
Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Sergeant on za 13/09/2014 at 10:01:04.66.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sergeant\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2013-07-06-141856.log	46311 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\log deleted successfully
C:\PROGRA~3\Digsby deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\ReaConverter deleted successfully
C:\PROGRA~3\xml_param deleted successfully
C:\Users\Sergeant\AppData\Roaming\Anvisoft deleted successfully
C:\Users\Sergeant\AppData\Roaming\ap_logs deleted successfully
C:\Users\Sergeant\AppData\Roaming\Awesomium deleted successfully
C:\Users\Sergeant\AppData\Roaming\Download Manager deleted successfully
C:\Users\Sergeant\AppData\Roaming\windows deleted successfully
C:\Users\Sergeant\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Sergeant\AppData\Local\MCEdit-64bit deleted successfully
C:\Users\Sergeant\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully
HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E06CF33F-8A8E-464D-BF83-6BD381222BB6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npggsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npggsvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Sergeant\AppData\Roaming\Mozilla\Firefox\Profiles\k8hyjwy4.default

---- Lines conduit removed from prefs.js ----
user_pref("CT2612669.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2612669.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2612669.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2612669.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2612669&octid=EB_ORIGINAL_CTID&SearchSour
user_pref("CT2612669.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&q=");
user_pref("CT2612669.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2612669.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2612669.TrusteLinkUrl", "http://trust.conduit.com/EB_ORIGINAL_CTID");
user_pref("CT2612669.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2612669.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2612669.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2612669.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
---- Lines search.net removed from prefs.js ----
user_pref("browser.search.defaultenginename", "default-search.net");
user_pref("browser.search.order.1", "default-search.net");
user_pref("browser.search.selectedEngine", "default-search.net");
user_pref("browser.startup.homepage", "http://www.default-search.net?sid=476&aid=135&itype=n&ver=13072&tm=395&src=hmp");
user_pref("keyword.URL", "http://www.default-search.net/search?sid=476&aid=135&itype=n&ver=13072&tm=395&src=ds&p=");
---- Lines y2layers removed from prefs.js ----
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "93eea731-92f2-4639-bddb-73c33ee812ac");
---- Lines y2layers removed from user.js ----

user_pref("extentions.y2layers.installId", "93eea731-92f2-4639-bddb-73c33ee812ac");
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");

---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2612669");
user_pref("CommunityToolbar.ToolbarsList2", "CT2612669");
user_pref("CommunityToolbar.twitter.user_20566976.LastCheckTime", "Wed Mar 16 2011 13:00:28 GMT+0100 (Romance (standaardtijd))");
---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2,{CAFEEFAC-0016-0000
---- FireFox user.js and prefs.js backups ---- 

user_20141309_1012_.backup
prefs_20130607_1526_.backup
prefs_20141309_1012_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 
"UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=- 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] 

