
Zoek.exe v5.0.0.0 Updated 17-December-2014
Tool run by Joachim on 18-12-2014 at 15:45:01,95.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Joachim\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

18-12-2014 15:46:26 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~2\XCloudSystems deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\PROGRA~3\DriverSleuth deleted successfully
C:\PROGRA~3\Philips Intelligent Agent deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\Joachim\AppData\Roaming\IrfanView deleted successfully
C:\Users\Joachim\AppData\Roaming\Panda Security deleted successfully
C:\Users\Joachim\AppData\Roaming\QuickScan deleted successfully
C:\Users\Joachim\AppData\Roaming\TeamViewer deleted successfully
C:\Users\Joachim\AppData\Local\AntiLogger Free deleted successfully
C:\Users\Joachim\AppData\Local\CrashDumps deleted successfully
C:\Users\Joachim\AppData\Local\eSupport.com deleted successfully
C:\Users\Joachim\AppData\Local\jZip deleted successfully
C:\Users\Joachim\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\Joachim\AppData\Local\WarThunder deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B463A113-EBDE-4A51-B16D-8C97E9EF966E} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53e3c0c3-4ff4-45d9-b911-36f822f6d7e3} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5715A73-2981-4CAD-9D96-429C2813BF9} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DE410CC-6520-4AE1-82B9-69351056A754} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68f851a6-54fa-4d4a-80d1-7f7bf9a0d440} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020400} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D020400} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ab43f69-5e2c-4533-a0c8-11dadc446a5e} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936c0472-ce9b-43e3-bb3a-f385b881fd1e} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8BA686-64F3-437B-B357-4A50CBF2459} deleted successfully
HKEY_USERS\S-1-5-21-3696008347-4040949166-3650668482-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A33689A4-3918-4326-B6B0-F41DD5BE9A91} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{20C75730-7C25-476B-95DC-C65810F9E489} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53e3c0c3-4ff4-45d9-b911-36f822f6d7e3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68f851a6-54fa-4d4a-80d1-7f7bf9a0d440} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AEFE841-DCA1-4A95-80CB-BE935D020400} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ab43f69-5e2c-4533-a0c8-11dadc446a5e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936c0472-ce9b-43e3-bb3a-f385b881fd1e} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5350-00A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5350-00A7-7A786E7484D7}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5350-00A7-7A786E7484D7}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"ApnTBMon"=- 

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\fmi48j0z.default\extensions\info@djzig.com deleted
C:\Program Files\AdTrustMedia deleted
C:\ProgramData\AskPartnerNetwork deleted
C:\Users\Joachim\AppData\Roaming\DriverFinder deleted
C:\Program Files (x86)\Enigma Software Group deleted
C:\ProgramData\APN deleted
C:\ProgramData\InstallMate deleted
C:\Program Files (x86)\globalUpdate deleted
C:\ProgramData\YTD Video Downloader deleted
C:\Users\Joachim\.android deleted
C:\Users\Joachim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted
C:\Users\Joachim\AppData\Roaming\Fighters\DRIVERfighter deleted
C:\Users\Joachim\AppData\Roaming\RBRegEx550.dll deleted
C:\Users\Joachim\AppData\Roaming\RBShell555.dll deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\Fighters\DRIVERfighter deleted
C:\PROGRA~3\Kromtech deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Joachim\AppData\Local\Kromtech deleted
C:\Users\Joachim\AppData\Local\globalUpdate deleted
C:\Users\Joachim\AppData\Local\iMesh deleted
C:\Users\Joachim\AppData\Local\AskPartnerNetwork deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Joachim\AppData\LocalLow\ADSRemoval deleted
C:\Users\Joachim\AppData\LocalLow\boost_interprocess deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\fmi48j0z.default\searchplugins\askcom.xml deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
