
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by Bernard on di 04/02/2014 at 21:44:52,00.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bernard\Desktop\zoek.exe [Scan all users]   [Quick Scan] [Auto Clean]

==== System Restore Info ======================

4/02/2014 21:46:12 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Advanced Micro Devices, Inc deleted successfully
C:\PROGRA~2\RightSurf deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\ProgramData\install_clap deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\ProgramData\Spybot - Search & Destroy deleted successfully
C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully
C:\Users\Bernard\AppData\Roaming\0F1F1C2Y1H1P1C0I0T deleted successfully
C:\Users\Bernard\AppData\Roaming\DriverFinder deleted successfully
C:\Users\Bernard\AppData\Roaming\hpqlog deleted successfully
C:\Users\Bernard\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Bernard\AppData\Local\HP Quick Start deleted successfully
C:\Users\Bernard\AppData\Local\MyImageConverter_8j deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411591118} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591118} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{261c67f2-64cd-4696-9821-612409b649d5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-413552064-4231593532-560199935-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{261c67f2-64cd-4696-9821-612409b649d5} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default

user.js not found
---- Lines ffxtbr modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- Lines ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918 removed from prefs.js ----
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.active", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.addressbar", "NA");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.addressbarenhanced", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncdb.was_copied", "true");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncdb_dbWasSet", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncinternaldb.was_copied", "true");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncinternaldb_dbWasSet", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.backgroundver", 2);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.certdomaininstaller", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.changeprevious", false);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie._GPL_aoi.value", "%221391504442%22");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie._GPL_parent_zoneid.expiration", "Fri Feb 
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie._GPL_parent_zoneid.value", "%22509551%22"
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.iframe-exists.expiration", "Fri Feb 01 20
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.iframe-exists.value", "true");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.InstallationTime.value", "%221390213553%2
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.InstallerParams.expiration", "Fri Feb 01 
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.jw_token.expiration", "Fri Feb 01 2030 00
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.cookie.jw_token.value", "%228fffea0a-77b8-2cd7-4
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.description", "Turn YouTube videos to High Defin
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.domain", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.enablesearch", false);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.homepage", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.iframe", false);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.InstallationThankYouPage", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.InstallationTime", 1390213553);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__defualt_browser__.value", "%22ie%22
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__first_daily_report_run__.expiration
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__first_daily_report_run__.value", "1
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__last_daily_report__.expiration", "F
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.__last_daily_report__.value", "139150
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb._country_code_.expiration", "Fri Feb 
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb._country_code_.value", "%22BE%22");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.monetization_plugin_last_executable_r
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_appVer.value", "87");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_meta.expiration", "Fri Feb 
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_nextCheck.expiration", "Wed
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_remote_resources.expiration
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.lastDailyReport", "1391526173473");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.lastUpdate", "1391546567644");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.manifesturl", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.name", "Plus-HD-4.9");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.newtab", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.opensearch", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.pluginsversion", 81);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.publisher", "Plus HD");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.searchstatus", 0);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.setnewtab", false);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.thankyou", "");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.updateinterval", 360);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.45918.ver", 87);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.apps", "45918");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.bic", "143af30b37204484ae7619ba5a7588e8");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.cid", 45918);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.FilesValidatorDueTime", "1391526232964");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.firstrun", false);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.hadappinstalled", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.installationdate", 1390213641);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.modetype", "production");
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.reportInstall", true);
user_pref("extensions.ad019febeeb2b4057a3f27def88f2c9cd1cced8ec0ffe43eab4b2fbce5de8e9a4com45918.statsDailyCounter", 35);
---- FireFox user.js and prefs.js backups ---- 

