
Zoek.exe v5.0.0.0 Updated 06-September-2014
Tool run by Admin on za 06/09/2014 at 17:35:27,54.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

6/09/2014 17:38:18 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Users\Admin\AppData\Roaming\QuickScan deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5350432D-5350-006A-76A7-7A786E7484D7} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\at9p44xu.default

user.js not found
---- Lines a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570 removed from prefs.js ----
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.InstallationThankYouPage", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.InstallationTime", 1404934444);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.active", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.addressbar", "NA");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.addressbarenhanced", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncdb.was_copied", "true");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncdb_dbWasSet", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncinternaldb.was_copied", "true");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.backgroundver", 1);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.certdomaininstaller", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.changeprevious", false);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.cookie.InstallationTime.value", "%221404934444%2
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.cookie.InstallerParams.expiration", "Fri Feb 01 
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.description", "Turn YouTube videos to High Defin
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.domain", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.enablesearch", false);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.homepage", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.iframe", false);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb._installer_additional_info.expiration
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb._installer_additional_info.value", "%
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.internaldb.monetization_plugin_regBundledWithSof
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.lastDailyReport", "1404992656623");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.lastUpdate", "1404992656615");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.manifesturl", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.name", "HDPlus-V1.9");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.newtab", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.opensearch", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.pluginsurl", "http://js.geninfocloud.com/plugin/
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.pluginsversion", 20);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.publisher", "HDPlus");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.searchstatus", 0);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.setnewtab", false);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.thankyou", "");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.updateinterval", 360);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.59570.ver", 29);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.apps", "59570");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.bic", "147201688d6c0ec72addbab4751f84e3");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.cid", 59570);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.firstrun", false);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.hadappinstalled", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.installationdate", 1404992654);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.installerAdditionalInfo", "{\"asw\":[67125248, 5, 0]}"
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.modetype", "production");
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.reportInstall", true);
user_pref("extensions.a3446275a54774d33bd0d44b466c519cd4bf28e2458334fb888c3cd8403bb6141com59570.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ---- 

prefs_20140609_1750_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5350432D-5350-006A-76A7-7A786E7484D7}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5350432D-5350-006A-76A7-7A786E7484D7}] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"ApnTBMon"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\SopCast deleted
C:\PROGRA~3\AskPartnerNetwork deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll" deleted
"C:\Program Files (x86)\AskPartnerNetwork" deleted
"C:\PROGRA~2\AskPartnerNetwork" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork" not deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar" deleted
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted
"C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar" not deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater" not deleted
"C:\Users\Admin\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-08-28 13:28:47	568D6F1C730EC3A9B381F01020D600DC	4148224	----a-w-	C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2014-08-13 10:58:34	313DCE665B57000B18CB26C6B6A10DFE	1557848	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-08-13 10:57:54	7A1A3F213CDB3363D179D5014272025D	402432	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-08-13 10:57:52	674A4702E4E144E8710ED1A2EC6DD049	96768	----a-w-	C:\Windows\Sysnative\drivers\agilevpn.sys
2014-08-13 10:57:51	65ED7B9CFEA893DF7748D5FF692690DE	38912	----a-w-	C:\Windows\Sysnative\drivers\vwifimp.sys
2014-08-13 10:57:51	35BF5C5F5E3C9902C98978C7640574DA	71680	----a-w-	C:\Windows\Sysnative\drivers\vwififlt.sys
2014-08-13 10:57:41	5C42CEE3E2018E1DFC6E3E17240A432A	206848	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-08-13 10:56:07	FE0ADF5028EB8C1339B66B3AEDE3FEF9	440664	-c--a-w-	C:\Windows\Sysnative\drivers\usbport.sys
2014-08-13 10:56:07	D537815E450A149752C15868392AD1F3	110592	----a-w-	C:\Windows\Sysnative\drivers\WUDFPf.sys
2014-08-13 10:56:07	93435654DCA210298BA0F986EB51C679	419672	-c--a-w-	C:\Windows\Sysnative\drivers\usbhub.sys
2014-08-13 10:56:07	83C9C45D59C72FEFDAE9A5686BE31FEA	467800	-c--a-w-	C:\Windows\Sysnative\drivers\USBHUB3.SYS
2014-08-13 10:56:07	7CCBBCEE408A5DBE3FE47297DB5A6CFC	227840	----a-w-	C:\Windows\Sysnative\drivers\WUDFRd.sys
2014-08-13 10:56:07	25AC0B50A71938890970E1508F107196	2518360	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2014-08-13 10:56:06	D79920BE4E6683D3AB50F71457A4F6C6	27480	-c--a-w-	C:\Windows\Sysnative\drivers\usbd.sys
2014-08-13 10:56:06	48BA326A3DBA5B5BEB5F2777F4618696	89944	-c--a-w-	C:\Windows\Sysnative\drivers\usbehci.sys
2014-08-13 10:56:06	064260B3A5868AC894A4943543BC7AB7	37376	-c--a-w-	C:\Windows\Sysnative\drivers\usbuhci.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-05 17:11:57	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Admin\AppData\Roaming ======
2014-08-16 19:23:59	--------	d-----w-	C:\Users\Admin\AppData\Local\AskPartnerNetwork
2014-08-12 13:34:58	--------	d-----w-	C:\Users\Admin\AppData\Local\Adobe
====== C:\Users\Admin ======
2014-08-16 19:23:33	EF04109E6CADBC232B68BADF3701B4A0	1007	----a-w-	C:\Users\Admin\SopCast.lnk

====== C: exe-files ==
2014-09-05 21:30:50	27BD87D23170E599E6EE334F27EB9435	4005520	----a-w-	C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\Packages\000061b3\DAO.18850839.exe
2014-09-05 21:05:27	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Admin\Desktop\Malware\RSITx64.exe
2014-09-05 17:11:58	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Admin.exe
2014-09-04 21:19:29	2FB742C226D0474202D28A5724E6CA4B	7235664	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.103\37.0.2062.103_36.0.1985.143_chrome_updater.exe
2014-09-03 21:29:18	93E81A0931CD47FB4C8C155E1A056CF8	3955713	----a-w-	C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\Packages\00006186\DAO.18842956.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-21-2980793151-4220202154-4047133139-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Startup Folders ======================

2014-05-09 18:00:54	1316	----a-w-	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3BA90F3D-BB10-46CD-B41A-A636A7C4A270}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ffpwdman@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman" [11/04/2014 11:33]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"magicplayer@torrentstream.org"="C:\Users\Admin\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org" [16/07/2014 20:46]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\at9p44xu.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\at9p44xu.default
9297A960E3DA318A1D0832375EC37953	- C:\Users\Admin\AppData\Roaming\ACEStream\player\npace_plugin.dll -	Ace Stream P2P Multimedia Plug-in
4390CCD3790F8D9C427C0C29590C62D7	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll -	Shockwave Flash
E37EAD09D28AE19D8A39B6A95F47513A	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -	Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaadgepjkdffhjbkfjgnnffnfcffbg - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx[]
ccahoghmggldkcdjiebjkidpfongdfbl - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx[03/03/2014 14:59]

Google Drive - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AS Magic Player - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Google Wallet - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.be/",
"startup_urls": [ "https://www.google.be/" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=340 folders=103 73550301 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot