
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by toshiba on do 05-06-2014 at  9:30:50,28.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\toshiba\Documents\zoek\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-05-11-153103.log	1107 bytes
C:\zoek-results2014-05-12-073608.log	65547 bytes
C:\zoek-results2014-05-19-142321.log	75372 bytes
C:\zoek-results2014-05-19-154955.log	72089 bytes
C:\zoek-results2014-05-23-150152.log	70707 bytes
C:\zoek-results2014-06-02-092902.log	588 bytes
C:\zoek-results2014-06-02-221358.log	633 bytes
C:\zoek-results2014-06-04-055434.log	685 bytes

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\toshiba\AppData\Local\Temp ====
2014-05-30 08:04:38	5634C601025C31032A0AF1590B4C0CA6	43008	----a-w-	C:\Users\toshiba\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxh7mn4.dll
2014-05-30 07:49:34	BCB0728F4B117855765CE8FE883B5E9B	1536	----a-w-	C:\Users\toshiba\AppData\Local\Temp\NOSEventMessages.dll
====== Java Cache =====
2014-05-25 12:31:04	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\toshiba\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-45ac2340
====== C:\Windows\SysWOW64 =====
2014-05-25 18:50:27	0DC5AF80D059DEC792B665ED598C6567	536576	----a-w-	C:\Windows\SysWOW64\sqlite3.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-05-18 12:16:30	6140163BFE9D8F2DFDBA088ED5521C13	119512	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-05-18 12:15:59	C49915271600CFC2305FAA4271D0002F	63192	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-05-18 12:15:59	4A1356200B82B852E137B687F03E8054	88280	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-05-18 12:15:58	FD5465B876D55534117963FAAA4B9DFC	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-05-15 13:13:01	E9981ECE8D894CEF7038FD1D040EB426	56832	----a-w-	C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-05-15 12:44:41	AD64450A4ABE076F5CB34CC08EEACB07	30208	----a-w-	C:\Windows\Sysnative\drivers\TsUsbGD.sys
2014-05-15 12:44:41	313F68E1A3E6345A4F47A36B07062F34	19456	----a-w-	C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-05-14 09:54:29	1C2D8E18AA8FD50CD04C15CC27F7F5AB	155072	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 09:54:26	353009DEDF918B2A51414F330CF72DEC	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2014-05-13 12:20:26	18A542A22A31DFFEA51666E75393E7A5	235800	----a-w-	C:\Windows\Sysnative\drivers\avgldx64.sys
2014-05-13 12:20:06	6FB25E61AC5885F5BD8BC5202D129BDF	273176	----a-w-	C:\Windows\Sysnative\drivers\avgtdia.sys
2014-05-13 12:05:40	73B684F26AD82BABC2A1B3E539ED027A	191768	----a-w-	C:\Windows\Sysnative\drivers\avgidsha.sys
2014-05-13 12:05:08	D89F8E4E025DAA0C39FF61AC0199E101	152344	----a-w-	C:\Windows\Sysnative\drivers\avgdiska.sys
2014-05-13 12:05:06	ADC65C6074A994D91CA9C6339C3DC978	130328	----a-w-	C:\Windows\Sysnative\drivers\avgmfx64.sys
2014-05-13 12:04:56	F9984B8432204D000E15DE0A40D6F9AD	236312	----a-w-	C:\Windows\Sysnative\drivers\avgidsdrivera.sys
2014-05-13 12:04:30	7D206FA06603E95984EFF9822C9FC958	31512	----a-w-	C:\Windows\Sysnative\drivers\avgrkx64.sys
====== C:\Windows\Tasks ======
2014-05-30 11:12:14	E07537B6DC42FEDB9C95AE7F6904306C	3982	----a-w-	C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{BF33D2C8-8603-48F5-89CB-65F11893A938}
2014-05-25 18:52:21	A25197BB742F158FCD4A891E5B5CF3FC	3110	----a-w-	C:\Windows\Sysnative\Tasks\{943D2F94-DAB4-41D7-80D7-C8A01BE1AEA8}
2014-05-12 12:56:04	C2BAD24E62A19379C1033D19D4336C69	3002	----a-w-	C:\Windows\Sysnative\Tasks\{0AC7FCCA-4F51-491B-AA4D-961D77528EF2}
2014-05-11 15:02:45	DC9099E05B9406E776BD9DDA4F0763BD	3168	----a-w-	C:\Windows\Sysnative\Tasks\{3D559E10-AD91-4AE0-90BA-634B9AC21196}
2014-05-11 15:01:16	30B02F085F4717AF178959349CD6C550	3156	----a-w-	C:\Windows\Sysnative\Tasks\{E7E6B778-371F-4870-AAFD-1E1F4D14DF82}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-29 18:52:19	--------	d-----w-	C:\Program Files\Speccy
2014-05-21 06:09:35	--------	d-----w-	C:\Program Files\iPod
2014-05-21 06:09:33	--------	d-----w-	C:\Program Files\iTunes
2014-05-10 15:25:12	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-05-21 06:09:33	--------	d-----w-	C:\PROGRA~2\iTunes
2014-05-19 12:16:00	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-05-19 12:14:41	--------	d-----w-	C:\PROGRA~2\Java
2014-05-15 07:07:02	--------	d-----w-	C:\PROGRA~2\COMMON~1\DESIGNER
======= C: =====
====== C:\Users\toshiba\AppData\Roaming ======
2014-05-26 11:39:47	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\AVG Secure Search
2014-05-23 15:03:17	--------	d-----w-	C:\Users\toshiba\AppData\Roaming\DropboxMaster
2014-05-23 13:44:33	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-05-23 13:44:33	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-05-23 13:44:32	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-05-23 13:44:32	--------	d-----w-	C:\Users\toshiba\AppData\Local\Temp
2014-05-23 13:44:32	--------	d-----w-	C:\Users\Public\AppData\Local\temp
2014-05-23 13:44:32	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2014-05-23 13:44:32	--------	d-----w-	C:\Users\Default User\AppData\Local\temp
2014-05-19 11:35:12	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun
2014-05-18 12:10:10	--------	d-sh--w-	C:\Users\toshiba\AppData\Local\EmieUserList
2014-05-18 12:10:10	--------	d-sh--w-	C:\Users\toshiba\AppData\Local\EmieSiteList
2014-05-12 13:01:43	--------	d-----w-	C:\Users\toshiba\AppData\Roaming\AVG2014
2014-05-12 13:00:54	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-05-12 13:00:20	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-05-12 12:58:14	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-05-12 12:57:17	--------	d-----w-	C:\Users\toshiba\AppData\Local\Avg2014
====== C:\Users\toshiba ======
2014-06-02 06:12:27	9EC73884D7D7BFEC9EED7EAF3122A0BE	1327971	----a-w-	C:\Users\toshiba\Downloads\AdwCleaner.exe
2014-05-30 07:54:33	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\toshiba\Downloads\RSITx64 (1).exe
2014-05-29 18:51:25	6DC6EBDF9391271098C40F6BA7779430	4890736	----a-w-	C:\Users\toshiba\Desktop\spsetup126.exe
2014-05-21 06:11:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-21 06:09:33	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-19 12:16:09	--------	d-----w-	C:\ProgramData\Oracle
2014-05-19 12:15:04	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 09:15:56	--------	d-----r-	C:\Windows\SysNative\config\systemprofile\Searches
2014-05-12 13:00:19	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-12 12:58:41	--------	d-----w-	C:\ProgramData\AVG2014

