
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Annie on wo 10-08-2016 at 10:06:18,88.
Microsoft Windows 10 Home 10.0.10586  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Annie\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

10-8-2016 10:17:08 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Nitro PDF deleted successfully
C:\PROGRA~2\Comms deleted successfully
C:\PROGRA~2\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Annie\AppData\Local\ActiveSync deleted successfully
C:\Users\Annie\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Annie\AppData\Local\EmieSiteList deleted successfully
C:\Users\Annie\AppData\Local\EmieUserList deleted successfully
C:\Users\Annie\AppData\Local\NetworkTiles deleted successfully
C:\Users\Babette\AppData\Local\{0937BD57-854D-4ADC-B140-68189C0C3924} deleted successfully
C:\Users\Babette\AppData\Local\{0C0CEA04-4015-401D-8462-C859A7AC7894} deleted successfully
C:\Users\Babette\AppData\Local\{0E4DA39A-5BA5-452C-9EF4-3ABD98EE07D7} deleted successfully
C:\Users\Babette\AppData\Local\{172475B9-F618-4008-BE1B-5B789A16EB74} deleted successfully
C:\Users\Babette\AppData\Local\{22A7165C-6C9B-4F1D-94A8-0C2DED4F457D} deleted successfully
C:\Users\Babette\AppData\Local\{2324E0A6-B154-47DE-BA4F-BD47122D4A58} deleted successfully
C:\Users\Babette\AppData\Local\{26B5233C-FF10-48F1-866D-C5BC80CF37A8} deleted successfully
C:\Users\Babette\AppData\Local\{2BDDC8E5-1141-475F-B010-987B75B497BF} deleted successfully
C:\Users\Babette\AppData\Local\{2DADA2DF-3FB6-410F-87F0-F9165AC40893} deleted successfully
C:\Users\Babette\AppData\Local\{30C1DC70-F4E8-40D9-B19C-9881E96ACB17} deleted successfully
C:\Users\Babette\AppData\Local\{3631123E-FD56-4F3E-8088-BCAF4E384569} deleted successfully
C:\Users\Babette\AppData\Local\{3710CA10-7798-4186-85D0-6EC5C25EF4D7} deleted successfully
C:\Users\Babette\AppData\Local\{38B4EAF1-43BD-4977-9114-C806EB9EA8A8} deleted successfully
C:\Users\Babette\AppData\Local\{3A3CF002-961A-46F2-9885-AE45957DDA98} deleted successfully
C:\Users\Babette\AppData\Local\{3C3600B2-0487-4303-B09E-F9E87F284F3E} deleted successfully
C:\Users\Babette\AppData\Local\{3F20166D-BC51-4B82-A4FD-4799C27B140B} deleted successfully
C:\Users\Babette\AppData\Local\{3FE06777-95D8-4EFE-93A6-778CBC0A0328} deleted successfully
C:\Users\Babette\AppData\Local\{421D5539-1829-4CC1-BDD5-DE49683E805B} deleted successfully
C:\Users\Babette\AppData\Local\{4A4A0882-DDCC-407A-B1FD-81A325112411} deleted successfully
C:\Users\Babette\AppData\Local\{54157650-0132-4781-85D5-F3320F8BB18E} deleted successfully
C:\Users\Babette\AppData\Local\{5B15C936-1CDE-4431-923E-087F7305F821} deleted successfully
C:\Users\Babette\AppData\Local\{5CD88C72-9841-4862-9983-FF708EDEDA02} deleted successfully
C:\Users\Babette\AppData\Local\{69D882D5-712D-4508-BB7D-A15E86AB1A1C} deleted successfully
C:\Users\Babette\AppData\Local\{8799FCBD-B9FC-4318-B1EE-B9ACA08A6B6A} deleted successfully
C:\Users\Babette\AppData\Local\{9F8C2AAF-641B-4422-B845-8BED7C7EF3FC} deleted successfully
C:\Users\Babette\AppData\Local\{D68D5DD8-76EF-496D-B2C3-289F9B2D2387} deleted successfully
C:\Users\Babette\AppData\Local\{DBC96644-15E5-492B-864F-ED99A641FAF5} deleted successfully
C:\Users\Babette\AppData\Local\{E11D1941-9BAF-483F-8A0E-61E68F916CD0} deleted successfully
C:\Users\Babette\AppData\Local\{E6DF84F3-7E1D-4371-90EF-56D025D184E4} deleted successfully
C:\Users\Babette\AppData\Local\{F8CD5856-1A4E-4FA5-B3AA-3D83A254606D} deleted successfully
C:\Users\Dirk 3\AppData\Local\ActiveSync deleted successfully
C:\Users\Dirk 3\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Dirk 3\AppData\Local\EmieSiteList deleted successfully
C:\Users\Dirk 3\AppData\Local\EmieUserList deleted successfully
C:\Users\Dirk 3\AppData\Local\NetworkTiles deleted successfully
C:\Users\Dirk 3\AppData\Local\{0BD72B47-81F9-4933-8D0C-F5AB3F780745} deleted successfully
C:\Users\Dirk 3\AppData\Local\{133A0CC0-BFEF-4194-B385-82BF5E161D0F} deleted successfully
C:\Users\Dirk 3\AppData\Local\{36DCA059-9AB8-4EDB-93A3-073B7CB6E007} deleted successfully
