
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by User on do 29/05/2014 at  9:12:17,15.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-05-27-184937.log	31488 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whb3e23f.default-1375171281256

user.js not found
---- Lines mystart removed from prefs.js ----
user_pref("keyword.URL", "http://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=bs_4802&q=");
---- FireFox user.js and prefs.js backups ---- 

prefs_20142905_0927_.backup

==== Deleting Files \ Folders ======================

"C:\Windows\tasks\Registry Optimizer_DEFAULT.job" not found
"C:\Windows\tasks\Registry Optimizer_UPDATES.job" not found
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\Anti-phishing Domain Advisor deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\User\AppData\Local\Wondershare deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whb3e23f.default-1375171281256\jetpack deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-05-18 09:43:54	CAA4B6FE83F6757A1B991E3C59A17573	566051498	----a-w-	C:\Windows\MEMORY.DMP
2014-05-16 19:51:23	0B5A0005C0BDF4A05174576AF80DEA04	43152	----a-w-	C:\Windows\avastSS.scr
====== C:\Users\User\AppData\Local\Temp ====
2014-05-27 16:22:50	A723416C85755E2A2E42BEC3C00EAB48	92773912	----a-w-	C:\Users\User\AppData\Local\Temp\Media Go\MGUpdate_2.7.357\mediago_setup.exe
====== Java Cache =====
2014-05-27 16:20:06	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-63440f8a
====== C:\Windows\SysWOW64 =====
2014-05-27 06:31:49	6EA69D2312F3571F6F8BEADD224165E8	264616	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-05-27 06:31:42	9533FE0A942E00114047140B42DF8E3D	175016	----a-w-	C:\Windows\SysWOW64\java.exe
2014-05-27 06:31:42	3B10B54F50CD362537B9F2186267EDF8	96168	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-27 06:31:42	37C15684482B4D596316735DCEEE939A	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2014-05-15 07:39:36	FBCF3F01177953EBF1E735643621CCF5	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 07:39:34	EB5347F6149D3FF25F4D609A21A3BD67	17382912	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-05-15 07:39:34	10D531ADC7B8FB36C7361D44AF6E8AB6	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-27 06:34:20	0DED6DD34EC2877C72CC32624060019F	313256	----a-w-	C:\Windows\Sysnative\javaws.exe
2014-05-27 06:34:15	EB01E2AB90C1B8966ED27A6AD57D5BCA	189352	----a-w-	C:\Windows\Sysnative\javaw.exe
2014-05-27 06:34:15	363FF136AC2C9A02E310E6A5E98ADFC0	189352	----a-w-	C:\Windows\Sysnative\java.exe
2014-05-27 06:34:15	176539F1D21C78D78D8C468413CFAF5A	108968	----a-w-	C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-05-15 07:39:36	A920E1336F9FEA95477763E2CC15891B	84992	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-05-15 07:39:36	797E2E5C309AFF76990D5B7AF457EACA	23544320	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-05-15 07:39:34	A45BFDCFD5864F658289A165E6E0227F	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
====== C:\Windows\Sysnative\drivers =====
2014-05-16 19:51:34	340B0467E98A8C92697D73034DB4BCB7	29208	----a-w-	C:\Windows\Sysnative\drivers\aswHwid.sys
2014-05-14 12:06:56	1C2D8E18AA8FD50CD04C15CC27F7F5AB	155072	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 12:06:54	353009DEDF918B2A51414F330CF72DEC	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-05-27 06:33:57	--------	d-----w-	C:\Program Files\Java
2014-05-26 15:38:16	--------	d-----w-	C:\Program Files\trend micro
2014-05-23 08:07:20	--------	d-----w-	C:\Program Files\Speccy
======= C:\PROGRA~2 =====
2014-05-27 06:31:58	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-05-15 07:39:03	--------	d-----w-	C:\PROGRA~2\COMMON~1\DESIGNER
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-05-23 10:37:09	--------	d-sh--w-	C:\Users\User\AppData\Locallow\EmieUserList
2014-05-23 10:36:58	--------	d-sh--w-	C:\Users\User\AppData\Local\EmieUserList
2014-05-23 10:36:58	--------	d-sh--w-	C:\Users\User\AppData\Local\EmieSiteList
2014-05-23 10:36:55	--------	d-sh--w-	C:\Users\User\AppData\Locallow\EmieSiteList
2014-05-22 07:10:29	--------	d-----w-	C:\Users\User\AppData\Local\ElevatedDiagnostics
2014-05-10 09:47:30	23F8D302D4C4A9946D8F9AA5137FED76	135768	----a-w-	C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-05 21:16:44	--------	d-----w-	C:\Users\User\AppData\Local\toolbarcleaner
====== C:\Users\User ======
2014-05-27 06:33:14	8793EF637AB0EA07973E81BF9515BD09	29164456	----a-w-	C:\Users\User\Downloads\jre-7u55-windows-i586.exe
2014-05-27 06:32:43	FABE68449854D735914FF8693F1D5A79	30818216	----a-w-	C:\Users\User\Downloads\jre-7u55-windows-x64.exe
2014-05-27 06:31:42	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-27 06:29:33	A4582C5BD9BD59F4C54F238CCEC68404	921512	----a-w-	C:\Users\User\Downloads\jxpiinstall.exe
2014-05-26 15:37:48	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64(1).exe
2014-05-23 08:06:35	6DC6EBDF9391271098C40F6BA7779430	4890736	----a-w-	C:\Users\User\Downloads\spsetup126.exe
2014-05-23 08:01:48	A0844C730F1091B491A8737404F4C914	347816	----a-w-	C:\Users\User\Downloads\MicrosoftFixit.Codec.RNP.Run(1).exe
2014-05-22 08:06:10	--------	d-----w-	C:\ProgramData\GRETECH
2014-05-22 07:09:24	A0844C730F1091B491A8737404F4C914	347816	----a-w-	C:\Users\User\Downloads\MicrosoftFixit.Codec.RNP.Run.exe
2014-05-12 16:02:26	--------	d-----r-	C:\Windows\sysWoW64\config\systemprofile\Desktop
2014-05-02 08:03:57	--------	d-----r-	C:\Windows\SysNative\config\systemprofile\Searches

