
Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Robin on do 23-10-2014 at 21:20:36,18.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Robin\Downloads\zoek.exe    [Scan all users] [Script inserted] 

==== System Restore Info ======================

23-10-2014 21:21:56 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\cosstminn deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\saVeitKeep deleted successfully
C:\PROGRA~2\SiteLookup deleted successfully
C:\PROGRA~2\sizlsearch deleted successfully
C:\PROGRA~3\374311380 deleted successfully
C:\PROGRA~3\cosstminn deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\saVeitKeep deleted successfully
C:\Users\Robin\AppData\Roaming\ap_logs deleted successfully
C:\Users\Robin\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Robin\AppData\Roaming\Probit Software deleted successfully
C:\Users\Robin\AppData\Roaming\SimilarAddon deleted successfully
C:\Users\Robin\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default

---- Lines {7c231677-e4fb-44ac-80a5-c87fcb7c2be9} removed from prefs.js ----
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.config_sm", "1410282189774");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.daysPassed", "{\"t10d\":true,\"t7d\":true,\"t2d\":true}");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.installtime", "1410282186.489");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.isFirstRun", "false");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.lastC", "{\"li\":392801,\"sm\":392801,\"mo\":392801}");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.moEnabled", true);
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.server", "https://s99992.webovernet.com");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.src", "99992");
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.toolbarButtonInstalled", true);
user_pref("{7c231677-e4fb-44ac-80a5-c87fcb7c2be9}.user_id", "73160249150642");
---- Lines {7c231677-e4fb-44ac-80a5-c87fcb7c2be9} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ---- 

user_23-10-2014_2122_.backup
prefs_23-10-2014_2122_.backup

ProfilePath: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\qgrt4xwe.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_23-10-2014_2122_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"LiveSupport"=- 
"SPDriver"=- 

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"Safer-Surf"=- 
"SPDriver"=- 
"fst_nl_77"=- 
"AnyProtect Scanner"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\iWebar not found
C:\Program Files (x86)\AnyProtectEx not found
C:\Program Files (x86)\ShopperPro not found
C:\Program Files (x86)\LiveSupport not found
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\927571a5c34c476fbf9f2ed9e@8e7e940e6a314c63a357ced35576d.com deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\dbij6@eo-.co.uk deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\staged deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\upjm4uaaa@mmywiaueooyyee.co.uk deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\{7c231677-e4fb-44ac-80a5-c87fcb7c2be9} deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\extensions\{d87d56b2-1379-49f4-b081-af2850c79d8e} deleted
C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default\searchplugins\SafeFinder Search.xml deleted
C:\Program Files (x86)\Flowsurf deleted
"C:\WINDOWS\tasks\9a42dd34-f838-4eb9-ad37-22ad631e493f-4.job" deleted
"C:\WINDOWS\tasks\APSnotifierPP1.job" deleted
"C:\WINDOWS\tasks\APSnotifierPP2.job" deleted
"C:\WINDOWS\tasks\APSnotifierPP3.job" deleted

==== Files Found In C:\WINDOWS\ELAMBKUP ======================

2013-09-10 02:47:38	23568	----a-r-	20F758E6339A16F97DD83389D582E09A	C:\WINDOWS\ELAMBKUP\SYMELAM.SYS	---	C:\WINDOWS\ELAMBKUP\SYMELAM.SYS