C:\Users\Dirk 3\AppData\Local\{39FBBE34-BC5A-46F0-9668-E60242817086} deleted successfully
C:\Users\Dirk 3\AppData\Local\{3E9FF83E-BFE5-40AD-96B1-55FCA1DC31AC} deleted successfully
C:\Users\Dirk 3\AppData\Local\{4049B6F3-0B1D-481C-BE9F-8D9A26FF4D79} deleted successfully
C:\Users\Dirk 3\AppData\Local\{41901599-5E77-4A25-9B4A-32E4561ECAB1} deleted successfully
C:\Users\Dirk 3\AppData\Local\{45A68DA7-215A-4886-8E98-67CE747BA93A} deleted successfully
C:\Users\Dirk 3\AppData\Local\{6A211440-C2D2-4D40-BF14-83B55F265A7D} deleted successfully
C:\Users\Dirk 3\AppData\Local\{8B1C84E6-B47D-4DAE-8449-501C1F59D4E9} deleted successfully
C:\Users\Dirk 3\AppData\Local\{98AF7855-760A-4739-A7C1-AF24CE2A1F7D} deleted successfully
C:\Users\Dirk 3\AppData\Local\{A422C438-5E73-4002-A2F3-75972FAE7050} deleted successfully
C:\Users\Dirk 3\AppData\Local\{A5C5E69B-D767-4F9B-9BCE-72B366DEB0FC} deleted successfully
C:\Users\Dirk 3\AppData\Local\{A83DFE9F-2AF8-4621-8E2B-2BEE96C3B17D} deleted successfully
C:\Users\Dirk 3\AppData\Local\{A88FE674-9061-463B-87DF-421639F36279} deleted successfully
C:\Users\Dirk 3\AppData\Local\{B445E84C-154C-43A2-93CD-739058B9492F} deleted successfully
C:\Users\Dirk 3\AppData\Local\{BBC1A980-EEC5-4F9E-8C46-8708F70A029E} deleted successfully
C:\Users\Dirk 3\AppData\Local\{C1784ABC-77DC-4399-AFE0-8F62787D14AB} deleted successfully
C:\Users\Dirk 3\AppData\Local\{CDDDACBE-7B91-4E7B-A70B-7A94C4415F5F} deleted successfully
C:\Users\Dirk 3\AppData\Local\{D24005CF-3B56-4B14-B313-DFC3F6371889} deleted successfully
C:\Users\Dirk 3\AppData\Local\{D4501650-BC30-4BA4-99C3-B4092AED9CBC} deleted successfully
C:\Users\Dirk 3\AppData\Local\{DF5DC519-EC52-4C0E-8CAB-E1C4445176A6} deleted successfully
C:\Users\Dirk 3\AppData\Local\{E02282AA-AFCA-4FAC-9E33-3FA38C2C8709} deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3560001748-2778358939-1781693722-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3560001748-2778358939-1781693722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Deleting Files \ Folders ======================

C:\Program Files\Nitro PDF not found
C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\Program Files\AVG Security Toolbar deleted
C:\Program Files\Common Files\AVG Secure Search deleted
C:\PROGRA~2\Avg_Update_0814tb deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\AVG Secure Search deleted
C:\Users\Annie\AppData\Local\AVG Secure Search deleted
C:\Users\Babette\AppData\Local\AVG Secure Search deleted
C:\Users\Dirk 3\AppData\Local\AVG Secure Search deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\Annie\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Annie\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Babette\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Babette\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Dirk 3\AppData\LocalLow\AVG Secure Search deleted
C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\WINDOWS\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2016-08-09 16:04:27	0C1AF67FA744891C8388228909B37E42	53208	----a-w-	C:\WINDOWS\avastSS.scr
2016-08-02 09:27:12	F026DE937FD4A940FEFC55930BD947D1	545	----a-w-	C:\WINDOWS\hpwmdl28.dat.temp.backup
2016-08-02 09:27:08	FBD72FD460F2A05698C6E0865A8B5EAE	230090	----a-w-	C:\WINDOWS\hpwins28.dat.temp
2016-08-02 09:27:08	F026DE937FD4A940FEFC55930BD947D1	545	----a-w-	C:\WINDOWS\hpwmdl28.dat.temp
2016-08-02 09:04:28	F026DE937FD4A940FEFC55930BD947D1	545	----a-w-	C:\WINDOWS\hpwmdl28.dat.backup
2016-08-02 09:03:55	F026DE937FD4A940FEFC55930BD947D1	545	----a-w-	C:\WINDOWS\hpwmdl28.dat
2016-08-02 09:03:55	489613ED9373D587C37CE0DDEDC1C1BD	230288	----a-w-	C:\WINDOWS\hpwins28.dat
2016-07-25 11:24:16	B6113983ED77D6FE99BDEE461E7BE004	4074160	----a-w-	C:\WINDOWS\explorer.exe
2016-07-25 11:24:07	57FC18732C2B6A90B8DF6337A9029D26	898048	----a-w-	C:\WINDOWS\HelpPane.exe
====== C:\Users\Annie\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2016-08-09 16:04:46	72D7E3FDC6C6FF1B2A51A3A183A5767F	319760	----a-w-	C:\WINDOWS\System32\aswBoot.exe
2016-08-02 16:00:46	53AAA4BA842B1F34D2A8AEB80CD57565	2268672	----a-w-	C:\WINDOWS\System32\NlsData000c.dll