"C:\Windows\Installer\b57b7c.msi" deleted
"C:\Users\Joachim\AppData\Local\LumaEmu" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCall.dll" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla.exe" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.dll" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.exe" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla2.dll" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla3.dll" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla4.dll" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseData.ini" deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP" deleted
"C:\Program Files (x86)\AskPartnerNetwork" deleted
"C:\PROGRA~2\AskPartnerNetwork" deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar" deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Joachim\AppData\Local\Temp ====
2014-12-17 15:26:13	7B3BE448BCACBF31FA486FAA67BF28C4	10820032	----a-w-	C:\Users\Joachim\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (64bit)\HitmanPro_x64.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-12-16 16:45:07	498BD12B38B549887D9E856EB734354E	106928	----a-w-	C:\Windows\SysWOW64\GEARAspi.dll
2014-12-14 13:05:32	F2E5D70915BF6EB843A675B0D4195EA9	1016704	----a-w-	C:\Windows\SysWOW64\ExecutionGuard.dll
2014-12-12 23:18:19	E1456E7396022EBE4E5434188D1AC8B0	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-12 23:18:18	F25284C763E728E4DAC248C211D1FC5B	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-12-12 23:18:18	BB25F69463AD8E7E51B5D9D158B5F8DF	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-12-12 23:18:18	2EADED07BDA52C1FC5A6D4E1CC5858F0	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-12 23:18:17	F98B3860BB47089EA8C1504F043E90E9	342200	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-12-12 23:18:17	F34F6DC38A21FCDBB50CDD1EE97B1EA3	1307136	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-12-12 23:18:17	D7A98A4CEA2E89F544065A00BF37FC10	688640	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-12-12 23:18:17	69AC6FD5B0B4DC963723E1EBDEE10A2C	285696	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-12-12 23:18:17	2ABC5587D582ACCEA30B4CF968C2A4A5	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-12 23:18:17	220505B0B3E96C857DD01729AF0CD369	19749376	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-12-12 23:18:16	F0BCBD8FCDA145EED53ED66C45CC378B	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-12-12 23:18:16	DEB9476A3CD1A5819DD4504BB7C6BA66	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-12-12 23:18:16	543ADCEA31CF9C2B4EEB900D4AAFD0F9	2052096	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-12-12 23:18:16	41AFA61E061E98E97272AC02184C8C2C	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-12-12 23:18:16	01777AB557997E98691E322225314E57	2277888	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-12-12 23:18:15	EC5A3E4E21079B9D423AA0760828D678	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-12-12 23:18:15	D90585C3BE942DAAFBDC868FDC061844	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 23:18:15	CF9D05678B02B44FBC8D8AD8C9F30D58	478208	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-12-12 23:18:15	B59E370277EDB6643083B62297175628	12836864	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-12-12 23:18:15	759E2FAD5371512C6679FA346719493E	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-12-12 23:18:15	35BD045804B67E78F4CAB72CB820AF7F	418304	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-12-12 23:18:13	F728E7E9937117E0F32F39840EB6D737	4299264	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-12-12 23:18:13	930F63D6BC43D4BCD937DFCECDA95F82	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-12-12 23:18:13	5E4E0E43E0A5BF9F089696DFA7A3D677	1888256	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-12-12 23:18:13	37F078B5B435AFC6BF316F2AD14B469A	501248	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-12-12 23:18:13	2E9E105037AC1274656C3D1125323352	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-12 23:18:13	29CED1A4777A43526A4ED8A7B6936883	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-12-16 16:45:07	5C7B8533FEC9E65368D14965EC4C9D8A	125872	----a-w-	C:\Windows\Sysnative\GEARAspi64.dll