prefs_20140402_2154_.backup

==== Deleting Files \ Folders ======================

C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found
C:\Users\Bernard\daemonprocess.txt deleted
C:\Users\Bernard\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Bernard\AppData\Roaming\burnaware.ini deleted
C:\ProgramData\ProductData deleted
C:\ProgramData\Package Cache deleted
C:\Users\Bernard\AppData\Local\BearShare deleted
C:\Users\Bernard\AppData\Local\cache deleted
C:\Users\Bernard\Downloads\avg_free_stb_all_2014_4259_cnet.exe deleted
C:\Users\Bernard\AppData\LocalLow\Plus-HD-4.9 deleted
C:\WINDOWS\wininit.ini deleted
C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default\extensions\8jffxtbr@MyImageConverter_8j.com deleted
C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default\extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-01-14 16:56:50	F44F3D0FE661C293D1FA8020557039E2	181856	----a-w-	C:\WINDOWS\snui.exe
====== C:\Users\Bernard\AppData\Local\Temp ====
2014-02-04 16:15:59	8C7FB9078A63B7E5E899E7A2DBB0DB53	1114624	----a-w-	C:\Users\Bernard\AppData\Local\Temp\270187.Uninstall\uninstaller.exe
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-02-04 16:54:10	5614386D4CFDF9E56F355C45BEEBC976	12872	----a-w-	C:\WINDOWS\Sysnative\bootdelete.exe
====== C:\WINDOWS\Sysnative\drivers =====
====== C:\WINDOWS\Tasks ======
2014-02-04 15:47:03	--------	d-----w-	C:\WINDOWS\Sysnative\Tasks\Safer-Networking
2014-02-04 13:16:08	772096B1533565D97B73C65131B7AA23	3694	----a-w-	C:\WINDOWS\Sysnative\Tasks\Adobe-online actualiseringsprogramma
2014-02-04 13:16:07	6DDF065623D9EE2C73E9D35E84ACDEC0	3676	----a-w-	C:\WINDOWS\Sysnative\Tasks\HP-Online updateprogramma
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-02-04 16:50:20	--------	d-----w-	C:\Program Files\HitmanPro
2014-02-01 21:07:13	--------	d-----w-	C:\Program Files\Classic Shell
======= C:\PROGRA~2 =====
2014-02-04 19:20:03	--------	d-----w-	C:\PROGRA~2\AVG
2014-02-04 15:02:40	--------	d-----w-	C:\PROGRA~2\Mozilla Maintenance Service
2014-01-31 15:07:19	--------	d-----w-	C:\PROGRA~2\BurnAware Free
2014-01-28 18:40:29	--------	d-----w-	C:\PROGRA~2\Free Driver Backup
2014-01-20 10:25:47	--------	d-----w-	C:\PROGRA~2\Belarc
2014-01-14 17:08:29	--------	d-----w-	C:\PROGRA~2\GAS Softwares
======= C: =====
====== C:\Users\Bernard\AppData\Roaming ======
2014-02-04 19:25:22	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\AVG2014
2014-02-04 19:25:12	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-02-04 19:24:58	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-02-04 19:24:31	--------	d-----w-	C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-02-04 19:23:30	--------	d-----w-	C:\Users\Bernard\AppData\Local\Avg2014
2014-02-04 13:11:05	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\AVG
2014-02-04 13:00:14	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\TuneUp Software
2014-02-03 18:17:28	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\MPC-HC
2014-02-01 18:36:23	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\dvdcss
2014-01-15 10:09:18	--------	d-----w-	C:\Users\Bernard\AppData\Locallow\Evernote
2014-01-15 10:09:18	--------	d-----w-	C:\Users\Bernard\AppData\Local\Evernote
2014-01-14 17:12:12	--------	d-----w-	C:\Users\Bernard\AppData\Local\GAS_Softwares
2014-01-14 17:09:05	--------	d-----w-	C:\Users\Bernard\AppData\Local\GAS Softwares
2014-01-14 17:08:29	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\GAS Softwares
2014-01-11 10:54:32	--------	d-----w-	C:\Users\Bernard\AppData\Local\AMD
2014-01-11 10:50:40	--------	d-----w-	C:\Users\Default\AppData\Roaming\ATI
2014-01-11 10:50:40	--------	d-----w-	C:\Users\Default\AppData\Local\ATI
2014-01-11 10:50:40	--------	d-----w-	C:\Users\Default User\AppData\Roaming\ATI
2014-01-11 10:50:40	--------	d-----w-	C:\Users\Default User\AppData\Local\ATI
2014-01-11 10:50:22	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-01-10 20:35:40	--------	d-----w-	C:\Users\Bernard\AppData\Roaming\WebApp
2014-01-10 17:37:37	--------	d-----w-	C:\Users\Bernard\AppData\Local\Cyberlink
====== C:\Users\Bernard ======
2014-02-04 19:24:58	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-02-04 19:24:32	--------	d-----w-	C:\ProgramData\AVG2014
2014-02-04 16:50:20	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-02-04 14:52:45	FD3E66E1EAD5DA5EC23174D29B8376D6	283128	----a-w-	C:\Users\Bernard\Downloads\Firefox Setup Stub 26.0.exe
2014-02-04 13:09:18	--------	d-----w-	C:\ProgramData\AVG
2014-02-04 12:58:07	FDC1AD0D533E60E326E5CC90F864AD88	33223	----a-w-	C:\ProgramData\1391518662.bdinstall.bin
2014-02-04 12:56:16	--------	d--h--w-	C:\ProgramData\Common Files
2014-02-03 12:37:23	--------	d-----w-	C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-02-01 21:07:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-02-01 11:03:19	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-w-	C:\Users\Bernard\Desktop\adwcleaner.exe
2014-02-01 11:02:20	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-w-	C:\Users\Bernard\Documents\adwcleaner.exe
2014-01-31 15:07:25	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-01-28 18:40:30	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Driver Backup
2014-01-26 09:40:44	ACC03B625EE7FCB05E51788DA99CB66B	11556032	----a-w-	C:\Users\Bernard\Downloads\burnaware_free.exe
2014-01-24 17:36:28	C2B7AE856EABB9F27336B07169359D32	18229	----a-w-	C:\ProgramData\1390584977.bdinstall.bin
2014-01-24 17:36:00	1F5F78EA8D418B4E04C5711BB9477990	18230	----a-w-	C:\ProgramData\1390584940.bdinstall.bin
2014-01-24 08:46:44	--------	d-----w-	C:\ProgramData\2C2B7
2014-01-19 17:11:07	--------	d-----w-	C:\ProgramData\HitmanPro
2014-01-12 10:07:24	11AC4BC119E8A5F2782EFB7E07EC9278	1307546	----a-w-	C:\Users\Bernard\WBVOORBEELD.WBD
2014-01-11 20:34:21	--------	d-----w-	C:\ProgramData\152CB
2014-01-11 10:54:21	--------	d-----w-	C:\ProgramData\ATI
2014-01-11 10:50:22	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\SkyDrive
2014-01-11 10:50:22	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\Documents
2014-01-10 17:37:45	--------	d-----w-	C:\Users\Public\CyberLink
2014-01-10 14:06:39	89BD0B132F6BB6FF071FFD90CE8B9826	55604	----a-w-	C:\ProgramData\1389362768.bdinstall.bin