2016-08-02 16:00:46	21C4D1DE06A579D954E427892DA1A9BF	6238720	----a-w-	C:\WINDOWS\System32\NlsLexicons000c.dll
====== C:\WINDOWS\system32\drivers =====
2016-08-04 07:08:57	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-25 13:06:12	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\System32\drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-07-25 11:24:45	7071E59EECE4D0C5604C17BAF98B228D	23552	----a-w-	C:\WINDOWS\System32\drivers\dumpsdport.sys
2016-07-25 11:24:41	B3FE1C6A06E8216D83D144EBB3BEBCDB	340480	----a-w-	C:\WINDOWS\System32\drivers\srv.sys
2016-07-25 11:24:39	516EEA8ED37DC8C59358CA3B6DDF8AB8	550240	----a-w-	C:\WINDOWS\System32\drivers\fvevol.sys
2016-07-25 11:24:32	F23C630B5B76F7A51F25364C470830C5	1861984	----a-w-	C:\WINDOWS\System32\drivers\tcpip.sys
2016-07-25 11:24:18	C195E7756F795F10338ECE0AD20B72D2	1820512	----a-w-	C:\WINDOWS\System32\drivers\ntfs.sys
2016-07-25 11:24:18	7288BF26286E3C56440E76258AA2595A	96096	----a-w-	C:\WINDOWS\System32\drivers\partmgr.sys
2016-07-25 11:24:18	37256414284A0A85A3DDD3FB2A39874B	922456	----a-w-	C:\WINDOWS\System32\drivers\ndis.sys
2016-07-25 11:24:17	D5DB005C7F6497C018674389F138C1E9	604672	----a-w-	C:\WINDOWS\System32\drivers\srv2.sys
2016-07-25 11:24:17	BE1E27EBF119A4487BF6B510C8A4D258	114176	----a-w-	C:\WINDOWS\System32\drivers\dfsc.sys
2016-07-25 11:24:17	AB6553DCB0C072907EB3953A5E0590AD	186880	----a-w-	C:\WINDOWS\System32\drivers\srvnet.sys
2016-07-25 11:24:16	A8CC656C4BF3EFB2F01F728AB35834CD	424448	----a-w-	C:\WINDOWS\System32\drivers\nwifi.sys
2016-07-25 11:24:16	1DEB289EBBD469CB84C00DE95606B7B6	497152	----a-w-	C:\WINDOWS\System32\drivers\WdiWiFi.sys
2016-07-25 11:24:07	6A598301C23E2EB0D76559243FE15B2E	771424	----a-w-	C:\WINDOWS\System32\drivers\http.sys
2016-07-25 11:24:07	17AB1FA87669F4B800578A54C03A96D6	211456	----a-w-	C:\WINDOWS\System32\drivers\netbt.sys
2016-07-25 11:24:06	D1DC9881C02C437CC174E59C8B9FFABC	76288	----a-w-	C:\WINDOWS\System32\drivers\filecrypt.sys
2016-07-25 11:24:06	D0BCF377413EDDDDC744A815D82C7510	104960	----a-w-	C:\WINDOWS\System32\drivers\Ndu.sys
2016-07-25 11:24:06	62EA3346B54204B2C2F61E1241A1FAE5	77664	----a-w-	C:\WINDOWS\System32\drivers\sdport.sys
2016-07-25 11:23:59	F4B2E265344195CF15DABA85BB0713F0	139616	----a-w-	C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-07-25 11:23:59	EB0C5B63B76C358E7D2DFC524AC8EEB8	173920	----a-w-	C:\WINDOWS\System32\drivers\tpm.sys
2016-07-25 11:23:59	B44E2C9B9C06B1DA0BAB833CBE191428	48640	----a-w-	C:\WINDOWS\System32\drivers\usbser.sys
2016-07-25 11:23:59	B00C56D908E5FD0F0013F839F6A2CAC0	278368	----a-w-	C:\WINDOWS\System32\drivers\fastfat.sys
2016-07-25 11:23:59	A95DCF5D24562CF80CF407F76AC48D31	77824	----a-w-	C:\WINDOWS\System32\drivers\serial.sys
2016-07-25 11:23:59	A65BBA24AB7BD8133B8E0DE1072462BA	260448	----a-w-	C:\WINDOWS\System32\drivers\pci.sys
2016-07-25 11:23:59	A277AF18E4AB00E3E29F23D8EA2B1C63	18944	----a-w-	C:\WINDOWS\System32\drivers\xinputhid.sys
2016-07-25 11:23:59	8BF35C6A6E2675AF6054711D19366DA1	1712480	----a-w-	C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-07-25 11:23:59	76E954267C5F2308BBECA6B3A3E604DC	430432	----a-w-	C:\WINDOWS\System32\drivers\USBHUB3.SYS
2016-07-25 11:23:59	76BD7CFECEB5C6217AA75D935EDB9BCB	104800	----a-w-	C:\WINDOWS\System32\drivers\ufxsynopsys.sys
2016-07-25 11:23:59	6DBE436CB55E48AA9F6345FCC60064FF	505136	----a-w-	C:\WINDOWS\System32\drivers\cng.sys
2016-07-25 11:23:59	6D88D7636D560BDCF818E52A592AFC26	114688	----a-w-	C:\WINDOWS\System32\drivers\hidclass.sys
2016-07-25 11:23:59	6D83C0E6F3686336A18E3EA04946AED4	336224	----a-w-	C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-07-25 11:23:59	5CE18CC3E2C277CB7EA72FD13FF0D3DD	153952	----a-w-	C:\WINDOWS\System32\drivers\dumpsd.sys
2016-07-25 11:23:59	5B7AEDE05625BCBCC07B14DCF8A51362	83808	----a-w-	C:\WINDOWS\System32\drivers\pdc.sys
2016-07-25 11:23:59	5895F92727C78EEB4DCC3B64C040A56C	287072	----a-w-	C:\WINDOWS\System32\drivers\USBXHCI.SYS
2016-07-25 11:23:59	4B05B2A387DFD152F538C1546E4FB75F	203104	----a-w-	C:\WINDOWS\System32\drivers\ufx01000.sys