==== Deleting Files \ Folders ======================

C:\Users\Sergeant\AppData\Local\Linkey not found
C:\Program Files (x86)\AnyProtectEx not found
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} deleted
C:\Users\Sergeant\AppData\Roaming\Mozilla\Firefox\Profiles\k8hyjwy4.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} deleted
C:\Users\Sergeant\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\default-search.xml deleted
C:\PROGRA~2\Yontoo deleted
C:\install.exe deleted
C:\Users\Sergeant\AppData\Roaming\Settings Manager deleted
C:\Users\Sergeant\AppData\Roaming\RSBuddy_masser.ini deleted
C:\Users\Sergeant\AppData\Roaming\aps.scan.quick.results deleted
C:\Users\Sergeant\AppData\Roaming\aps.scan.results deleted
C:\Users\Sergeant\AppData\Roaming\aps.uninstall.scan.results deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\qjaxlkio.dss deleted
C:\PROGRA~3\VisualBee deleted
C:\PROGRA~3\Tarma Installer deleted
C:\Users\Sergeant\AppData\Local\nsp939B.tmp deleted
C:\Users\Sergeant\AppData\Local\VisualBeeClient deleted
C:\Users\Sergeant\AppData\Local\VisualBeeExe deleted
C:\Users\Sergeant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly deleted
C:\Users\Sergeant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup deleted
C:\Users\Sergeant\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\tasks\APSnotifierPP1.job deleted
C:\Windows\tasks\APSnotifierPP2.job deleted
C:\Windows\tasks\APSnotifierPP3.job deleted
C:\windows\SysNative\tasks\APSnotifierPP1 deleted
C:\windows\SysNative\tasks\APSnotifierPP2 deleted
C:\windows\SysNative\tasks\APSnotifierPP3 deleted
C:\Windows\Syswow64\ConduitEngine.tmp deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Sergeant\AppData\Roaming\Mozilla\Firefox\Profiles\k8hyjwy4.default\searchplugins\default-search.xml deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Sergeant\AppData\Local\Temp ====
2014-09-12 19:44:32	8683C6015BAAA0D9A6AAEAC005D42920	172602	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\57739977_stp\Generic_vo.exe
2014-09-12 19:44:32	8683C6015BAAA0D9A6AAEAC005D42920	172602	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\57552017_stp\Generic_vo.exe
2014-09-12 13:43:22	F59FE3EC3D99A1F42BC58BF02150F329	173215	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\33393359_stp\Generic_vo.exe
2014-09-12 11:45:42	658B7BB140E95F8AF1AA9511088DEAF6	174050	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\32178228_stp\Generic_vo.exe
2014-09-08 18:51:52	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{E19AC405-6B5F-45CE-A472-23FEFD28C537}\ISBEW64.exe
2014-09-08 18:51:01	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\ISBEW64.exe
2014-09-08 18:49:54	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{1B8646DC-B283-4CD0-9204-16F8D2F6CD12}\ISBEW64.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-09-12 23:38:29	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-12 23:38:07	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-09-12 23:38:07	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-12 23:38:07	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-09-08 18:52:04	344604E6913BD6E4EAEC34AF2E0943D7	44544	----a-w-	C:\Windows\Sysnative\drivers\RimSerial_AMD64.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-12 23:07:16	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-09-12 15:21:20	--------	d-----w-	C:\PROGRA~2\VideoLAN
2014-09-08 18:51:06	--------	d-----w-	C:\PROGRA~2\Research In Motion
2014-09-08 18:51:06	--------	d-----w-	C:\PROGRA~2\COMMON~1\XCPCSync.OEM
2014-09-08 18:51:06	--------	d-----w-	C:\PROGRA~2\COMMON~1\Research In Motion
2014-09-01 08:35:51	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\Sergeant\AppData\Roaming ======
2014-09-12 15:23:05	--------	d-----w-	C:\Users\Sergeant\AppData\Roaming\vlc
2014-09-08 18:53:07	--------	d-----w-	C:\Users\Sergeant\AppData\Local\Research In Motion
2014-09-08 18:53:06	--------	d-----w-	C:\Users\Sergeant\AppData\Roaming\Research In Motion
====== C:\Users\Sergeant ======
2014-09-12 23:05:17	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Sergeant\Desktop\RSITx64.exe
2014-09-12 15:22:09	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-08 18:51:47	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-09-08 18:51:37	--------	d-----w-	C:\ProgramData\Research In Motion

====== C: exe-files ==
2014-09-12 23:37:13	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9JRI43M\mbam-setup-2.0.2.1012.exe
2014-09-12 23:07:16	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Sergeant.exe
2014-09-12 23:05:17	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Sergeant\Desktop\RSITx64.exe
2014-09-12 22:39:37	2C10E70E13868EA23BA0C33E4ECE46DD	591373	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9JRI43M\Setup[1].exe
2014-09-12 22:39:31	1D8FE0FE288B23072A750473B39ABF5A	17075712	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48L1ISCY\AnyProtect[1].exe
2014-09-12 22:37:02	3B54B5242AF2382EE4C49609CEB73AA9	632808	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJA1O3FA\Setup[1].exe
2014-09-12 22:36:27	35F9FCA26E4C9CBA8D7F3BD2797216EA	591373	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48L1ISCY\Setup[2].exe
2014-09-12 19:44:32	8683C6015BAAA0D9A6AAEAC005D42920	172602	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\57739977_stp\Generic_vo.exe
2014-09-12 19:44:32	8683C6015BAAA0D9A6AAEAC005D42920	172602	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\57552017_stp\Generic_vo.exe
2014-09-12 15:53:48	340F1EFFDE43547143672D67661ACEEB	590879	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48L1ISCY\Setup[1].exe
2014-09-12 15:22:11	52437302E4A48A6915AFE987423A1587	275217	----a-w-	C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
2014-09-12 15:19:17	99E55D1A7F7C2CE38E9B6872E6FEF61A	367464	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFC2Q9WM\SoftonicDownloader_voor_vlc-media-player.exe
2014-09-12 13:43:22	F59FE3EC3D99A1F42BC58BF02150F329	173215	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\33393359_stp\Generic_vo.exe
2014-09-12 11:45:42	658B7BB140E95F8AF1AA9511088DEAF6	174050	------w-	C:\Users\Sergeant\AppData\Local\Temp\is45637729\32178228_stp\Generic_vo.exe
2014-09-11 11:25:07	960E0CC65B9F2AAFBB028DB5B2A03A78	367464	----a-w-	C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJA1O3FA\SoftonicDownloader_voor_vlc-media-player.exe
2014-09-08 18:51:52	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{E19AC405-6B5F-45CE-A472-23FEFD28C537}\ISBEW64.exe
2014-09-08 18:51:01	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\ISBEW64.exe
2014-09-08 18:49:54	41CB698F967B4D9F2580EA2A21A5A710	107320	----a-w-	C:\Users\Sergeant\AppData\Local\Temp\{1B8646DC-B283-4CD0-9204-16F8D2F6CD12}\ISBEW64.exe
=== C: other files ==
2014-09-12 23:38:29	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-12 23:38:07	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-09-12 23:38:07	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-12 23:38:07	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-09-08 18:52:04	344604E6913BD6E4EAEC34AF2E0943D7	44544	----a-w-	C:\Windows\System32\drivers\RimSerial_AMD64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Sergeant\AppData\Local\Akamai\netsession_win.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Sergeant\AppData\Local\Akamai\netsession_win.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Users\\Sergeant\\AppData\\Local\\Linkey\\IEEXTE~1\\iedll.dll "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Aeria Ignite"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EA Core"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Electronic Arts\\EADM\\Core.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Easybits Recovery"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sergeant\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe autorun=AUTORUN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MurGee.com Auto Clicker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MurGee.com Auto Clicker"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Auto Clicker\\AutoClicker.exe :silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NortonOnlineBackupReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC Suite Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC Suite Tray"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PC-Doctor for Windows localizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PC-Doctor for Windows localizer"
"hkey"="HKLM"
"command"="C:\\Program Files\\PC-Doctor for Windows\\localizer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Software Informer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Software Informer"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Software Informer\\softinfo.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPPOLL]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPPOLL"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\TOPRO\\TPPOLL.EXE"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\hp\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\MCAFEE~1\\202B13~1.181\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sergeant^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Sergeant\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Sergeant\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe "
"item"="Dropbox"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GameConsoleService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Support Assistant Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Stereo Service]