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Robin\AppData\Local\Temp ====
2014-10-23 15:55:22	28026DB53EEF61CCF0101672C77CE134	277616	----a-w-	C:\Users\Xander\AppData\Local\Temp\MozUpdater\bgupdate-1\updater.exe
2014-10-23 15:55:07	28026DB53EEF61CCF0101672C77CE134	277616	----a-w-	C:\Users\Xander\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-10-20 17:31:28	68058D91D76350473E8961D60530D663	105440	----a-w-	C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 17:31:28	4B90A440C945F78BDDC23495BEA8AD87	706016	----a-w-	C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-18 09:19:49	CDB3123A2ABB34B830224B986568F4D4	626688	----a-w-	C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-18 09:19:35	CE9FDB173E3FDA974B9CC2596558EA47	68608	----a-w-	C:\WINDOWS\SysWOW64\packager.dll
2014-10-18 09:18:07	F91E55DA404B834648A3B0A2477C10DB	17484800	----a-w-	C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-18 09:17:59	D03EB7605435FE24ADE670661A932651	4201472	----a-w-	C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-18 09:17:58	EF94FA1F3D90520CCA4AE65D639A9E62	11807232	----a-w-	C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-18 09:17:57	7AE80F921027CF88CB9D0433088A3E55	1810944	----a-w-	C:\WINDOWS\SysWOW64\wininet.dll
2014-10-18 09:17:57	55A400FDB21D157E947A0EE65AEDB1B3	2187264	----a-w-	C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-18 09:17:56	B89F5D2B3D3BC730FAB93CFCD931742F	607744	----a-w-	C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-18 09:17:56	3065FF6794A7FDC882F0DA8B6230AB6E	1190400	----a-w-	C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-18 09:17:55	980D01CB48811552E09D9CFF397886C9	315904	----a-w-	C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-18 09:17:55	835807E2AC0A8FA15B9A2EA80E2D5169	2017280	----a-w-	C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-18 09:17:54	DF4BA130BD41F29A894E026E456B8481	454656	----a-w-	C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-18 09:17:54	6D4DD5706C297234F457B9D9018C493F	61952	----a-w-	C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-18 09:17:54	410BECCA3354D471E45344F0754CC0E4	243200	----a-w-	C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-18 09:17:54	201EAFA3F17BE4990999C28657212D8E	69632	----a-w-	C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-18 09:17:53	FBE852643EDEB9D6D6502AFE6017CD64	678400	----a-w-	C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-18 09:16:57	5D2C15BDAD48646C8CBC83903252D87C	514048	----a-w-	C:\WINDOWS\SysWOW64\rastls.dll
2014-10-18 09:16:52	09ABB665890DDCB614974AE563F0D877	672256	----a-w-	C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-18 09:16:50	FBC21212942F17DBA0A66C93ADC23F59	31232	----a-w-	C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-18 09:16:50	C2F6C71F5316DA478632B3B463B06E6D	80896	----a-w-	C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-18 09:16:50	B6D3D955FBB174081CDFB977B726D069	123904	----a-w-	C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-18 09:16:36	F51B727AFF404ED8D730DFA069D88D7B	18722600	----a-w-	C:\WINDOWS\SysWOW64\shell32.dll
2014-10-18 09:16:35	7BEE9E040222E7033A820780E1A61204	5777408	----a-w-	C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-18 09:16:35	074BF061D97E49AAF04F2FAF46409A14	5902848	----a-w-	C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-18 09:16:33	E86549FED3008360730A6B722079D537	756224	----a-w-	C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-18 09:16:33	DBA00F3FC75495058A25B24906C24599	1205976	----a-w-	C:\WINDOWS\SysWOW64\propsys.dll