2016-07-25 11:23:59	3D2E5FDB0C41E062994FAA8AEEFB3060	484192	----a-w-	C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-07-25 11:23:59	28972E6FEBC61ACFD4A83400D9A6058D	46080	----a-w-	C:\WINDOWS\System32\drivers\UcmCx.sys
2016-07-25 11:23:59	2677CB0AF2FD572F0CB64D972C13DC1A	228704	----a-w-	C:\WINDOWS\System32\drivers\sdbus.sys
2016-07-25 11:23:59	1458CDE021FA518E6CB3AC93437253AD	241664	----a-w-	C:\WINDOWS\System32\drivers\portcls.sys
2016-07-25 10:36:29	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01011.Wdf
2016-07-25 10:35:20	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\WINDOWS\System32\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
====== C:\WINDOWS\Tasks ======
2016-08-03 13:55:09	650F601D83313CE9803F847A2BCA8D99	3230	----a-w-	C:\WINDOWS\system32\Tasks\HPCeeScheduleForAnnie
2016-08-03 13:55:09	3B27F6F0D0FE9FCD842A7F8E84675A1C	338	----a-w-	C:\WINDOWS\Tasks\HPCeeScheduleForAnnie.job
2016-08-02 08:01:21	--------	d-----w-	C:\WINDOWS\system32\Tasks\Hewlett-Packard
2016-07-25 11:18:37	B437C61E85472191AB6A348F64DB9AB7	4068	----a-w-	C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{724F3D81-4897-477C-B9B3-20E0798D6F89}
2016-07-25 11:18:37	707DCC454ADB70C0116C216D0637F801	3382	----a-w-	C:\WINDOWS\system32\Tasks\SidebarExecute
2016-07-25 11:18:37	0ADB7F1C546858326FD50DC08F3C1668	4006	----a-w-	C:\WINDOWS\system32\Tasks\SafeZone scheduled Autoupdate 1458815662
2016-07-25 11:18:37	--------	d-----w-	C:\WINDOWS\system32\Tasks\WPD
2016-07-25 11:18:34	F66F707AE956C3FEC3FDF14754C6F954	4004	----a-w-	C:\WINDOWS\system32\Tasks\avast! Emergency Update
2016-07-25 11:18:34	EF3CDDECAA4B4EE9B12371E63D456F6A	3646	----a-w-	C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask
2016-07-25 11:18:34	C21904AF4F2FBE98EEEB6B9ED083306B	3896	----a-w-	C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2016-07-25 11:18:34	BDE1D8A8332325D042CEF4E1AD195F2B	4014	----a-w-	C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA
2016-07-25 11:18:34	BB7426D9BCD864C1C3B879F6E9154EF9	4178	----a-w-	C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003UA
2016-07-25 11:18:34	92A418BDCA12BABB29EB00AD6146F373	3988	----a-w-	C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2016-07-25 11:18:34	834BEFC2243A26D271C388915EABAA7D	3708	----a-w-	C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core
2016-07-25 11:18:34	53B1D8B0360671F12375DFE376437D17	4104	----a-w-	C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA
2016-07-25 11:18:34	4ABBB5147DDC9589843705BD87A0E933	4128	----a-w-	C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2016-07-25 11:18:34	3FB31AA0EF4870FA372D7D53CF30D45E	4574	----a-w-	C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2016-07-25 11:18:34	3F8463E48C9D7445EE9E88D6CF941301	3646	----a-w-	C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core
2016-07-25 11:18:34	2C441E2E22CA390F9F777A81BB4BD84B	3810	----a-w-	C:\WINDOWS\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003Core
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-08-09 11:53:47	--------	d-----w-	C:\Program Files\trend micro
2016-08-02 13:35:01	--------	d-----w-	C:\Program Files\Common Files\HP
2016-08-02 07:58:26	--------	d-----w-	C:\Program Files\Hewlett-Packard
2016-07-25 11:10:00	--------	d-----w-	C:\Program Files\Reference Assemblies
2016-07-25 11:10:00	--------	d-----w-	C:\Program Files\MSBuild
2016-07-25 10:50:50	--------	d-----w-	C:\Program Files\Common Files\SpeechEngines
2016-07-25 10:36:04	--------	d-----w-	C:\Program Files\Realtek
2016-07-25 10:35:19	--------	d-----w-	C:\Program Files\Synaptics
======= C: =====
====== C:\Users\Annie\AppData\Roaming ======
2016-08-06 08:52:28	--------	d-----w-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-03 13:55:09	--------	d-----w-	C:\Users\Annie\AppData\Local\HP_Development_Company,_L
2016-08-02 16:25:54	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\MicrosoftEdge
2016-08-02 08:33:38	--------	d-----w-	C:\Users\Annie\AppData\Local\Hewlett-Packard
2016-08-01 13:06:43	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Temp
