ABDC79969B7BEF	104448	----a-w-	C:\Windows\System32\logman.exe
2015-05-10 21:59:31	97B30711DC6CA0EA4EACEDCE8080A3B4	37888	----a-w-	C:\Windows\SysWOW64\relog.exe
2015-05-10 21:59:31	9262D6E2C239EDD6D87B080F2BCCEC9F	31232	----a-w-	C:\Windows\System32\lsass.exe
2015-05-10 21:59:31	79F036EB691ABBA84E8EB1715E5F2B17	43008	----a-w-	C:\Windows\System32\relog.exe
2015-05-10 21:59:31	74C0EC1257698176E288DA282F318E1C	40448	----a-w-	C:\Windows\SysWOW64\typeperf.exe
2015-05-10 21:59:31	52935C072F8D5A92508AA3A3CC9133C7	296960	----a-w-	C:\Windows\System32\rstrui.exe
2015-05-10 21:59:31	4DD0098FFAB4664DB979537C48AE055F	64000	----a-w-	C:\Windows\System32\auditpol.exe
2015-05-10 21:57:15	F55F287810AAF708618793764AF7D1BB	23552	----a-w-	C:\Windows\System32\sdbinst.exe
2015-05-10 21:57:15	715C060150D969B0DE5DD5B365A712AF	20992	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
2015-05-10 21:56:54	2A28197A515ACC23F744FCB57E481250	77104	----a-w-	C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 4.1.1.53\SetupAdmin.exe
2015-05-09 11:22:40	C73E5881FC9262E41D0C93AE99B1827F	5632080	----a-w-	C:\Users\Mitchel Ramakers\AppData\Local\NVIDIA\NvBackend\Packages\0000768a\DAO.19558264.exe
2015-05-08 21:31:02	17FBF33D7F573BB22D9B04F828697059	830976	----a-r-	C:\Users\Mitchel Ramakers\Downloads\Trillian Pro 5.5 Build 17 Final + Crack [ATOM]\Crack\trillian.exe
2015-05-08 21:31:01	DE1661C2D852D8E6E45D0B6C5D38261A	16219664	----a-r-	C:\Users\Mitchel Ramakers\Downloads\Trillian Pro 5.5 Build 17 Final + Crack [ATOM]\trillian-v5.5.0.17.exe
2015-05-08 12:32:44	2E3B2179DE4BC44BEED756AE4B3B8542	675256	----a-w-	C:\Users\Mitchel Ramakers\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-05-08 12:32:40	9CD064E9B289149158E9C07510DB752B	172984	----a-w-	C:\Users\Mitchel Ramakers\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-05-07 22:58:10	E369CE84DD644B631BD36A200119339E	72046336	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
=== C: other files ==
2015-05-13 13:24:36	68B97608168AF77A5EC141CC13F92171	41331910	----a-w-	C:\Users\Mitchel Ramakers\Downloads\WD_SmartWare_Installer_2.4.10.17.zip
2015-05-13 10:45:06	ED2E4EF7BA5EE47C37B2C3D66188586B	243869	----a-w-	C:\Users\Mitchel Ramakers\Downloads\60521-100-percent-save-game-gta-v-pc.zip
2015-05-13 10:42:07	F4B17A438CDF562C65223971651E1216	627391	----a-w-	C:\Users\Mitchel Ramakers\Downloads\LUA.zip
2015-05-12 22:56:51	9D3D2104C0B0BA35B44E455BEA1EA6C3	152675	----a-w-	C:\Users\Mitchel Ramakers\Downloads\scripthookvdotnet-0.6.zip
2015-05-12 22:54:52	F76CD2C610EDBBF38457ADE042753D0C	8096502	----a-w-	C:\Users\Mitchel Ramakers\Downloads\4e6025-Police Mod 1.0b.zip
2015-05-12 22:14:25	06130A25809B719E323BA7037EE5A879	219041	----a-w-	C:\Users\Mitchel Ramakers\Downloads\179129-jedijosh920 Mod Menu.zip
2015-05-12 22:12:02	EB052EF032FBF2A59B2B0516FBD6B034	69182	----a-w-	C:\Users\Mitchel Ramakers\Downloads\c5ad4b-HeistVehInSP 2.0.zip
2015-05-12 22:11:05	875037982FA57E0353DCF2D2D40C91DC	392577	----a-w-	C:\Users\Mitchel Ramakers\Downloads\dc7e55-Army v1.3.zip
2015-05-12 22:10:27	9AD428977CD1049584AF709B9DAFA4CE	85415	----a-w-	C:\Users\Mitchel Ramakers\Downloads\277947-J10RailroadEngineer.1.0.1.zip
2015-05-12 22:07:54	7997E0EE794D36F1EA610D8C8B24B23C	439324	----a-w-	C:\Users\Mitchel Ramakers\Downloads\ScriptHookVDotNet.zip
2015-05-12 22:03:36	B6CA157509D31E4F4A1257BDC300C481	308696	----a-w-	C:\Users\Mitchel Ramakers\Downloads\ScriptHookV_1.0.350.2a.zip
2015-05-12 22:02:53	1F067A3A6AEBF405DFDFDF653A0FF7C6	9332	----a-w-	C:\Users\Mitchel Ramakers\Downloads\119666-AmbulanceMissions.zip
2015-05-12 22:02:42	3E41D1459248053469D7C11F4E52CC7B	17292	----a-w-	C:\Users\Mitchel Ramakers\Downloads\f1a923-TruckingMissions.zip
2015-05-12 21:41:21	CA7BC49F085B1494AA4BAD1BE206A902	644339	----a-w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default\extensions\firefox@zenmate.com.xpi
2015-05-12 21:38:53	4D98731292FF6AA98A9A56E744FB698B	57773	----a-w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi
2015-05-10 23:35:56	84BA37657AF2E332775DA8AAD216FA8F	566300	----a-w-	C:\Users\Mitchel Ramakers\Downloads\Hazmat suit.zip
2015-05-10 23:22:35	46A7D7E71B8D901DB4AC9A0ADDBA1B73	81705449	----a-w-	C:\Users\Mitchel Ramakers\Downloads\CODMapShipment.zip
2015-05-10 21:59:31	F7DFAE6040AC910B7C64EE208A34157D	95680	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2015-05-10 21:59:31	8FE94F2EF9BF444E93E35D87E210D02F	155584	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2015-05-09 00:27:22	61312D1AE223085D922D7FD5A966EC36	622	----a-w-	C:\Games\Nexus Mod Manager\Fallout3\Mods\cache\Companion Share And Recruit-12106-1-5-FINAL.zip.zip
2015-05-09 00:27:22	509AA0A389633E954B2817837A0366E2	118388	----a-w-	C:\Games\Nexus Mod Manager\Fallout3\Mods\Companion Share And Recruit-12106-1-5-FINAL.zip
2015-05-09 00:17:08	509AA0A389633E954B2817837A0366E2	118388	----a-w-	C:\Users\Mitchel Ramakers\Desktop\fallout\Companion Share And Recruit-12106-1-5-FINAL.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3208378834-3008477242-3554250155-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"Securely"="C:\Program Files\Securely File Shredder\FileShredder.exe /autostart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"AirPort Base Station Agent"="C:\Program Files (x86)\AirPort\APAgent.exe"
"WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Gyazo"="C:\Program Files (x86)\Gyazo\GyStation.exe"
"Securely"="C:\Program Files\Securely File Shredder\FileShredder.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Onboard"="C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"