2014-12-12 23:18:20	A9A0BFD706B3A24C403EEFEB0790D011	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2014-12-12 23:18:18	D471F7A428C21DB04D810445D12D68E0	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-12-12 23:18:18	0FABE2AB8CA2D5CC7C95798533B4D057	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-12-12 23:18:17	F987718A5CA053DC23E94A531F1754A4	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-12-12 23:18:17	9F07E8FC75C5F98A783ABFD3005EFC22	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-12 23:18:17	39B512C643812FC2D4843C0D4206C759	718848	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-12-12 23:18:17	077AEB068A51B396F25BBCAB0944FC3A	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-12-12 23:18:16	E7A2061ADF0F4D430FECDA1E8D6B7BA6	1548288	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-12-12 23:18:16	5BF0BAA1E5EF724287565E97C9219254	389296	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-12-12 23:18:15	EBC8C9F61F4C148B8C6A28EDE80C51E4	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-12-12 23:18:15	B4E481E9498CE22113628C4E9EA24427	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-12-12 23:18:15	14BA910E7731FC84EB85328BD0F1EE81	800768	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-12-12 23:18:15	0AF0AEF0BA9EF6169E61C78504DCAE55	316928	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-12-12 23:18:14	EFBA893429814EA3244C87C2D1256618	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-12-12 23:18:14	3FE71E2A5BD3EC652E64FC8BCEFEDD2C	2125312	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-12-12 23:18:14	23AE7A3B44D5C550B81347288CE3230E	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-12-12 23:18:13	DFECAE6D925FBC9078870E16F98C471F	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-12-12 23:18:13	982B871A25B5078093FAD82D0AB0E3FC	2885120	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-12-12 23:18:13	5F24313333AB409251152CAFADA40015	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-12-12 23:18:12	F7CCA58B973FB5EAED8D1F12DD3E51F6	490496	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-12-12 23:18:12	8EF01E2EF21D41A23FF70B28179F9ABE	633856	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-12-12 23:18:12	556D271F4243B273EDA353512BF3608A	14412800	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-12-12 23:18:11	DB10D681314714E0D4623E4C0CF6654A	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-12-12 23:18:11	8D64466AD12CA5677CD0099C43C58569	6039552	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-12-12 23:18:11	7AC115968B8856004920057B2271224C	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-12-12 23:18:11	4AF089160FE082E5EA5C4AA72782DCA2	2358272	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-12-12 23:18:11	1D294810D3A8A8F722E86AA001F54DCC	580096	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-12-12 23:18:11	021DFF3CB0ADCD19B3AAA00A650FDEE2	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-12-12 23:18:10	D478A4CF07FB8ADF72FB16B88E8030B8	25059840	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-12-12 23:18:10	89296EF4A3729A049DA25B7D67A04078	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-12-12 23:18:10	17A157A4225CF562202AC71DB8103177	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
====== C:\Windows\Sysnative\drivers =====
2014-12-17 14:35:12	37DA6EC1E8C88C7D859989E668863712	102616	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS
2014-12-17 14:35:12	2957AD97E3AF5319B0E1D7EEF77DC60E	8214	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT
2014-12-17 14:35:12	1D7D3370FFEDFE42BA2FB02FD81628FD	855	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF
2014-12-17 14:13:22	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-12-17 14:11:52	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-12-17 14:11:52	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-12-17 14:11:52	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-12-16 16:45:09	8E98D21EE06192492A5671A6144D092F	33240	----a-w-	C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
2014-12-15 17:37:46	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\2D125B43.sys
2014-12-12 18:46:09	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\50022533.sys
2014-12-12 18:45:43	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\0C5F24DF.sys
2014-12-05 17:46:20	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\5A4C547D.sys