====== C: exe-files ==
2014-02-04 19:21:06	CEE78F36EB35BED18CFFE2780416DA12	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-413552064-4231593532-560199935-1001\$IPOS33S.exe
2014-02-04 19:20:32	7768FBA11A9E695C3B5C4AA4CA38032B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-413552064-4231593532-560199935-1001\$I8A0ILZ.exe
2014-02-04 16:54:10	5614386D4CFDF9E56F355C45BEEBC976	12872	----a-w-	C:\Windows\System32\bootdelete.exe
2014-02-04 16:50:21	760B03AE5E3244E22FFC3C1AE1F5264A	127752	----a-w-	C:\Program Files\HitmanPro\hmpsched.exe
2014-02-04 16:50:20	6F4788FFB65599DB10D7B527A9619B3A	10820032	----a-w-	C:\Program Files\HitmanPro\HitmanPro.exe
2014-02-04 16:42:10	DD5360D53DB6BDCB9B1D156AED57B32D	9452704	----a-r-	C:\Users\Bernard\Downloads\HitmanPro 3.7.8 Build 208 Multilingual (x86x64) Cracked-XenoCoder\HitmanPro x86.exe
2014-02-04 16:42:10	86146354E784FBBD2A403A036D645448	10264904	----a-r-	C:\Users\Bernard\Downloads\HitmanPro 3.7.8 Build 208 Multilingual (x86x64) Cracked-XenoCoder\HitmanPro x64.exe
2014-02-04 16:15:59	8C7FB9078A63B7E5E899E7A2DBB0DB53	1114624	----a-w-	C:\Users\Bernard\AppData\Local\Temp\270187.Uninstall\uninstaller.exe
2014-02-04 15:28:10	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-r-	C:\Users\Bernard\AppData\Local\Microsoft\Windows\FileHistory\Data\47\C\Users\Bernard\Desktop\adwcleaner.exe
2014-02-04 15:02:42	87AA03C017EED7D9F257FB149D0B214C	106212	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2014-02-04 15:02:41	A7A117CB1104D0829466F48E17BE0A71	118896	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2014-02-04 14:52:45	FD3E66E1EAD5DA5EC23174D29B8376D6	283128	----a-w-	C:\Users\Bernard\Downloads\Firefox Setup Stub 26.0.exe
2014-02-04 13:17:10	EFA9528BF0A86DA6C5EC12BFFB5AE04D	78353832	----a-w-	C:\$Recycle.Bin\S-1-5-21-413552064-4231593532-560199935-1001\$R8A0ILZ.exe
2014-02-03 20:57:35	11CCD15AAF661FF4BCCD5DEC3A4EE464	6816768	----a-w-	C:\Users\Bernard\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Map\898a7bec63488af80716acbe80fadc96\Map.ni.exe
2014-02-03 20:57:14	0AF71452AC1FF7BE3B958A931AC39F64	8944640	----a-w-	C:\Users\Bernard\AppData\Local\Packages\Facebook.Facebook_8xx8rvfyw5nnt\AC\Microsoft\CLR_v4.0\NativeImages\Facebook\b8bbcd7585600e20feed132c8809a290\Facebook.ni.exe
2014-02-01 11:36:49	44112BE70F2EEA5EF90438FDC7A91F43	860160	----a-w-	C:\Users\Bernard\AppData\Local\Packages\goudengids.bepagesdor.be.AanTafel_z8zpkckr2jega\AC\Microsoft\CLR_v4.0_32\NativeImages\Truvo.AanTa41582cbb#\45e7c8f53210c5d739274d533577a128\Truvo.AanTafel.WindowsStore.ni.exe
2014-02-01 11:36:45	0F529556D4E1A013FD963CB5771175E9	356864	----a-w-	C:\Users\Bernard\AppData\Local\Packages\20120Duijker.Moestuin_8svmxggp8rp4m\AC\Microsoft\CLR_v4.0_32\NativeImages\Moestuin\13755f467bd2774fe9a3b45396266c92\Moestuin.ni.exe
2014-02-01 11:16:31	E49E5BF9C8C5F1508F63DA3C6C824984	30936	----a-w-	C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupPasswordReminder.exe
2014-02-01 11:16:31	CAE98FD09A88C575E7853218103A212A	29912	----a-w-	C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_HPConnectedPhoto.exe
2014-02-01 11:16:31	9DFDD8AC6D33626A90E97D7B74E1F9A4	29912	----a-w-	C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupYourImportantData_US.exe
