
Zoek.exe v5.0.0.0 Updated 23-09-2014
Tool run by Koos on wo 24-09-2014 at 21:18:34,46.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q47UWL4V\zoek.exe [Scan current user] [Script inserted] 

==== System Restore Info ======================

24-9-2014 21:19:56 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\cosstminn deleted successfully
C:\PROGRA~2\FLVM Player deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\PROGRA~3\cosstminn deleted successfully
C:\Users\Koos\AppData\Roaming\Neav deleted successfully
C:\Users\Koos\AppData\Roaming\Octoshape deleted successfully
C:\Users\Koos\AppData\Roaming\Weawam deleted successfully
C:\Users\Koos\AppData\Local\Conduit deleted successfully
C:\Users\Koos\AppData\Local\WeatherAlerts deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2B674302-A1C7-47B1-B3E4-7757FF86CCDF} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7FCF687C-C4C1-430E-B050-F0F517340B59} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ECE26FD9-3DFD-48EF-9BE7-4FC2E9E2C3FB} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} deleted successfully
HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wajam Internet Enhancer Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Koos\AppData\Roaming\Mozilla\Firefox\Profiles\5zxaklqs.default

---- Lines Search  removed from prefs.js ----
user_pref("browser.search.selectedEngine", "Search The Web (buenosearch)");
user_pref("browser.search.defaultenginename", "Search The Web (buenosearch)");
---- Lines babsrc removed from prefs.js ----
user_pref("browser.startup.homepage", "http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345");
---- FireFox user.js and prefs.js backups ---- 

user_24-09-2014_2137_.backup
prefs_24-09-2014_2137_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"Optimizer Pro"=- 

==== Deleting Files \ Folders ======================

C:\Users\Koos\AppData\Roaming\Neav not found
C:\Program Files (x86)\predm not found
C:\Program Files (x86)\Wajam deleted
C:\Users\Koos\AppData\Roaming\Optimizer Pro deleted
C:\Users\Koos\AppData\Roaming\VOPackage deleted
C:\ProgramData\WindowsMangerProtect deleted
C:\Program Files (x86)\SupTab deleted
C:\Program Files (x86)\NewPlayer deleted
C:\Program Files (x86)\mbot_nl_12 deleted
C:\PROGRA~3\374311380 deleted
C:\PROGRA~2\PC Speed Up deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Koos\AppData\Roaming\Babylon deleted
C:\Users\Koos\AppData\Roaming\DealPly deleted
C:\Users\Koos\AppData\Roaming\Systweak deleted
C:\Users\Koos\acceptor.uno.dll deleted
C:\PROGRA~3\Systweak deleted
C:\PROGRA~3\IePluginServices deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\DSearchLink deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\Users\Koos\AppData\Local\mbot_nl_12 deleted
C:\Users\Koos\AppData\Local\newplayer deleted
C:\Users\Koos\AppData\Local\AVG Secure Search deleted
C:\Users\Koos\AppData\Local\Bundled software uninstaller deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 deleted
C:\Users\Koos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\windows\SysNative\Tasks\DealPly deleted
C:\Users\Koos\Downloads\SoftonicDownloader_voor_zipeg.exe deleted
C:\Users\Koos\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Koos\AppData\LocalLow\IAC deleted
C:\Users\Koos\AppData\LocalLow\PriceGong deleted
C:\Users\Koos\AppData\LocalLow\Conduit deleted
C:\windows\SysNative\tasks\ASP deleted
C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted
C:\END deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Koos\Documents\Optimizer Pro deleted
C:\Users\Koos\AppData\Roaming\Mozilla\Firefox\Profiles\5zxaklqs.default\searchplugins\buenosearchkms.xml deleted
C:\Users\Koos\AppData\Roaming\Mozilla\Firefox\Profiles\5zxaklqs.default\extensions\staged deleted
C:\Users\Koos\Desktop\Optimizer Pro.lnk deleted
"C:\PROGRA~3\9024c2bee7fabb70\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140820064319" deleted
"C:\PROGRA~3\9024c2bee7fabb70\{CE681A67-9477-CBE6-EB9D-FE534875F98D}.20140821175111" deleted
"C:\Users\Koos\AppData\Roaming\Amyrd\ysodfau.imb" deleted
"C:\Users\Koos\AppData\Roaming\Yrguv\nulodu.mea" deleted
"C:\Users\Koos\AppData\Roaming\Yrguv\nulodu.tmp" deleted
"C:\Programdata\Windows\ccdxmmde.dat" deleted
"C:\Programdata\Windows\drss.dat" deleted
"C:\Programdata\Windows\xessmsxe.dat" deleted
"C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe" deleted
"C:\PROGRA~2\Optimizer Pro\OptProReminder.exe" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted
"C:\PROGRA~3\9024c2bee7fabb70" deleted
"C:\Users\Koos\AppData\Roaming\Amyrd" deleted
"C:\Users\Koos\AppData\Roaming\Yrguv" deleted
"C:\Programdata\Windows" deleted
"C:\Program Files (x86)\Optimizer Pro" deleted
"C:\PROGRA~2\Optimizer Pro" deleted
"C:\PROGRA~2\SweetIM" deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Koos\AppData\Local\Temp ====
2014-09-24 18:57:11	4E566FEA83FCEEAF2873702806B55006	43008	----a-w-	C:\Users\Koos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb2nsjm.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-24 04:51:40	C263F3E7E0523556964D661BC7CB9565	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2014-09-14 07:03:59	297EF1AB73B8FCE76BCA1365C2E49AFC	440320	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-09-14 07:03:58	E3D7B3F64C30994409BDF8E48048A854	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-09-14 07:03:57	6DD476318F524D2DCB73AFEB2EE27B4A	61952	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-14 07:03:56	42F6F28D4885505F687CAF0459FF9F90	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-09-14 07:03:55	84E96F4AF8A7748A3DE7C3EBBC6768E5	365056	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-09-14 07:03:55	4F2EDC301EC63F803C0FDB6CC87EDA24	454656	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-09-14 07:03:55	010DFAF3EF93994B805BAA1493D47973	243200	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-09-14 07:03:54	CC8F34B345DA638D77BB48C035DA628D	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-09-14 07:03:54	13C2C87C35E52AAB1B439FB2E26DF2DE	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-09-14 07:03:53	D603AC77E17E5B9583E382F2EE0381A7	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-09-14 07:03:53	074646C5A979DE79133DE4A8530A9C5D	603136	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-09-14 07:03:52	AA595171932ACC79DA9851067DCBDABF	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-09-14 07:03:52	8D4FCAB2643DFEF68040B70F1EDCCBC5	327872	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-09-14 07:03:52	7C3D593AB1E2F5E5687D97772EF99AC7	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-09-14 07:03:49	77F79126444896B5867E6761490735B8	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 07:03:49	2E2E40E5D92EEA979548E307C5781038	597504	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-09-14 07:03:47	5074835337862817DB3726558D0908DE	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-14 07:03:46	1D8C086A39B9794D7131384586811B25	678400	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-09-14 07:03:45	88EBB8526981D03C5777AB0A4AEBA8B4	1068032	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-14 07:03:42	FD96C05DE700F5FD26273D6DDB6495A7	2185728	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-09-14 07:03:41	D58988722C72D265B51A54103DFC2C6F	1812992	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-09-14 07:03:40	77B7DDF91F3ED2CDB6CF60224EE13433	4232704	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-09-14 07:03:40	6A3A809CA7A8F40C89E6F1D301898A66	2014208	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-09-14 07:03:40	41010A88B70A2168F801DC19EBD4CB4F	1190400	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-09-14 07:03:38	7BF1CE9240CB9DD27C3E30733176EB8E	17455104	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-09-14 07:03:37	A3560FAFC1686D5EE9830B33B5C74B66	11769856	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-09-14 06:50:59	2413D2216D08FAF7D7178D9E0B481AEB	2285056	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-13 05:06:43	A8DDB7ACB122FC36FF0D7C9B3099A380	793600	----a-w-	C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 05:06:30	79896A78039C9A63C56197843CFBAD0B	1987584	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2014-09-13 04:46:53	1B85FA0D0A93C011B76678733F39DB6C	550912	----a-w-	C:\Windows\SysWOW64\kerberos.dll