2014-11-21 02:41:36	A2737AA6B6EC398987CFBE7D79BE36A3	294600	----a-w-	C:\Windows\Sysnative\drivers\amdacpksd.sys
2014-11-21 02:40:00	A87FC6E3670DB55788184FE3A3808712	18959360	----a-w-	C:\Windows\Sysnative\drivers\atikmdag.sys
2014-11-21 02:08:54	971F3B12C24BB83B48F8CCA2ED019906	589312	----a-w-	C:\Windows\Sysnative\drivers\atikmpag.sys
2014-11-21 02:08:54	8F626F7DEECBC545ED3C2DB95DFD693C	43520	----a-w-	C:\Windows\Sysnative\drivers\ati2erec.dll
====== C:\Windows\Tasks ======
2014-11-21 14:40:27	5D7CDD0809763E981257AEA096D49CFB	3380	----a-w-	C:\Windows\Sysnative\Tasks\{C5476C60-5011-4735-A2B2-5227760CDCCF}
2014-11-21 14:27:56	--------	d-----w-	C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-17 15:26:47	--------	d-----w-	C:\Program Files\HitmanPro
2014-12-17 13:55:17	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-12-16 19:53:04	--------	d-----w-	C:\PROGRA~2\Avira
2014-12-12 19:46:00	--------	d-----w-	C:\PROGRA~2\AMD AVT
2014-12-12 19:43:37	--------	d-----w-	C:\PROGRA~2\AMD
2014-11-30 19:18:00	--------	d-----w-	C:\PROGRA~2\Bridge Constructor
2014-11-30 13:15:17	--------	d-----w-	C:\PROGRA~2\COMMON~1\Borland Shared
2014-11-22 20:03:38	--------	d-----w-	C:\PROGRA~2\COMMON~1\Steam
2014-11-21 14:27:38	--------	d-----w-	C:\PROGRA~2\Microsoft Office
======= C: =====
2014-11-23 13:44:43	354F5FEEB67D2955565B84536B49B37F	1024	----a-w-	C:\.rnd
====== C:\Users\Joachim\AppData\Roaming ======
2014-12-17 15:05:01	--------	d-----w-	C:\Users\Joachim\AppData\Local\NPE
2014-12-14 13:50:47	--------	d-----w-	C:\Users\Joachim\AppData\Local\Zeoinsight
2014-12-14 13:50:46	--------	d-----w-	C:\Users\Joachim\AppData\Local\ZBAnalyticsCore
2014-12-13 16:38:19	--------	d-sh--w-	C:\Users\Joachim\AppData\Local\EmieBrowserModeList
2014-12-13 16:38:17	--------	d-sh--w-	C:\Users\Joachim\AppData\Locallow\EmieBrowserModeList
2014-12-13 16:37:02	--------	d-----w-	C:\Users\Joachim\AppData\Local\Comodo
2014-12-13 16:35:43	--------	d-----w-	C:\Users\Joachim\AppData\Local\Ares
2014-12-12 23:12:15	--------	d-----w-	C:\Users\Joachim\AppData\Local\FLT
2014-12-12 23:11:51	--------	d-----w-	C:\Users\Joachim\AppData\Local\PAYDAY 2
2014-12-12 19:53:11	--------	d-----w-	C:\Users\Joachim\AppData\Roaming\AMD
2014-11-30 19:18:52	--------	d-----w-	C:\Users\Joachim\AppData\Locallow\ClockStone Software GmbH
2014-11-30 13:15:36	--------	d-----w-	C:\Users\Joachim\AppData\Roaming\Thomas Monitor Systems
2014-11-23 13:45:08	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\VMware
2014-11-22 21:26:38	--------	d-----w-	C:\Users\Joachim\AppData\Roaming\BitTorrent
2014-11-21 14:28:17	--------	d-----w-	C:\Users\Joachim\AppData\Local\Microsoft Help
====== C:\Users\Joachim ======
2014-12-17 17:39:11	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Joachim\Downloads\RSITx64.exe
2014-12-17 15:26:47	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-12-17 15:26:28	--------	d-----w-	C:\ProgramData\HitmanPro
2014-12-16 19:53:04	--------	d-----w-	C:\ProgramData\Avira
2014-12-14 11:09:08	--------	d-----w-	C:\ProgramData\Synetic
2014-12-12 19:48:43	--------	d-----w-	C:\ProgramData\ATI
2014-12-12 19:48:42	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-12 19:45:41	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-30 13:15:31	--------	d-----w-	C:\ProgramData\Thomas Monitor Systems
2014-11-28 20:21:37	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2014-11-28 20:16:28	CF6BE0168B1381C97E3F820A0C03FF41	254969	----a-w-	C:\ProgramData\1417205593.bdinstall.bin
2014-11-21 20:00:35	--------	d-----w-	C:\ProgramData\Licenses
2014-11-21 14:28:16	--------	d-----w-	C:\ProgramData\Microsoft Help
2014-11-21 14:27:45	--------	d-----w-	C:\ProgramData\Microsoft Toolkit

====== C: exe-files ==
2014-12-17 17:39:43	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Joachim.exe
2014-12-17 17:39:11	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Joachim\Downloads\RSITx64.exe
2014-12-17 17:08:44	2C056BEBD5B5F897EA9A1F0CA0C047C0	4750144	----a-r-	C:\$Recycle.Bin\S-1-5-21-3696008347-4040949166-3650668482-1001\$R95XY43\ccsetup414.exe
2014-12-17 15:26:47	7B3BE448BCACBF31FA486FAA67BF28C4	10820032	----a-w-	C:\Program Files\HitmanPro\HitmanPro.exe
2014-12-17 15:26:47	760B03AE5E3244E22FFC3C1AE1F5264A	127752	----a-w-	C:\Program Files\HitmanPro\hmpsched.exe