2014-10-18 09:16:33	BFC6F7889A9CFF451A418862444B9F63	321024	----a-w-	C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-18 09:16:33	A4E624F7658D08C1717542FA10E0A973	1467384	----a-w-	C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-18 09:16:33	76831C139BD9E227712B283A6A5ABBA8	840192	----a-w-	C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-18 09:16:33	24B30DB8D1F8CF0F8C1AAAE319BC508E	838144	----a-w-	C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-18 09:16:32	DA65F1320538BC417B8FAE0BCAC330A0	265216	----a-w-	C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-18 09:16:26	C49344C2F399A22704C682C5E18B8DF2	2321920	----a-w-	C:\WINDOWS\SysWOW64\authui.dll
2014-10-18 09:16:26	10F428429F7FF957B226E068A08B158A	3117568	----a-w-	C:\WINDOWS\SysWOW64\msi.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-10-18 09:20:04	C2BBFC3872442092AD2260F564AB9AD9	4183040	----a-w-	C:\WINDOWS\Sysnative\win32k.sys
2014-10-18 09:19:49	34B5290B8770A2FC578E3FEAD3FD7462	921600	----a-w-	C:\WINDOWS\Sysnative\MrmCoreR.dll
2014-10-18 09:19:46	8CBF1E2761816CFD9D32F8B32531D0FB	118272	----a-w-	C:\WINDOWS\Sysnative\winbici.dll
2014-10-18 09:19:40	F782575495709CD79F1A15EFD11D51E3	76288	----a-w-	C:\WINDOWS\Sysnative\packager.dll
2014-10-18 09:18:08	7415B29AFE2E4494A57358B8C7E78600	23631360	----a-w-	C:\WINDOWS\Sysnative\mshtml.dll
2014-10-18 09:18:02	D3B07C2FABEAE749E4E51F1E93CABA23	5829632	----a-w-	C:\WINDOWS\Sysnative\jscript9.dll
2014-10-18 09:18:01	7E60EE8A68F7270D1E1662CBA275D4FA	13619200	----a-w-	C:\WINDOWS\Sysnative\ieframe.dll
2014-10-18 09:17:57	9D98D4F390F0B14A782F3B931E613A1A	2309632	----a-w-	C:\WINDOWS\Sysnative\wininet.dll
2014-10-18 09:17:57	0F5A279522FA6A30C9C5A297A1064933	1447936	----a-w-	C:\WINDOWS\Sysnative\urlmon.dll
2014-10-18 09:17:57	050FD78BA4EFA62417F61F4C098B5B25	2796032	----a-w-	C:\WINDOWS\Sysnative\iertutil.dll
2014-10-18 09:17:56	646C004F58AA4762F92BF7C595216C37	2108416	----a-w-	C:\WINDOWS\Sysnative\inetcpl.cpl
2014-10-18 09:17:56	45B736E3184B68515FDB71D4083A9BCF	731136	----a-w-	C:\WINDOWS\Sysnative\msfeeds.dll
2014-10-18 09:17:55	2A1C9DB3F9C09795D77E9F24C30BE423	363008	----a-w-	C:\WINDOWS\Sysnative\iedkcs32.dll
2014-10-18 09:17:55	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\WINDOWS\Sysnative\ie4uinit.exe
2014-10-18 09:17:54	DB101A62F9BF8E7765685950169EF52B	758272	----a-w-	C:\WINDOWS\Sysnative\jscript9diag.dll
2014-10-18 09:17:54	A2105E46DC9CE38A1D57FB124436E1BC	85504	----a-w-	C:\WINDOWS\Sysnative\mshtmled.dll
2014-10-18 09:17:54	98241BE7EB26C41562D33393DD12608F	289280	----a-w-	C:\WINDOWS\Sysnative\dxtrans.dll
2014-10-18 09:17:54	328143D6BC5951E1797BD524C4E98CDC	547328	----a-w-	C:\WINDOWS\Sysnative\vbscript.dll
2014-10-18 09:17:54	30FB9ABB6C45C3299CFA5F556904DD5F	83968	----a-w-	C:\WINDOWS\Sysnative\MshtmlDac.dll
2014-10-18 09:17:53	2E5AF1507CBE735B4D7EBFF1908EA0E1	775168	----a-w-	C:\WINDOWS\Sysnative\ieapfltr.dll
2014-10-18 09:16:58	25EE65F2FA154EDED0E87354311FB1E2	590336	----a-w-	C:\WINDOWS\Sysnative\rastls.dll
2014-10-18 09:16:53	9FDD8CD31F3FBA88F050318F32D640E2	3448320	----a-w-	C:\WINDOWS\Sysnative\wuaueng.dll
2014-10-18 09:16:53	6D3FB811007A5330C6D85E182BCDFC85	839680	----a-w-	C:\WINDOWS\Sysnative\wuapi.dll
2014-10-18 09:16:52	23C814333BDA6B07248E6E865D91B728	1702400	----a-w-	C:\WINDOWS\Sysnative\wucltux.dll
2014-10-18 09:16:51	EEC80B8BF5B050D04DDCD88D03C9A771	59904	----a-w-	C:\WINDOWS\Sysnative\wups.dll
2014-10-18 09:16:51	5E89EC6165E545B77122227E1DFFA23A	54752	----a-w-	C:\WINDOWS\Sysnative\wuauclt.exe
2014-10-18 09:16:51	1D66D0788D7A398B4BF9030C45B5F71C	50688	----a-w-	C:\WINDOWS\Sysnative\wups2.dll
2014-10-18 09:16:51	1A941A83126E35782401E43C84FC90C7	388608	----a-w-	C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2014-10-18 09:16:50	65297383420B2C09A7D2838C76106CEE	93696	----a-w-	C:\WINDOWS\Sysnative\wudriver.dll