2014-09-13 04:46:51	B094390B6B2D0456821384771020870B	22016	----a-w-	C:\Windows\SysWOW64\secur32.dll
2014-09-13 04:46:51	10826DA2FC073702AEAB93AF3D73B066	96768	----a-w-	C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-24 04:51:40	A8A87343CAE432677D82C0BCC753D905	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2014-09-14 07:03:59	9EFF09364ABDC86770FA0B1BCC9CA3C3	596480	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-09-14 07:03:58	1BE1D1942825BE2146941DA274D2B92F	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-09-14 07:03:57	EF79F0B9E0F277F5797C475DF4248B97	83968	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2014-09-14 07:03:57	A0600300428AB73664050659E738F11F	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-09-14 07:03:57	305D5395A65D00C74A94AEA40E9909E9	758272	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-09-14 07:03:57	0113777A28BEC88A50C2566F346E4B58	72704	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-09-14 07:03:56	EE6B22396FA99639A163B1B7E9736669	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-09-14 07:03:56	2D95BDB699FA1D531B642EA18464FE05	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-09-14 07:03:55	786ECD92C9D77F571134283E0FABAF1A	289280	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-09-14 07:03:55	641068C626DE3AD348871D0D7931A3FA	547328	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-09-14 07:03:55	4CF33E458BAEDA917CAE9F2E8338479C	446464	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-09-14 07:03:54	E76C23C71345ACBC65ED8F6E87AD01D1	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-09-14 07:03:54	C067D863FCD53B91A5BF78AE1CE88E54	85504	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-09-14 07:03:53	C07D636B0237172345E68AE8B70A2984	51200	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-09-14 07:03:52	68B0077C0D09D1B669A260F2921FD6B9	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-09-14 07:03:52	33BAC6F66DB5FE5F7E20D41B025F490E	707072	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-09-14 07:03:52	2AEFBA4339A34C8EF021B49D23D1F1DF	727040	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-09-14 07:03:51	A1BB4CFB25F7CE1D4F67DD71111823AA	374968	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-09-14 07:03:47	920BD93A0B64657A20CA66C2EBB167EA	23591424	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-09-14 07:03:46	4C8838D7C13E9080AF4B548CA791896B	1249280	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-09-14 07:03:46	227303FC6E95547EA274F4337BBC7278	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-09-14 07:03:46	1439630B47D717960D59423958754394	775168	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-09-14 07:03:45	698C19E198F832E071778A1427E942C8	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-09-14 07:03:45	5A0C72B9D3CCA42D8AB74890C19443B2	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-09-14 07:03:42	75498A52C2AE248DEE5BDF5209768963	2793984	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-09-14 07:03:42	39EBB9708453036A74C30C9A294023FF	2310656	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-09-14 07:03:41	F6304AACC5744016770C8C797CAA2AF7	5833728	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-09-14 07:03:40	FECA80905D551074E1A9298BD98103B7	1447424	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-09-14 07:03:39	97752927B6E2401011A96E0D6082E403	2104832	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-09-14 07:03:37	BA56C68CCB912C4C08C97DD32C47AD31	13588480	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-09-14 06:50:59	3469B9FAE899139FEE7356E91693376A	2777088	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2014-09-13 05:06:46	EFF3FF9D9E5BFD2A05390D959A1C3AD0	1031168	----a-w-	C:\Windows\Sysnative\TSWorkspace.dll
2014-09-13 05:06:31	224C2EEBAAF39CD93DE5332DBE5E5A95	2565120	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2014-09-13 04:46:53	33EF550DCCC58C93F5B65FD75BAD9832	728064	----a-w-	C:\Windows\Sysnative\kerberos.dll
2014-09-13 04:46:52	EE4B105F1DBE1E864AFC72E7F0315432	1460736	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2014-09-13 04:46:05	E2BCB58869598B392D6A78953F61A2D9	578048	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-09-13 04:46:04	88BC88D0BDFB6BBE5765D5ABB233C110	424448	----a-w-	C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-23 16:52:43	68430AD3FB0FADBFA5D1677617D1E1F5	50976	----a-w-	C:\Windows\Sysnative\drivers\avgtpx64.sys
2014-09-07 11:17:19	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf
====== C:\Windows\Tasks ======
2014-09-07 12:09:19	204C83F5B10F5C606C89650CB065A93D	3142	----a-w-	C:\Windows\Sysnative\Tasks\{76EA1A0E-0AFE-4E38-A5DA-CCA94A2050EE}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-23 17:58:33	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-09-23 16:51:40	--------	d-----w-	C:\PROGRA~2\AVG Secure Search
2014-09-23 16:39:52	--------	d-----w-	C:\PROGRA~2\AVG
2014-09-10 16:37:02	--------	d-----w-	C:\PROGRA~2\FileZilla FTP Client
======= C: =====
====== C:\Users\Koos\AppData\Roaming ======
2014-09-23 16:44:36	--------	d-----w-	C:\Users\Koos\AppData\Roaming\AVG2015
2014-09-23 16:37:59	--------	d-----w-	C:\Users\Koos\AppData\Local\Avg2015
2014-09-10 18:17:57	FA3E45C2D8188F206A434F735FD0535E	600	----a-w-	C:\Users\Koos\AppData\Local\PUTTY.RND
2014-09-10 16:37:32	--------	d-----w-	C:\Users\Koos\AppData\Roaming\FileZilla
2014-09-07 11:14:05	--------	d-----w-	C:\Users\Koos\AppData\Local\Programs
====== C:\Users\Koos ======
2014-09-23 16:43:31	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-23 16:41:30	--------	d-----w-	C:\ProgramData\AVG2015
2014-09-10 20:14:25	6327013F7D469BF7608A08452A875D2B	38046888	----a-w-	C:\Users\Koos\Downloads\FirefoxPortable_32.0_English.paf.exe
2014-09-10 20:01:17	AEE0E341BAEF9022A66F586BBF3734F6	761448	----a-w-	C:\Users\Koos\Downloads\FileZilla_3.9.0.5_win32-setup (1).exe
2014-09-10 16:37:09	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-07 11:17:20	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\ProgramData\ntuser.pol