2016-08-01 13:06:43	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-08-01 13:06:43	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Microsoft
2016-08-01 13:06:43	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local
2016-08-01 13:06:42	--------	d-s---r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Roaming
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-07-28 18:26:19	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\Comms
2016-07-28 18:24:56	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\Publishers
2016-07-28 18:22:51	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\Packages
2016-07-28 18:22:36	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\TileDataLayer
2016-07-25 13:17:07	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\AppData\Local\DataSharing
2016-07-25 11:43:36	--------	d-----w-	C:\Users\Annie\AppData\Local\MicrosoftEdge
2016-07-25 11:42:13	--------	d-----w-	C:\Users\Annie\AppData\Local\Comms
2016-07-25 11:35:34	--------	d-----w-	C:\Users\Annie\AppData\Local\Publishers
2016-07-25 11:34:48	--------	d-----w-	C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles
2016-07-25 11:34:04	--------	d-----w-	C:\Users\Annie\AppData\Local\Packages
2016-07-25 11:33:57	--------	d-----w-	C:\Users\Annie\AppData\Local\TileDataLayer
2016-07-25 11:18:32	--------	d-----w-	C:\WINDOWS\system32\config\systemprofile\AppData\Local\Packages
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default User\AppData\Local\Microsoft Help
2016-07-25 10:39:58	--------	d-s---r-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-07-25 10:39:58	--------	d-----w-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-07-25 10:39:58	--------	d-----w-	C:\Users\Annie\AppData\Roaming
2016-07-25 10:39:58	--------	d-----w-	C:\Users\Annie\AppData\Local\Temp
2016-07-25 10:39:58	--------	d-----w-	C:\Users\Annie\AppData\Local\Microsoft
2016-07-25 10:39:58	--------	d-----w-	C:\Users\Annie\AppData\Local
2016-07-25 10:39:58	--------	d-----r-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-07-25 10:39:58	--------	d-----r-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-07-25 10:39:58	--------	d-----r-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-07-25 10:39:58	--------	d-----r-	C:\Users\Annie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-07-25 10:39:57	--------	d-s---r-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Roaming
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Local\Temp
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Local\Microsoft
2016-07-25 10:39:57	--------	d-----w-	C:\Users\Babette\AppData\Local
2016-07-25 10:39:57	--------	d-----r-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-07-25 10:39:57	--------	d-----r-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-07-25 10:39:57	--------	d-----r-	C:\Users\Babette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-07-25 10:39:55	--------	d-s---r-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-07-25 10:39:55	--------	d-----w-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-07-25 10:39:55	--------	d-----w-	C:\Users\Dirk 3\AppData\Roaming
2016-07-25 10:39:55	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\Temp
2016-07-25 10:39:55	--------	d-----w-	C:\Users\Dirk 3\AppData\Local\Microsoft
2016-07-25 10:39:55	--------	d-----w-	C:\Users\Dirk 3\AppData\Local
2016-07-25 10:39:55	--------	d-----r-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-07-25 10:39:55	--------	d-----r-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-07-25 10:39:55	--------	d-----r-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-07-25 10:39:55	--------	d-----r-	C:\Users\Dirk 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
====== C:\Users\Annie ======
2016-08-09 11:52:08	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\Annie\Downloads\RSIT.exe
2016-08-03 13:15:36	--------	d-----r-	C:\Users\Annie\3D Objects
2016-08-03 07:16:54	7521309B083D15A20624BA71BA3CFD91	236604048	----a-w-	C:\Users\Annie\Desktop\Software en driver met volledige functionaliteit voor HP Officejet - OJ_AIO_4500_G510n-z_Full_Win_WW_140_408-5.exe
2016-08-02 13:36:11	--------	d---a-w-	C:\ProgramData\HP Product Assistant