==== Startup Folders ======================

2014-05-12 17:03:36	2073	----a-w-	C:\Users\Sergeant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/07/2014 11:00]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872680462-3295556290-3718705865-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872680462-3295556290-3718705865-1000UA.job --a------ C:\Users\Sergeant\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/07/2012 11:58]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/03/2010 18:49]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/03/2010 18:49]
C:\Windows\tasks\PCDRScheduledMaintenance.job --a------ C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [18/09/2009 09:11]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\ExtendedServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1872680462-3295556290-3718705865-1000Core" [C:\Users\Sergeant\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-1872680462-3295556290-3718705865-1000UA" [C:\Users\Sergeant\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Game_Booster_Startup" [C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\PCDRScheduledMaintenance" [C:\Program Files\PC-Doctor for Windows\pcdrcui.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{79DB861A-17D6-4C21-9FBB-507BADC3BC51}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{B860B413-3FC1-45B8-8912-1DE8B4BC3521}" [C:\Users\Sergeant\AppData\Local\jagexlauncher\bin\JagexLauncher.exe]
"C:\Windows\SysNative\tasks\{DEAD9831-3313-47A0-A4BE-4AD0B4BB00D2}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sergeant\AppData\Roaming\Mozilla\Firefox\Profiles\k8hyjwy4.default
3CD19649B2C3023D65E67C056457A2BC	- C:\Users\Sergeant\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin
6846D2CA7E1D5937AEE3F99BB7F5464B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll -	Shockwave for Director / Shockwave for Director
B6A800D881A0176C544988870861E798	- C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 12:45]
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files (x86)\DealPly\DealPly.crx[]

Skype Click to Call - Sergeant\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Sergeant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Sergeant\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.default-search.net?sid=476&aid=135&itype=n&ver=13072&tm=395&src=hmp",
"startup_urls": [ "http://www.default-search.net?sid=476&aid=135&itype=n&ver=13072&tm=395&src=hmp" ],


==== Chromium Fix ======================

C:\Users\Sergeant\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niapdbllcanepiiimjjndipklodoedlc_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/?gws_rd=ssl"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.be/?gws_rd=ssl"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{ED36833E-C2B0-4518-99F9-333931F4E4C9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing  Url="http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox"
{6E88696E-269A-4512-A138-40D487D7A54D} Unknown  Url="Not_Found"
{ED36833E-C2B0-4518-99F9-333931F4E4C9} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1872680462-3295556290-3718705865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E88696E-269A-4512-A138-40D487D7A54D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MurGee.com Auto Clicker deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPPOLL deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sergeant\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Sergeant\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================


==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sergeant\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sergeant\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on za 13/09/2014 at 10:24:00.23 ======================