====== C: exe-files ==
2014-09-24 04:51:40	916CEC665A9879DEB15BBDD943B7350B	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2014-09-23 18:25:16	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1B14GY1\RSITx64.exe
2014-09-23 17:58:33	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Koos.exe
2014-09-23 16:49:51	027A39AA7300B38002DC7C9EC30A1387	6472728	----a-w-	C:\Windows\Temp\ri_{8F38EC62-B921-4F6C-9705-893AE820BA77}.exe
2014-09-23 16:46:32	7B715D76BAB7A8ED8889CC1214F7ECA8	7140512	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
=== C: other files ==
2014-09-23 16:52:43	68430AD3FB0FADBFA5D1677617D1E1F5	50976	----a-w-	C:\Windows\System32\drivers\avgtpx64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1845523287-1893952805-4285506245-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Easybits Recovery"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hp\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe view=DOCKVIEW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QPService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\HP\\QuickPlay\\QPService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UCam_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\YouCam\" UpdateWithCreateOnce \"Software\\CyberLink\\YouCam\\2.0\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePRCShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePRCShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Hewlett-Packard\\Recovery\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Hewlett-Packard\\Recovery\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerRecover\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{9F977AD2-770C-7D0F-5BA1-FECB97EBB714}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{9F977AD2-770C-7D0F-5BA1-FECB97EBB714}"
"hkey"="HKCU"
"command"="C:\\Users\\Koos\\AppData\\Roaming\\Neav\\ifdyaty.exe"