2014-12-17 15:26:13	7B3BE448BCACBF31FA486FAA67BF28C4	10820032	----a-w-	C:\Users\Joachim\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (64bit)\HitmanPro_x64.exe
2014-12-17 15:24:53	7FC1D6BEDC027F24E5EE9F6854DB38C5	15597714	----a-r-	C:\$Recycle.Bin\S-1-5-21-3696008347-4040949166-3650668482-1001\$RRYLECA\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk].exe
2014-12-17 14:09:40	BB1CC6ADF755EA11C7B9A4373601129B	5546547	----a-r-	C:\$Recycle.Bin\S-1-5-21-3696008347-4040949166-3650668482-1001\$RQI4MEU\Medicine\Keygen\MBAM.v2.Keymaker.AiO.Edition.exe
2014-12-17 14:09:38	302103AF95A8F43AD85F80DAE14BDB9C	17305616	----a-r-	C:\$Recycle.Bin\S-1-5-21-3696008347-4040949166-3650668482-1001\$RQI4MEU\Installer\mbam-setup-2.0.1.1004.exe
2014-12-13 16:26:18	AA3520FB0133A56BEE1DB34D74DBEF64	0	----a-we	C:\ProgramData\Oracle\Java\javapath\java.exe
2014-12-13 16:26:18	75D477E868CA51EC1B09D730570F322B	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-12-13 16:26:18	691D49FB44EDE9788288CABE4F7E0DAF	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-12-13 16:26:10	E3E6B18458FFB07CB24D7A0BA77C9FDF	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-12-13 16:26:10	DC197DCE6325CBAC905DE0D0E3BA3E8E	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-12-13 16:26:10	BB8C890E3E6372F2720709262BD42BF4	30632	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-12-13 16:26:10	B719E0F43166037DF46B5CFBE60A5118	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-12-13 16:26:10	AA3520FB0133A56BEE1DB34D74DBEF64	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-12-13 16:26:10	A458E2535E46151690E53E2A03FAA711	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-12-13 16:26:10	9BFAEF308D50779F6B255CB7BA7DCA5A	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-12-13 16:26:10	7AB1F1B3FB6C3DACA34EA2F988CDF5AC	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-12-13 16:26:10	75EE99C7F0038C746D82C76221ECA4EF	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-12-13 16:26:10	75D477E868CA51EC1B09D730570F322B	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-12-13 16:26:10	74713E9C1B01B152DDD3A1A3519A3647	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-12-13 16:26:10	70E67429D2C011FD0419AF899A8D0D70	68520	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-12-13 16:26:10	691D49FB44EDE9788288CABE4F7E0DAF	272296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-12-13 16:26:10	67F763B09F4BC8689E6FA9761E068D74	159656	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-12-13 16:26:10	57E1F756FAA787623DFCD2C1B2AACC68	51112	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-12-13 16:26:10	4367C05B0CF5553E71B34F51003D0615	76200	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-12-13 16:26:10	4109C4DB4BD48F5BF8115C7523A6B6F8	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-12-13 16:26:10	33D2AF53E209DA3E2BA939EB89801DC0	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-12-13 16:26:10	29E65AC6AFD8A0A9CAA361FF6F7B4886	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-12-13 16:26:10	28FC00F89631B0F6E1E9CA386FADD566	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-12-13 16:26:10	26C7F32186B1F0364CD06EA69227A79D	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-12-12 23:18:18	0FABE2AB8CA2D5CC7C95798533B4D057	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-12-12 23:18:17	A8A8FD02E3A9264A603892DE1F522166	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-12-12 23:18:17	39B512C643812FC2D4843C0D4206C759	718848	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-12-12 23:18:16	B7BCC767AC0E76384BCDC292184DD8C8	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-12 23:18:16	43CE0C99DBC0F96DB2B7259B0BE0930E	468992	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-12-12 23:18:15	EBC8C9F61F4C148B8C6A28EDE80C51E4	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-12 23:18:15	D90585C3BE942DAAFBDC868FDC061844	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-12-12 23:18:15	A24BFBAE8B50A6780B68FF3673FAB52F	815280	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-12-12 23:18:14	C3D17F3199D39A2AB85956A63731F188	484352	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-12 23:18:13	5F24313333AB409251152CAFADA40015	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-12-12 23:18:13	2A9DA9E7462EBA3F6D2036E8D18FF773	813744	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-12-12 23:04:33	BE9E491E452C07525B7CC921D116EC60	7017472	----a-w-	C:\Games\PAYDAY 2 Beta\payday2_win32_release.exe
=== C: other files ==
2014-12-18 14:34:56	896088EAE00305E6BA9B081114B23DAE	42200	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\srtspx64.sys
2014-12-18 14:34:56	7F242B9CA9297A427E73C7D819DA2F73	914648	----a-w-	C:\Windows\System32\drivers\NSx64\1601000.009\srtsp64.sys
2014-12-18 14:34:56	7828EABA7736518FAC675F36134B2EDB	271576	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\ironx64.sys
2014-12-18 14:34:56	642A53193D4767B3B6356E809A20EC7C	1151704	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\symefa64.sys
2014-12-18 14:34:56	52C0A3DDFE46CB238C74B136D522DEA3	565464	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\symnets.sys
2014-12-18 14:34:56	3E10ECB0188163B935273D5F8370FD04	490712	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\symds64.sys
2014-12-18 14:34:56	20F758E6339A16F97DD83389D582E09A	23568	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\symelam.sys
2014-12-18 14:34:56	09A841B941CB375793AA174A60BEAAD5	165080	----a-r-	C:\Windows\System32\drivers\NSx64\1601000.009\ccsetx64.sys
2014-12-18 14:24:29	B5BBC86645A135B13E6B41C5B0E7DE2D	1217	----a-w-	C:\Users\Joachim\AppData\Roaming\Raptr\data\raptrguesttsuuhv23\config\certificates\x509\tls_peers\xmpp-server6.raptr.com
2014-12-17 14:35:12	37DA6EC1E8C88C7D859989E668863712	102616	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-12-17 14:35:00	896088EAE00305E6BA9B081114B23DAE	42200	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\srtspx64.sys
2014-12-17 14:35:00	7828EABA7736518FAC675F36134B2EDB	271576	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\Ironx64.sys
2014-12-17 14:35:00	642A53193D4767B3B6356E809A20EC7C	1151704	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\SymEFA64.sys
2014-12-17 14:35:00	52C0A3DDFE46CB238C74B136D522DEA3	565464	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\symnets.sys
2014-12-17 14:35:00	3E10ECB0188163B935273D5F8370FD04	490712	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\SymDS64.sys
2014-12-17 14:35:00	218E403DC191FC2E6E323F54DAF54830	1016024	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\srtsp64.sys
2014-12-17 14:35:00	20F758E6339A16F97DD83389D582E09A	23568	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\SymELAM.sys
2014-12-17 14:35:00	09A841B941CB375793AA174A60BEAAD5	165080	----a-r-	C:\Windows\System32\drivers\NSx64\1600000.06E\ccSetx64.sys
2014-12-17 14:13:22	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-17 14:11:52	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-12-17 14:11:52	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-12-17 14:11:52	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-16 20:01:52	B5BBC86645A135B13E6B41C5B0E7DE2D	1217	----a-w-	C:\Users\Joachim\AppData\Roaming\Raptr\data\raptrguesttsuuhv23\config\certificates\x509\tls_peers\xmpp-server8.raptr.com
2014-12-16 16:45:09	8E98D21EE06192492A5671A6144D092F	33240	----a-w-	C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-12-16 16:45:09	8E98D21EE06192492A5671A6144D092F	33240	----a-r-	C:\Windows\System32\DRVSTORE\GEARAspiWD_53DFBC3344EBC2614851E0BF38F60B616DF86778\x64\GEARAspiWDM.sys
2014-12-15 17:37:46	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\2D125B43.sys
2014-12-13 16:26:10	CE44A9D4918DCDC7CCCF5503BF4D7A3D	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-12-12 23:04:36	54E61450EBBE63B30C1C1DB3A8DB41A0	88	----a-w-	C:\Games\update-PayDay2.bat
2014-12-12 23:04:35	54E61450EBBE63B30C1C1DB3A8DB41A0	88	----a-w-	C:\Games\PAYDAY 2 Beta\update-PayDay2.bat
2014-12-12 19:49:09	B5BBC86645A135B13E6B41C5B0E7DE2D	1217	----a-w-	C:\Users\Joachim\AppData\Roaming\Raptr\data\raptrguesttsuuhv23\config\certificates\x509\tls_peers\xmpp-server5.raptr.com
2014-12-12 18:46:09	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\50022533.sys
2014-12-12 18:45:43	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\0C5F24DF.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link D-Link DWA-125"="C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe"
"StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 7]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Advanced SystemCare 7"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare 7\\ASCTray.exe\" /Auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CommonToolkitTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CommonToolkitTray"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe\" -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Philips Intelligent Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Philips Intelligent Agent"
"hkey"="HKCU"
"command"="NOT_IN_USE_DUMMY_PATH"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Raptr"
"hkey"="HKCU"
"command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tvncontrol"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Joachim\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmware-tray.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vmware-tray.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vProt"
"hkey"="HKLM"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GIGABYTE OC_GURU.lnk"
"backup"="C:\\Windows\\pss\\GIGABYTE OC_GURU.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\GIGABYTE\\GIGABY~1\\OC_GURU.exe "
"item"="GIGABYTE OC_GURU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Start GeekBuddy.lnk"
"backup"="C:\\Windows\\pss\\Start GeekBuddy.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\COMODO\\GEEKBU~1\\launcher.exe \"unit_manager.exe\""
"item"="Start GeekBuddy"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\APNMCP]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-12-2014 20:57]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Joachim)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\WSCStub.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9A753E0F-83A3-47CC-9360-D0EB6F7E0E07}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{18E12682-0447-47FD-9F61-A43C06061C58}" [C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe]
"C:\Windows\SysNative\tasks\{37D0D8E0-3A09-4B94-8F24-FE44BAC36117}" [C:\Games\Ryse Son of Rome\Bin64\Launcher.exe]
"C:\Windows\SysNative\tasks\Norton Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Security\Norton Error Processor" [C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn" [18-12-2014 15:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\fmi48j0z.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Undetermined - {F003DA68-8256-4b37-A6C4-350FA04494DF}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Joachim\AppData\Roaming\Mozilla\Firefox\Profiles\fmi48j0z.default
9860727E477F17B88E39AF8B69B0407A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll -	Shockwave Flash
C195AC4544729A69CFF30BB62F473054	- C:\Windows\SysWoW64\Adobe\Director\np32dsw_1212152.dll -	Shockwave for Director / Shockwave for Director


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Joachim\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security\Engine\22.0.0.110\Exts\Chrome.crx[13-09-2014 07:21]
cmaiofennmphjldldcpphcechfnnohja - C:\Program Files (x86)\AdTrustMedia\PrivDog\PrivDog_chrome.crx[23-05-2014 19:24]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Comodo Drag&Drop Service - Joachim\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Joachim\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.be/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{36FCF248-0D5C-4485-AE93-49BD1AA57C7F} Google  Url="https://www.google.com/search?q={searchTerms}"
{FFEBBF0A-C22C-4172-89FF-45215A135AC7} ?????@Mail.Ru  Url="http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25946514D2140535007A7A857BC05100 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D623BBA0-AD59-47AD-9547-6F8174413CF7} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5350-00A7-A758B70C1500} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25946514D2140535007A7A857BC05100 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Joachim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Joachim\AppData\Local\Mozilla\Firefox\Profiles\fmi48j0z.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Joachim\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=396 folders=176 213865011 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Joachim\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Joachim\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Joachim\AppData\Roaming\Malwarebytes" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 18-12-2014 at 16:29:56,87 ======================