
Zoek.exe v5.0.0.0 Updated 17-February-2014
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Johan & Petra\Downloads\zoek (10).exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-02-17-182300.log	806 bytes
C:\zoek-results2014-02-17-214514.log	347 bytes
C:\zoek-results2014-02-17-224449.log	395 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{71e129ff-6c2a-4984-818c-7e2c998b8d99} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Savesenselivem deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Yontoo not found
C:\Users\Johan & Petra\AppData\Roaming\Mozilla\Firefox\Profiles\6upjdxuk.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} not found
"C:\Users\Johan & Petra\AppData\Roaming\Mozilla\Firefox\Profiles\6upjdxuk.default\searchplugins\askcom.xml" not found
"C:\Users\Johan & Petra\AppData\Roaming\Mozilla\Firefox\Profiles\6upjdxuk.default\searchplugins\conduit-search.xml" not found
"C:\Users\Johan & Petra\AppData\Roaming\Mozilla\Firefox\Profiles\6upjdxuk.default\searchplugins\delta.xml" not found
C:\Users\Johan & Petra\AppData\Local\SaveSense deleted
C:\Users\Johan & Petra\AppData\Roaming\0C1I1L1R1J0M1P0I1G deleted
C:\Program Files (x86)\MyPC Backup deleted
C:\Users\Johan & Petra\AppData\Roaming\systweak deleted
C:\ProgramData\SaveSenseLive deleted
C:\Program Files (x86)\SaveSenseLive deleted
C:\Users\Johan & Petra\AppData\Roaming\SaveSense deleted
"C:\Windows\tasks\ROC_REG_JAN_DELETE.job" deleted
"C:\Windows\tasks\ROC_ROC_JAN2013_AV.job" deleted
"C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job" deleted
"C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job" deleted
"C:\windows\SysNative\roboot64.exe" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-16 22:14:18	0245D0889C3443F5DC9194558583FE59	43152	----a-w-	C:\Windows\avastSS.scr
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-16 22:14:22	28192A2A37F52EB97EBE14DEE0F2513B	334136	----a-w-	C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-02-16 22:14:26	FD3EA14ADF6216BDF4030DB2EFD43D96	80184	----a-w-	C:\Windows\Sysnative\drivers\aswStm.sys
2014-02-16 22:14:26	90399625F341AB76BA4B85A5E860EB1F	207904	----a-w-	C:\Windows\Sysnative\drivers\aswVmm.sys
2014-02-16 22:14:25	F22DE5F5BA8ADA0A861441B624B51EB5	421704	----a-w-	C:\Windows\Sysnative\drivers\aswSP.sys
2014-02-16 22:14:25	C04F7B373881009D7994D9BF55D24AB4	65776	----a-w-	C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-02-16 22:14:25	43599E630DFC30AD4E6A2B4B269EB1C0	1038072	----a-w-	C:\Windows\Sysnative\drivers\aswSnx.sys
2014-02-16 22:14:25	0ACC3F49015E628590CA4372322EB46B	78648	----a-w-	C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-02-16 22:14:24	679712B7A353EE665B9301592164A172	92544	----a-w-	C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-02-16 22:14:23	57483E691D635510533E081EC4CB81EC	28184	----a-w-	C:\Windows\Sysnative\drivers\aswKbd.sys
====== C:\Windows\Tasks ======
2014-02-16 22:15:07	AF97078243F2FB7B4C174D43922A8EF4	4182	----a-w-	C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-01-26 21:37:10	D72B860F7F41091AD9226B3E5DA9EEAA	378	----a-w-	C:\Windows\Tasks\APSnotifierCA.job
2014-01-26 21:37:10	9465A47BFF297BD9BCF3474C5D92D49E	3184	----a-w-	C:\Windows\Sysnative\Tasks\APSnotifierCA
2014-01-26 21:34:30	0C526ADC7A8C1CD9203007640136AA67	3570	----a-w-	C:\Windows\Sysnative\Tasks\SaveSense
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-02-17 15:58:22	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-01-26 21:43:52	--------	d-----w-	C:\PROGRA~2\K-Lite Codec Pack
======= C: =====
2014-02-16 22:03:56	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2013
2014-02-17 15:58:30	20A79D18E9BA41EBEA3EDFCB55F4CB6A	43890	----a-w-	C:\\rsit\info.txt
2014-02-17 15:58:23	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\\Program Files\trend micro\Johan & Petra.exe
2014-02-17 15:58:22	--------	d-----w-	C:\\Program Files\trend micro
2014-02-16 22:15:34	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-02-16 22:15:07	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-16 22:14:22	28192A2A37F52EB97EBE14DEE0F2513B	334136	----a-w-	C:\\Windows\System32\aswBoot.exe
2014-02-16 22:14:18	0245D0889C3443F5DC9194558583FE59	43152	----a-w-	C:\\Windows\avastSS.scr
2014-02-11 06:25:13	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\\Windows\temp\GURDAC4.exe
2014-02-09 08:34:33	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\\Windows\temp\GURD0F4.exe
2014-01-26 21:44:03	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-01-26 21:43:52	--------	d-----w-	C:\\Program Files (x86)\K-Lite Codec Pack
2014-01-26 21:36:19	908A50691E698A2D4F4DE4E26C7BD534	15900	----a-w-	C:\\Users\JOHAN

====== C: exe-files ==
2014-02-17 15:58:23	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Johan & Petra.exe
2014-02-16 22:14:57	4336FBC3A8A75922456D194391A5999C	36528344	----a-w-	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\32.0.1700.107\32.0.1700.107_chrome_installer.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Facebook Update"="C:\Users\Johan & Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"

[HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"ROC_ROC_NT"="C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe / /PROMPT /CMPID=ROC_NT"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Facebook Update"="C:\Users\Johan & Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Corel Photo Downloader"="C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe -startup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2012-02-11 16:41:26	956	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
2013-05-08 23:01:10	2069	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2014 20:27]
C:\Windows\tasks\APSnotifierCA.job --a------ C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-631928210-3985880463-3106305923-1001Core.job --a------ C:\Users\Johan  Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-631928210-3985880463-3106305923-1001UA.job --a------ C:\Users\Johan  Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [28/05/2012 13:53]
C:\Windows\tasks\HPCeeScheduleForJohan & Petra.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05/01/2010 02:53]
C:\Windows\tasks\HPCeeScheduleForTHUIS-PC$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [05/01/2010 02:53]
C:\Windows\tasks\Sing Along Update.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\APSnotifierCA" [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-631928210-3985880463-3106305923-1001Core" [C:\Users\Johan &amp; Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-631928210-3985880463-3106305923-1001UA" [C:\Users\Johan &amp; Petra\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForJohan & Petra" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForTHUIS-PC$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SaveSense" [C:\Users\JOHAN&amp;~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Sing Along Update" [C:\Program Files (x86)\SingAlong\SingalngUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"="C:\Program Files\IB Updater\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16/02/2014 23:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"singalong@xenophesoft.com"="C:\Program Files (x86)\SingAlong\FF" [31/03/2013 17:11]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
abepbblpkilpjohncjbccmdjhdhbnhdj - C:\Program Files (x86)\SingAlong\Chrome.crx[10/05/2013 01:52]
bgnnidmnbdkmhfkjgdnngciimpdgohok - C:\Program Files (x86)\IlemiTVApp.com\stv11.crx[]
dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\IB Updater\source.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[16/02/2014 23:14]
niapdbllcanepiiimjjndipklodoedlc - No path found[]

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-631928210-3985880463-3106305923-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=88 folders=20 9172909 bytes)

==== EOF on di 18/02/2014 at 16:47:40,98 ======================