2014-02-01 11:04:28	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-r-	C:\Users\Bernard\AppData\Local\Microsoft\Windows\FileHistory\Data\11\C\Users\Bernard\Documents\adwcleaner.exe
2014-02-01 11:04:28	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-r-	C:\Users\Bernard\AppData\Local\Microsoft\Windows\FileHistory\Data\11\C\Users\Bernard\Desktop\adwcleaner.exe
2014-02-01 11:03:19	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-w-	C:\Users\Bernard\Desktop\adwcleaner.exe
2014-02-01 11:02:20	54DB2B8C60F04C5ADE6D711D47EABA75	1166132	----a-w-	C:\Users\Bernard\Documents\adwcleaner.exe
2014-01-31 15:07:24	9D7AE645CF981E014BDB1B0FC5E2CA50	1854040	----a-w-	C:\Program Files (x86)\BurnAware Free\VerifyDisc.exe
2014-01-31 15:07:23	028797207251743E4D749826896114D6	1191000	----a-w-	C:\Program Files (x86)\BurnAware Free\BurnAware.exe
2014-01-31 15:07:22	F9F2CD160A305BF66A044AB5695EA9F1	1614424	----a-w-	C:\Program Files (x86)\BurnAware Free\EraseDisc.exe
2014-01-31 15:07:22	8B5B6C8DBE577F8E54C3D396BCC2031C	1927256	----a-w-	C:\Program Files (x86)\BurnAware Free\CopyImage.exe
2014-01-31 15:07:22	1870D054316340FD0CCDF2787CEAE99C	2259032	----a-w-	C:\Program Files (x86)\BurnAware Free\MakeISO.exe
2014-01-31 15:07:21	E17B8202558329316F44BB9629B0854A	2276440	----a-w-	C:\Program Files (x86)\BurnAware Free\MP3Disc.exe
2014-01-31 15:07:21	484D76505DDD526CF5D5D68DC15DA5B1	1634904	----a-w-	C:\Program Files (x86)\BurnAware Free\DiscInfo.exe
2014-01-31 15:07:21	0B7EC2C40ED21D9D9A6DCF01726C9B21	2363992	----a-w-	C:\Program Files (x86)\BurnAware Free\DataDisc.exe
2014-01-31 15:07:20	686CD1B07F922E4737E0ABFFDBCF936B	2025560	----a-w-	C:\Program Files (x86)\BurnAware Free\BurnImage.exe
2014-01-31 15:07:20	20AF7052ED87690F93942B78F78F2B56	2284632	----a-w-	C:\Program Files (x86)\BurnAware Free\DVDVideo.exe
2014-01-31 15:07:19	98A1A8726B2C6F530DC560AC93A9DB9D	1265451	----a-w-	C:\Program Files (x86)\BurnAware Free\unins000.exe
2014-01-31 15:07:19	0B671116FD1080052A6DD063179BD8F3	2227288	----a-w-	C:\Program Files (x86)\BurnAware Free\AudioCD.exe
2014-01-29 11:08:33	39B390B07E1A5BCBF392D26980063031	1930752	----a-w-	C:\Users\Bernard\AppData\Local\Packages\RemmelInformatik.CookMeLight_2wyp2v8058s48\AC\Microsoft\CLR_v4.0_32\NativeImages\CookMe\f7d69793e24043dc4c4a749ca70879fd\CookMe.ni.exe
=== C: other files ==
2014-02-04 05:56:20	9D68A041CE834BD4E0FF32CEF0006A98	9074	----a-w-	C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-413552064-4231593532-560199935-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"BearShare"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe --lightmode"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"MyImageConverter EPM Support"="C:\PROGRA~2\MYIMAG~2\bar\1.bin\8jmedint.exe T8EPMSUP.DLL,S"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"BearShare"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe --lightmode"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="C:\Program Files\Greenshot\Greenshot.exe"
"MyImageConverter Home Page Guard 64 bit"="C:\PROGRA~2\MYIMAG~2\bar\1.bin\AppIntegrator64.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"