2016-08-02 13:34:42	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-08-02 08:01:37	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-08-02 08:00:19	--------	d-----w-	C:\ProgramData\Hewlett-Packard
2016-08-01 13:06:47	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\DefaultAppPool\ntuser.ini
2016-08-01 13:06:42	--------	d--h--w-	C:\Users\DefaultAppPool\AppData
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\Saved Games
2016-08-01 13:06:42	--------	d-----w-	C:\Users\DefaultAppPool\Cookies
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Videos
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Pictures
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Music
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Links
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Favorites
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Downloads
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Documents
2016-08-01 13:06:42	--------	d-----r-	C:\Users\DefaultAppPool\Desktop
2016-07-28 18:27:09	--------	d-----r-	C:\Users\Dirk 3\OneDrive
2016-07-28 18:22:12	70F3B35C7754B71A347B43660D5C55ED	636	--sha-r-	C:\Users\Dirk 3\ntuser.pol
2016-07-28 18:22:06	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\Dirk 3\ntuser.ini
2016-07-25 11:55:50	--------	d-----r-	C:\Users\Annie\OneDrive
2016-07-25 11:34:13	--------	d-----r-	C:\Users\Annie\Music
2016-07-25 11:33:46	70F3B35C7754B71A347B43660D5C55ED	636	--sha-r-	C:\Users\Annie\ntuser.pol
2016-07-25 11:33:43	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\Annie\ntuser.ini
2016-07-25 10:58:29	--------	d-----w-	C:\Users\Default\Cookies
2016-07-25 10:39:58	--------	d--h--w-	C:\Users\Annie\AppData
2016-07-25 10:39:57	--------	d--h--w-	C:\Users\Babette\AppData
2016-07-25 10:39:55	--------	d--h--w-	C:\Users\Dirk 3\AppData
2016-07-25 10:39:12	A0051C7FF41F23245535C3470C415E05	4194304	----a-w-	C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin
2016-07-25 10:39:12	27B8C2B7A1EA343BE039BF9AE929E9BF	196608	----a-w-	C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak
2016-07-25 10:35:49	--------	d---a-w-	C:\ProgramData\HP

====== C: exe-files ==
2016-08-09 11:53:47	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Annie.exe
2016-08-09 08:44:04	31F7F27C53BD819E2D70EFA47ED3D36A	7386200	----a-w-	C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\52.0.2743.116\52.0.2743.116_51.0.2704.103_chrome_updater.exe
2016-08-06 08:51:17	7163C5DD4694A9087C5D57F762E87CDF	68856064	----a-w-	C:\Users\Annie\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\7.4.30\DropboxClient_7.4.30.exe
=== C: other files ==
2016-08-10 08:02:14	8BA99A22DDA8795E42AA6FCA5E3DA7E2	144	---ha-w-	C:\Program Files\Common Files\X10\Common\x10prod.sys
2016-08-06 08:52:17	D54A14EF632698CEB089654B5394F929	63600	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-canary.sys
2016-08-06 08:52:17	653F4F0B5A25F3147621FD88A3F1F481	64112	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-dev.sys
2016-08-06 08:52:17	602534C6AF65E07ACD260AFA55D89D0F	52848	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_x86\dbx-stable.sys
2016-08-06 08:52:17	5A83DA46A3C55A0756230C8A02CA8696	63088	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_amd64\dbx-stable.sys
2016-08-06 08:52:17	03316C2B560AF4ECAAEB5AA5EE9F7C95	55408	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_x86\dbx-dev.sys
2016-08-06 08:52:17	006F32093B0FF58A3839FF84288A2DE1	53360	----a-w-	C:\Users\Annie\AppData\Roaming\Dropbox\bin\driver_x86\dbx-canary.sys
2016-08-03 09:03:57	1A4034D8CABD01A41208FE194789A72F	1653377	----a-w-	C:\Users\Annie\OneDrive\Documents\Syntra West\Word oefeningen Syntra West  30 12 10\Wo2007-Basis-Oef.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3560001748-2778358939-1781693722-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Facebook Update"="C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Dropbox Update"="C:\Users\Annie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"OneDrive"="C:\Users\Annie\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 "