2014-10-18 09:16:50	35D45C2646794C66EAAD8FE11944A714	35328	----a-w-	C:\WINDOWS\Sysnative\wuapp.exe
2014-10-18 09:16:50	094D5D55C02FA2547A0B46A0ABC629D5	137728	----a-w-	C:\WINDOWS\Sysnative\wuwebv.dll
2014-10-18 09:16:37	34A16F6F9546595952C65003D9A4B474	21195616	----a-w-	C:\WINDOWS\Sysnative\shell32.dll
2014-10-18 09:16:36	1676B06421492B439A9E60C55692A921	8757760	----a-w-	C:\WINDOWS\Sysnative\Windows.UI.Search.dll
2014-10-18 09:16:35	8A522BBE4E06586C57E5D9DC50FB88B0	6649344	----a-w-	C:\WINDOWS\Sysnative\mstscax.dll
2014-10-18 09:16:35	57CA779C19C2F224BE0C5EFC40F54B60	4758528	----a-w-	C:\WINDOWS\Sysnative\SyncEngine.dll
2014-10-18 09:16:34	10CE7F7704E293F6CC6E0AF51DBFD95A	1106432	----a-w-	C:\WINDOWS\Sysnative\SearchFolder.dll
2014-10-18 09:16:33	FD4EA8E9232ADD51DC31C295DDEF2768	287744	----a-w-	C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2014-10-18 09:16:33	ACFEE9487693C2BD573DFCA71D98E17C	914432	----a-w-	C:\WINDOWS\Sysnative\iphlpsvc.dll
2014-10-18 09:16:33	ABB028BAB78E7B4AFE374F8246F6CCB6	359424	----a-w-	C:\WINDOWS\Sysnative\Wldap32.dll
2014-10-18 09:16:33	5053FE9043FB84D71B04EFC7D5DA13CF	1710184	----a-w-	C:\WINDOWS\Sysnative\ntdll.dll
2014-10-18 09:16:33	37C1CBCB3F420C754E86E3EC313D436D	1112512	----a-w-	C:\WINDOWS\Sysnative\KernelBase.dll
2014-10-18 09:16:33	30293301B14D0D11D086B09831F5FE0D	920064	----a-w-	C:\WINDOWS\Sysnative\WSShared.dll
2014-10-18 09:16:33	2ECA23663D13100032E09062C743C70D	1507648	----a-w-	C:\WINDOWS\Sysnative\propsys.dll
2014-10-18 09:16:32	F58FBEA392B663B936E62939A877CA80	1120768	----a-w-	C:\WINDOWS\Sysnative\SkyDrive.exe
2014-10-18 09:16:32	E325BCD68EC0CF2E2EDD0AB7CC17C698	267776	----a-w-	C:\WINDOWS\Sysnative\bisrv.dll
2014-10-18 09:16:32	B6F423906D3E10BE38C16726C0905033	388729	----a-w-	C:\WINDOWS\Sysnative\ApnDatabase.xml
2014-10-18 09:16:32	73F269436228D5625E83A1EAF3549F58	118272	----a-w-	C:\WINDOWS\Sysnative\httpprxm.dll
2014-10-18 09:16:32	66CBCDDEF429E5BA83C3288EEB0771A6	717824	----a-w-	C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll
2014-10-18 09:16:32	5D4A403DAE434FBA11779496EAFBDDE8	75776	----a-w-	C:\WINDOWS\Sysnative\adhsvc.dll
2014-10-18 09:16:32	36F977EDAE6CEE96CE6409B2B16765B4	290816	----a-w-	C:\WINDOWS\Sysnative\ProximityService.dll
2014-10-18 09:16:32	3014CE5846A486C624E3E2CEB8C3290C	286208	----a-w-	C:\WINDOWS\Sysnative\SkyDriveShell.dll
2014-10-18 09:16:32	0DD29E5328436D51517316CD6D3BACCA	286208	----a-w-	C:\WINDOWS\Sysnative\pcsvDevice.dll
2014-10-18 09:16:26	D46FD43F65070EAA744F2AEC0B7F2405	527360	----a-w-	C:\WINDOWS\Sysnative\aeinv.dll
2014-10-18 09:16:26	A00B916CD6A67984257DC53052350219	2646016	----a-w-	C:\WINDOWS\Sysnative\authui.dll
2014-10-18 09:16:26	7667B9D81EA8FD6540E6CF72F92161A6	109568	----a-w-	C:\WINDOWS\Sysnative\appinfo.dll
2014-10-18 09:16:26	6F338144D6C1115C9901024F5CFFDC87	275968	----a-w-	C:\WINDOWS\Sysnative\generaltel.dll
2014-10-18 09:16:26	668D58194CF9C9550C5433B5C210E996	678400	----a-w-	C:\WINDOWS\Sysnative\aepdu.dll
2014-10-18 09:16:26	4C3A631A721A49324715717535633002	2779648	----a-w-	C:\WINDOWS\Sysnative\msi.dll
====== C:\WINDOWS\Sysnative\drivers =====
2014-10-18 09:16:34	87F3713E620F62D243A82B3CB66CBDDE	2498880	----a-w-	C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-10-18 09:16:32	329FEB41BBE82FBBD9BD69547BA1CB82	428864	----a-w-	C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-10-23 17:12:01	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Robin\AppData\Roaming ======
2014-09-28 11:59:54	--------	d-----r-	C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-09-28 11:59:54	--------	d-----r-	C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
====== C:\Users\Robin ======
2014-10-23 17:11:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Robin\Desktop\RSITx64.exe