====== C: exe-files ==
2014-06-02 22:05:27	D558C01F460958AFC496006BC89BE5F0	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1573529791-4049238610-3989334239-1000\$IGGDUD7.exe
2014-06-02 22:05:21	C415076BE6D7CC7FD6DD32A6C0A05121	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1573529791-4049238610-3989334239-1000\$ISWQWAH.exe
2014-06-02 06:12:27	9EC73884D7D7BFEC9EED7EAF3122A0BE	1327971	----a-w-	C:\Users\toshiba\Downloads\AdwCleaner.exe
2014-05-30 07:54:33	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\toshiba\Downloads\RSITx64 (1).exe
2014-05-30 07:46:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P1JLA3K\RSITx64[1].exe
2014-05-29 18:51:25	6DC6EBDF9391271098C40F6BA7779430	4890736	----a-w-	C:\Users\toshiba\Desktop\spsetup126.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-21-1573529791-4049238610-3989334239-1000\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL"
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP"
"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe LPCM"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 "
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Allin1Convert_8hbar Uninstall]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="Allin1Convert_8hbar Uninstall"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~2\\8HUNIN~1.DLL,O -3 uninstalltype=IE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IncrediMail"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\IncrediMail\\bin\\IncMail.exe /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaSuite.exe"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOPI.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TOPI.EXE"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Online Product Information\\topi.exe /STAR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba Registration"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\Registration\\ToshibaReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPRO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba TEMPRO"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Toshiba TEMPRO\\TemproTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToshibaServiceStation]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToshibaServiceStation"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe /hide:60"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosNC"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Toshiba\\BulletinBoard\\TosNcCore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosReelTimeMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosReelTimeMonitor"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosSENotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosSENotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TOSHIBA HDD SSD Alert\\TosWaitSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosVolRegulator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosVolRegulator"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TosVolRegulator\\TosVolRegulator.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk]
"item"="Toshiba Places Icon Utility"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Toshiba Places Icon Utility.lnk"
"backup"="C:\\Windows\\pss\\Toshiba Places Icon Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TOSHIBA\\TOSHIB~3\\TOSDIM~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"item"="Dropbox"
"path"="C:\\Users\\toshiba\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\toshiba\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
"item"="OpenOffice.org 3.4.1"
"path"="C:\\Users\\toshiba\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.1.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.1.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.OR~\\program\\QUICKS~1.EXE"


==== Startup Folders ======================

2011-05-02 13:10:15	1258	----a-w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-05-02 13:10:15	1258	----a-w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 15:53]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-02-2012 10:13]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-02-2012 10:13]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\SysNative\tasks\4927" [wscript.exe C:\Users\toshiba\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BF33D2C8-8603-48F5-89CB-65F11893A938}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0AC7FCCA-4F51-491B-AA4D-961D77528EF2}" [C:\Users\toshiba\Downloads\avg_free_x64_all_2014_4577a7359.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Chrome Look ======================

Google Docs - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Wallet - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1038 folders=208 147626134 bytes)

==== EOF on do 05-06-2014 at  9:35:52,03 ======================