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe"
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe"
"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup"
"PPort12reminder"="C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Facebook Update"="C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Dropbox Update"="C:\Users\Annie\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"OneDrive"="C:\Users\Annie\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsMon00]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrStsMon00"
"hkey"="HKLM"
"command"="C:\\Program Files\\Browny02\\Brother\\BrStMonW.exe /AUTORUN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ControlCenter4"
"hkey"="HKLM"
"command"="C:\\Program Files\\ControlCenter4\\BrCcBoot.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PaperPort\\IndexSearch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PaperPort PTD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PaperPort\\pptd40nt.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF5 Registry Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF5 Registry Controller"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nuance\\PDF Viewer Plus\\RegistryController.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFHook"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nuance\\PDF Viewer Plus\\pdfpro5hook.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Annie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk]
"path"="C:\\Users\\Annie\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.2 .lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.2 .lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files\\OpenOffice.org 3\\program\\quickstart.exe"
"item"="OpenOffice.org 3.2 "


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18-07-2016 11:03]
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA.job --a-------- C:\Users\Annie\AppData\LoC:al\Dropbox\Update\DropboxUpdate.exe []
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core.job --a-------- C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe [18-07-2012 21:39]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA.job --a-------- C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe [18-07-2012 21:39]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003Core.job --a-------- C:\Users\Babette\AppData\Local\Facebook\Update\FacebookUpdate.exe [06-10-2012 19:23]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003UA.job --a-------- C:\Users\Babette\AppData\Local\Facebook\Update\FacebookUpdate.exe [06-10-2012 19:23]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [31-08-2015 14:59]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [31-08-2015 14:59]
C:\WINDOWS\tasks\HPCeeScheduleForAnnie.job --a-------- C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [12-05-2016 15:40]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\WINDOWS\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core" [C:\Users\Annie\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\system32\tasks\DropboxUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA" [C:\Users\Annie\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000Core" [C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1000UA" [C:\Users\Annie\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003Core" [C:\Users\Babette\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\system32\tasks\FacebookUpdateTaskUserS-1-5-21-3560001748-2778358939-1781693722-1003UA" [C:\Users\Babette\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\HPCeeScheduleForAnnie" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1458815662" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\WINDOWS\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{724F3D81-4897-477C-B9B3-20E0798D6F89}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [09-08-2016 18:04]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Annie\AppData\Roaming\TomTom\HOME\Profiles\35fmlatu.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com