==== Startup Folders ======================

2015-05-08 21:32:13	1055	----a-w-	C:\Users\Mitchel Ramakers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe [05-05-2015 01:53]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05-05-2015 01:53]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Mitchel Ramakers)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GyazoUpdateTaskMachine" ["C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"]
"C:\Windows\SysNative\tasks\Open URL by RoboForm" [C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMMJNJNJOJNJPMGMMJCNOJMJOMHMCNLMJJGMLJCNHMOJKJIMCNNMGMGMKMMMNMOMJJNMKJNJLJJNJICMIMCNGMCNOMMMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMKMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMCLGJLIMJHJKJDJPNNKOJCJOJEJKJNIMIJNKJCMJNNICMJNDJCMBJDJJNMJCMPMFMGMHMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"]
"C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1430783338" [C:\Program Files (x86)\Opera\launcher.exe]
"C:\Windows\SysNative\tasks\Run RoboForm TaskBar Icon" [C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Mitchel_Ramakers" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\MITCHE~1\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default
user_pref("network.proxy.autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A51980'%3B%20%7D%20%2F*ZenMate*%2F");
user_pref("network.proxy.backup.ftp", "server2.privateconnection.net");
user_pref("network.proxy.backup.ftp_port", 3128);
user_pref("network.proxy.backup.socks", "server2.privateconnection.net");
user_pref("network.proxy.backup.socks_port", 3128);
user_pref("network.proxy.backup.ssl", "server2.privateconnection.net");
user_pref("network.proxy.backup.ssl_port", 3128);
user_pref("network.proxy.ftp", "server2.privateconnection.net");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "server2.privateconnection.net");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "server2.privateconnection.net");
user_pref("network.proxy.socks_port", 3128);
user_pref("network.proxy.ssl", "server2.privateconnection.net");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 2);

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [13-04-2015 19:50]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [13-04-2015 19:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MITCHE~1\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org
- ZenMate Security amp; Privacy VPN - %ProfilePath%\extensions\firefox@zenmate.com.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Undetermined - %ProfilePath%\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Mitchel Ramakers\AppData\Roaming\Mozilla\Firefox\Profiles\if7la7gp.default
9AE02005247DA91AB1743F5208DBEF76	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -	Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12-04-2015 04:49]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14-07-2014 18:22]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ULFE79G will be deleted at reboot
C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMW202C will be deleted at reboot
C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3L155Q7 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Mitchel Ramakers\AppData\Local\Mozilla\Firefox\Profiles\if7la7gp.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Mitchel Ramakers\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=98 folders=48 134350832 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mitchel Ramakers\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MITCHE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ULFE79G" not found
"C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OMW202C" not found
"C:\Users\Mitchel Ramakers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3L155Q7" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on do 14-05-2015 at 18:38:18,78 ======================