====== C: exe-files ==
2014-10-23 17:12:02	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Robin.exe
2014-10-23 17:11:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Robin\Desktop\RSITx64.exe
2014-10-23 15:55:32	FD5E45969B82B83E33CB05B5C9B0E3F2	114288	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2014-10-23 15:55:22	28026DB53EEF61CCF0101672C77CE134	277616	----a-w-	C:\Users\Xander\AppData\Local\Temp\MozUpdater\bgupdate-1\updater.exe
2014-10-23 15:55:07	28026DB53EEF61CCF0101672C77CE134	277616	----a-w-	C:\Users\Xander\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
2014-10-23 10:35:02	28026DB53EEF61CCF0101672C77CE134	277616	----a-w-	C:\Users\Xander\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\updater.exe
2014-10-20 17:31:28	4B90A440C945F78BDDC23495BEA8AD87	706016	----a-w-	C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 09:19:47	743DE31CDA4A16551F4F5F8A006E7295	1408472	----a-w-	C:\Windows\Camera\Camera.exe
2014-10-18 09:17:56	0B219DF6F397F076BC4DF0249156D010	812688	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-18 09:17:55	C876F8303AA30481A36FE2AACDE77671	483840	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-18 09:17:55	8A120D686685E02B5D8760C723E890B4	810640	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-10-18 09:17:55	53E24F2DB97EFAF85FE093AA254790EC	470528	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-18 09:17:55	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-10-18 09:16:51	5E89EC6165E545B77122227E1DFFA23A	54752	----a-w-	C:\Windows\System32\wuauclt.exe
2014-10-18 09:16:50	FBC21212942F17DBA0A66C93ADC23F59	31232	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2014-10-18 09:16:50	35D45C2646794C66EAAD8FE11944A714	35328	----a-w-	C:\Windows\System32\wuapp.exe
2014-10-18 09:16:32	F58FBEA392B663B936E62939A877CA80	1120768	----a-w-	C:\Windows\System32\SkyDrive.exe
2014-10-18 09:16:26	D43F34B4901C499FE13798149879DCD8	161960	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
=== C: other files ==
2014-10-23 16:56:02	8062BE44FC17753C1C51D70C638824A6	66908	----a-w-	C:\Users\Robin\AppData\Local\Temp\tmp-jrn.xpi
2014-10-18 09:20:04	C2BBFC3872442092AD2260F564AB9AD9	4183040	----a-w-	C:\Windows\System32\win32k.sys
2014-10-18 09:16:34	87F3713E620F62D243A82B3CB66CBDDE	2498880	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2014-10-18 09:16:32	329FEB41BBE82FBBD9BD69547BA1CB82	428864	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4066667900-716801694-3576342501-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"MediaFire Tray"="C:\Users\Robin\AppData\Local\MediaFire Desktop\mf_watch.exe"