====== C: exe-files ==
2014-05-27 16:22:50	A723416C85755E2A2E42BEC3C00EAB48	92773912	----a-w-	C:\Users\User\AppData\Local\Temp\Media Go\MGUpdate_2.7.357\mediago_setup.exe
2014-05-27 06:34:20	0DED6DD34EC2877C72CC32624060019F	313256	----a-w-	C:\Windows\System32\javaws.exe
2014-05-27 06:34:15	EB01E2AB90C1B8966ED27A6AD57D5BCA	189352	----a-w-	C:\Windows\System32\javaw.exe
2014-05-27 06:34:15	363FF136AC2C9A02E310E6A5E98ADFC0	189352	----a-w-	C:\Windows\System32\java.exe
2014-05-27 06:34:05	F078C7073A963D84FC319997D8386D6C	16808	----a-w-	C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-05-27 06:34:05	C5056FD65E6086D9BD58FDD3E274AB84	16296	----a-w-	C:\Program Files\Java\jre7\bin\servertool.exe
2014-05-27 06:34:05	9917CC2B86CA82075055613D5AE9B345	64424	----a-w-	C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-05-27 06:34:05	783462534C278C9FA4694A17FDF7DBE0	180648	----a-w-	C:\Program Files\Java\jre7\bin\unpack200.exe
2014-05-27 06:34:04	D8FD9179D2D17E3C2A18EA5D7BBEBC3B	16296	----a-w-	C:\Program Files\Java\jre7\bin\rmid.exe
2014-05-27 06:34:04	A6496B634E8FE818EC7DD7AA9874F4EA	16808	----a-w-	C:\Program Files\Java\jre7\bin\orbd.exe
2014-05-27 06:34:04	3E5EA12528ADC5751DC3D5F1538DEE75	16296	----a-w-	C:\Program Files\Java\jre7\bin\pack200.exe
2014-05-27 06:34:04	311E63E962260513F1AB94279FF95C01	16296	----a-w-	C:\Program Files\Java\jre7\bin\policytool.exe
2014-05-27 06:34:04	1BE176196260BA1B9FCBCBC06EAE06B6	16296	----a-w-	C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-05-27 06:34:03	E40BC8FA0DBFFD3EC30BEA8B749E76E9	16296	----a-w-	C:\Program Files\Java\jre7\bin\klist.exe
2014-05-27 06:34:03	A4E1EEBB47600B739B1D0607863518A0	16296	----a-w-	C:\Program Files\Java\jre7\bin\ktab.exe
2014-05-27 06:34:03	A216FC449DC406900F8697B226BCFACF	16296	----a-w-	C:\Program Files\Java\jre7\bin\keytool.exe
2014-05-27 06:34:03	43A6E47AD95C0D91CDB53BC9C630486C	16296	----a-w-	C:\Program Files\Java\jre7\bin\kinit.exe
2014-05-27 06:34:02	F8EBBD21A45D341D2AF07F2A59C825C5	67496	----a-w-	C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-05-27 06:34:02	EB01E2AB90C1B8966ED27A6AD57D5BCA	189352	----a-w-	C:\Program Files\Java\jre7\bin\javaw.exe
2014-05-27 06:34:02	0DED6DD34EC2877C72CC32624060019F	313256	----a-w-	C:\Program Files\Java\jre7\bin\javaws.exe
2014-05-27 06:34:00	3B9695229F272A2757760AC38029F824	76200	----a-w-	C:\Program Files\Java\jre7\bin\javacpl.exe
2014-05-27 06:34:00	363FF136AC2C9A02E310E6A5E98ADFC0	189352	----a-w-	C:\Program Files\Java\jre7\bin\java.exe
2014-05-27 06:34:00	09F986ECEB12E08B57F5F7020258A862	16296	----a-w-	C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-05-27 06:34:00	00819230898343926289F603CDB246F2	55720	----a-w-	C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-05-27 06:33:14	8793EF637AB0EA07973E81BF9515BD09	29164456	----a-w-	C:\Users\User\Downloads\jre-7u55-windows-i586.exe
2014-05-27 06:32:43	FABE68449854D735914FF8693F1D5A79	30818216	----a-w-	C:\Users\User\Downloads\jre-7u55-windows-x64.exe
2014-05-27 06:31:49	6EA69D2312F3571F6F8BEADD224165E8	264616	----a-w-	C:\Windows\SysWOW64\javaws.exe
2014-05-27 06:31:42	9533FE0A942E00114047140B42DF8E3D	175016	----a-w-	C:\Windows\SysWOW64\java.exe