AppDir: C:\Program Files\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Annie\AppData\Roaming\Mozilla\Firefox\Profiles\x4fi1wmy.default-1461923401259
CEEF2B70937C374295AF8047525B137D	- C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll -	Adobe Acrobat
EA22BE080381784CF4DD9BEC8F90ACFA	- C:\Program Files\Nitro\Reader 3\npnitromozilla.dll -	Nitro PDF plugin for Firefox and Chrome
C517E5EA7CEE783F3681F62D2A362E5B	- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -	Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81	- C:\Program Files\Microsoft\Office Live\npOLW.dll -	Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
5B92CB0A3EEE50F6B9AE036B4F9B0F0C	- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -	Google Earth Plugin
CAF78E18A9E1380A0A38065B3B1210E0	- C:\Users\Annie\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll -	VASCO Card Reader Plugin
3CD19649B2C3023D65E67C056457A2BC	- C:\Users\Annie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin
2CAE7CE3F547181B6D652B948E98DE28	- C:\Program Files\Nitro\Reader 3\npnitroie.dll -	Nitro PDF plugin for Internet Explorer
8DCC19180D4A9C5FA9C60DABD2760D71	- C:\Program Files\Nitro\Reader 3\npdf.dll -	Nitro PDF Library


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Dirk 3\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
daanglpcpkjjlkhcbladppjphglbigam - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17-01-2012 12:45]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx[]

AVG Safe Search - Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Skype Click to Call - Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AVG Security Toolbar - Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
AVG Safe Search - Babette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Skype Click to Call - Babette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AT_AgathaRuizdelaPrada - Babette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccdaldnlpmblnjpbboadeocpnclfcbm
AVG Security Toolbar - Babette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

==== Chromium Fix ======================

C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully
C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully
C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Babette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
C:\Users\Babette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\Babette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hln.be/"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.hln.be/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{1A06F3C0-1F84-40A8-85A5-DF83A59426A3} - http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
HKCU\SearchScopes\{5C8C2084-578D-4E87-AC24-606322571606} - http://www.google.nl/search?hl=nl&q={searchTerms}&rlz=1I7AURU_nlBE499
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3560001748-2778358939-1781693722-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-3560001748-2778358939-1781693722-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobistar Internet Everywhere deleted successfully

==== Empty IE Cache ======================

C:\Users\Annie\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Annie\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dirk 3\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TEMP.Annie-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TEMP.Annie-PC.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TEMP.Annie-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Annie\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Annie\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Dirk 3\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Annie\AppData\Local\Mozilla\Firefox\Profiles\x4fi1wmy.default-1461923401259\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Annie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Babette\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=545 folders=251 147461190 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Annie\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 10-08-2016 at 11:16:24,87 ======================