[HKEY_USERS\S-1-5-21-4066667900-716801694-3576342501-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MediaFire Tray"="C:\Users\Robin\AppData\Local\MediaFire Desktop\mf_watch.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="  "

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\ASP" ["C:\Program Files (x86)\RegClean Pro\SystweakASP.exe"]
"C:\WINDOWS\SysNative\tasks\fsupdate" [C:\PROGRA~2\Flowsurf\fsupd.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GPUP" [C:\Program Files (x86)\GetPrivate\gpup.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\UNELEVATE_102" [C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.202\jsdrv.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{53611E5F-C377-49FF-AF0A-22CF403CB607}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{EE7CA3EB-C5E2-4D3B-8D89-E604B3E52928}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [20-10-2014 19:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default
- Senses - %ProfilePath%\extensions\warnerroberts@hotmail.com

ProfilePath: C:\Users\Xander\AppData\Roaming\Mozilla\Firefox\Profiles\qgrt4xwe.default
- ssaveitokeep. - %ProfilePath%\extensions\dbij6@eo-.co.uk

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\iydc5gxb.default
DFC9460CC37E5C414DC4680B10C19E7A	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -	Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132	- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -	Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013
66640A55AEFF3819C94E0A8D40D7E0AD	- C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll -	Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20-09-2014 10:52]

cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Gast\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Robin\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Robin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
YouTube - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
cosstminn - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
ShortenMe googl URL shortener QR codes - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn
Google Wallet - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
FlowSurf - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn
Gmail - Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
cosstminn - Robin\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Robin\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Xander\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Xander\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
Docs - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
cosstminn - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
ShortenMe googl URL shortener QR codes - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn
Google Wallet - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Xander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
cosstminn - Xander\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij
cosstminn - Xander\AppData\Local\Torch\User Data\Default\Extensions\ejkhpdgmkjjplbciiobonomgfjjllhij

==== Chromium Startpages ======================

C:\Users\Xander\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hozzvrn_pVD2Ocg9CFrqtmffJGFCvQb2upGN-XN47qxvNprYVS-YpCz_vFpQrrtrI77DXNacndAevCjpmsVCo4xxNFbVlw8t5C6fj2ox4rb0XqP8CQYnlV1yIooOR38_3XLAeKNX-i4H2GdaerGZHQrdF2cSScqkixsg,,",


==== C:\zoek_backup content ======================

C:\zoek_backup (files=184 folders=42 4526537 bytes)

==== EOF on do 23-10-2014 at 21:26:16,70 ======================