2014-05-27 06:31:42	37C15684482B4D596316735DCEEE939A	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2014-05-27 06:31:32	FB67D8F555AA8E847DC6D7BFFF69C1C1	145832	----a-w-	C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-05-27 06:31:32	B1CE4931FCA0E9D6493F18440A492472	49576	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-05-27 06:31:32	829199AE07062FE066CCD037190B4D04	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-05-27 06:31:32	7151FDB921CC188833E69690E969616A	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-05-27 06:31:32	67E721D8CA3F26695C2836870FF395E0	16808	----a-w-	C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-05-27 06:31:32	5F32AD07982BE93452A755CE94F130BA	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-05-27 06:31:32	3DAA029309C13F0A8DFB839372A3E8D3	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-05-27 06:31:32	3B8C2991462B84868BB04C67E197CFC1	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-05-27 06:31:32	21190A2C683911E97E6484632F0A11AF	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-05-27 06:31:31	E788AC8198E99F9DA268A35719462DEF	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-05-27 06:31:31	CA8C3C3510377A38A0FD0386B1C8700D	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-05-27 06:31:31	B863FBED45DA51498B42DEAE76006D94	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-05-27 06:31:31	0F298580559EE0929C572CFEB99B5AAA	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-05-27 06:31:30	C38B939945B2357D56B105C8F8FE7C45	52648	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-05-27 06:31:30	9533FE0A942E00114047140B42DF8E3D	175016	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-05-27 06:31:30	77430E8234A0050ECCC5E2F5B30A7BEF	182696	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-05-27 06:31:30	6EA69D2312F3571F6F8BEADD224165E8	264616	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-05-27 06:31:30	58B60ED489B1EDFA2BCDCAAF90B5EDD8	16296	----a-w-	C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-05-27 06:31:30	37C15684482B4D596316735DCEEE939A	175528	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-05-27 06:31:30	00F5108D91D768CA9D4ABC5E5053F50F	68008	----a-w-	C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-05-27 06:31:29	FBC892A1196A03F695F112A5EDE032DC	48040	----a-w-	C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-05-27 06:30:25	3842C46F2FBC7522EF625F1833530804	145408	----a-w-	C:\Users\User\AppData\LocalLow\Sun\Java\jre1.7.0_55\lzma.exe
2014-05-27 06:29:33	A4582C5BD9BD59F4C54F238CCEC68404	921512	----a-w-	C:\Users\User\Downloads\jxpiinstall.exe
2014-05-26 15:38:17	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\User.exe
2014-05-26 15:37:48	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\User\Downloads\RSITx64(1).exe
2014-05-23 08:06:35	6DC6EBDF9391271098C40F6BA7779430	4890736	----a-w-	C:\Users\User\Downloads\spsetup126.exe
2014-05-23 08:01:48	A0844C730F1091B491A8737404F4C914	347816	----a-w-	C:\Users\User\Downloads\MicrosoftFixit.Codec.RNP.Run(1).exe
=== C: other files ==
2014-05-27 06:34:05	9B14F61F8FB51C2813B10538C7CF5692	18619	----a-w-	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-05-27 06:31:33	D95F1D4129F0CB2F7626CDCBAC2F512B	18636	----a-w-	C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Downloads\Perfect-Table-Plan-Clock_eventcountdownclock"="C:\Users\User\Downloads\eventcountdownclock.exe"

[HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1191\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-599483926-3434182497-1491414450-1191\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Downloads\Perfect-Table-Plan-Clock_eventcountdownclock"="C:\Users\User\Downloads\eventcountdownclock.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeBridge"
"hkey"="HKCU"
"command"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS5ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenuEx"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EaseUs Tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\TrayNotify.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EaseUs Watch"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EaseUS\\Todo Backup\\bin\\EuWatch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Family Tree Builder Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAAnotif"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IJNetworkScanUtility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IJNetworkScanUtility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Canon IJ Network Scan Utility\\CNMNSUT.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCplDaemon"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PMBVolumeWatcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PMBVolumeWatcher"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Sony\\PMB\\PMBVolumeWatcher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sidebar"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoMud]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SoMud"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\SoMud\\somud.exe\" /bg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\User\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbarcleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="toolbarcleaner"
"hkey"="HKCU"
"command"="reg.exe delete \"HKCU\\Software\\AppDataLow\\Software\\toolbarcleaner\" /f"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbarcleaner_DATA_FOLDER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="toolbarcleaner_DATA_FOLDER"
"hkey"="HKCU"
"command"="cmd.exe /c rmdir \"C:\\ProgramData\\Anti-phishing Domain Advisor\" /s /q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbarcleaner_INSTALL_FOLDER]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="toolbarcleaner_INSTALL_FOLDER"
"hkey"="HKCU"
"command"="cmd.exe /c rmdir \"C:\\Users\\User\\AppData\\Local\\toolbarcleaner\" /s /q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\toolbarcleaner_XP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="toolbarcleaner_XP"
"hkey"="HKCU"
"command"="reg.exe delete \"HKCU\\Software\\toolbarcleaner\" /f"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vmware-tray.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vmware-tray.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-tray.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^aveosti.exe.lnk]
"item"="aveosti.exe"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\aveosti.exe.lnk"
"backup"="C:\\Windows\\pss\\aveosti.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\AVEO\\AVEOUV~1\\AveoSTI.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
"item"="OneNote 2007 Schermopname en Snel starten"
"path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Schermopname en Snel starten.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2014 20:31]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\EasyDisplayMgr" ["C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"]
"C:\Windows\SysNative\tasks\outlook" [C:\ProgramData\Microsoft\Windows\Start]
"C:\Windows\SysNative\tasks\SUPBackground" ["%ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe"]
"C:\Windows\SysNative\tasks\{F682DF53-7221-4538-9A41-7A7014480272}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [16/05/2014 21:51]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whb3e23f.default-1375171281256
- Empty Cache Button - %ProfilePath%\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi
- Flesko - %ProfilePath%\extensions\jid1-SKuRexDY5zJsIQ@jetpack.xpi
- Pin It button - %ProfilePath%\extensions\pinterest@robertnyman.com.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\whb3e23f.default-1375171281256
A58DE0A570148AF5FF3512B2A340D09F	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -	Shockwave Flash
2147C8ED020B1CE3B82BBDD3C49C8F81	- C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -	WacomTabletPlugin


==== Chrome Look ======================

Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{BB15F356-0F17-497D-B753-937719F84553}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{BB15F356-0F17-497D-B753-937719F84553} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoMud deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbarcleaner_DATA_FOLDER deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbarcleaner_INSTALL_FOLDER deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\whb3e23f.default-1375171281256\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=56 folders=32 14134522 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 29/05/2014 at  9:47:02,07 ======================