==== Startup Folders ======================

2013-10-29 09:54:21	1380	----a-w-	C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
2013-10-25 12:31:28	1962	----a-w-	C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 5520 series.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2014 20:15]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-413552064-4231593532-560199935-1001UA.job --a-------- C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe [29/10/2013 10:54]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/11/2013 10:15]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/11/2013 10:15]
C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a-------- C:\ProgramData\HP Photo Creations\Communicator.exe [23/08/2011 10:11]
C:\WINDOWS\tasks\HPCeeScheduleForBernard.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 22:15]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-413552064-4231593532-560199935-1001Core" [C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-413552064-4231593532-560199935-1001UA" [C:\Users\Bernard\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]
"C:\WINDOWS\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForBernard" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Photosmart 5520 series" ["C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{FC06FC50-25FC-460A-A6CC-1031068A75DC}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default
- Site Finder - %ProfilePath%\extensions\sitefinder@sitefinder.com
- Evernote Web Clipper - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
- RightSurf - %ProfilePath%\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default
FD6ACD9D85177259D442A0C4AC15F7B8	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll -	Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8	- C:\Users\Bernard\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll -	Facebook Desktop
EFC5F7D71CF84407ABEE5412AAD79153	- C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll -	RocketLife Secure Plug-In Layer


==== Deleted Firefox Extensions ======================

C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\l6q930c9.default\extensions\{b9a19c25-a741-47e5-91a2-0b62bef307ff}.xpi deleted

==== Chrome Look ======================

Google Docs - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Plus-HD-4.9 - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa
Google Wallet - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown  Url="Not_Found"
{DAC154BF-C2AF-44A3-B045-2C4D22398BBA} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7MXGA_nlBE565"
{EBC94309-12CC-4020-A037-48296C659E6F} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-413552064-4231593532-560199935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-413552064-4231593532-560199935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully
HKEY_USERS\S-1-5-21-413552064-4231593532-560199935-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EBC94309-12CC-4020-A037-48296C659E6F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic for Windows deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bernard\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Bernard\AppData\Local\Mozilla\Firefox\Profiles\l6q930c9.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Bernard\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=643 folders=113 153552489 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Bernard\AppData\Local\Temp  will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bernard\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on di 04/02/2014 at 21:59:54,19 ======================