==== Startup Folders ======================

2012-11-07 18:57:02	1047	----a-w-	C:\Users\Koos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12-09-2014 21:11]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe"]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5E73B944-33C4-4D71-AD40-1A8B402814CF}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================


==== Chromium Startpages ======================

C:\Users\Koos\AppData\Local\Google\Chrome\User Data\Default\Preferences
"variations_seed_signature": "MEUCIHz147i/WR3/zK77lw8a/LmcwZfGUPVlgm2wo4B3aBJSAiEA3dK8ZcbMAFHj/0piF+MHSTCxP6+Qt79AQo8nXsS+B58=","homepage":"http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345","homepage_is_newtabpage":false,"netLength":4625,"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13051030151661501","restore_on_startup":4,"urls_to_restore_on_startup":["http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345"],"startup_urls":["http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345"]},"default_search_provider_data":{"template_url_data":{"favicon_url":"","keyword":"buenosearch","short_name":"buenosearch","url":"http://www.buenosearch.com/?babsrc=SP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345&q={searchTerms}"}},"homepage":"http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345","homepage_is_newtabpage":false,"netLength":4625}
"variations_seed_signature": "MEUCIHz147i/WR3/zK77lw8a/LmcwZfGUPVlgm2wo4B3aBJSAiEA3dK8ZcbMAFHj/0piF+MHSTCxP6+Qt79AQo8nXsS+B58=","homepage":"http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345","homepage_is_newtabpage":false,"netLength":4625,"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13051030151661501","restore_on_startup":4,"urls_to_restore_on_startup":["http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345"],"startup_urls":["http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345"]},"default_search_provider_data":{"template_url_data":{"favicon_url":"","keyword":"buenosearch","short_name":"buenosearch","url":"http://www.buenosearch.com/?babsrc=SP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345&q={searchTerms}"}},"homepage":"http://www.buenosearch.com/?babsrc=HP_kms&affID=128493&tt=&mntrid=96C10C6076525DE7&tsp=5345","homepage_is_newtabpage":false,"netLength":4625}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.f1racing.nl/"
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1410088866&from=tugs&uid=ST9320325AS_5VD1QHLN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1410088866&from=tugs&uid=ST9320325AS_5VD1QHLN"
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1410088866&from=tugs&uid=ST9320325AS_5VD1QHLN"
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.certified-toolbar.com?si=84962&st=bs&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.certified-toolbar.com?si=84962&st=newtab&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://search.certified-toolbar.com?si=84962&st=newtab&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Start Default_Page_URL"="http://search.certified-toolbar.com?si=84962&st=home&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B"
"Default_Search_URL"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=84962&tid=29369&ver=6.7&ts=1408509823115&tguid=84962-29369-1408509823115-AD909821FBE563F4853BD17311E7037B&st=chrome&q="
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{afdbddaa-5d3f-42ee-b79c-185a7020515b}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.f1racing.nl/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1931204A-8114-4688-A1F4-6703B3DEEFE3} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-nl"
{3935291F-8D64-42E0-A3BD-33D49A80D65C} Kelkoo  Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_nlNL447"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mbot_nl_12_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9F977AD2-770C-7D0F-5BA1-FECB97EBB714} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Koos\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZXVO8QZ will be deleted at reboot
C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q47UWL4V will be deleted at reboot
C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1B14GY1 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Koos\AppData\Local\Mozilla\Firefox\Profiles\5zxaklqs.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Koos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=580 folders=202 271418440 bytes)

==== Empty Temp Folders ======================

C:\Users\Koos\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Koos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG Secure Search"  not found
"C:\PROGRA~2\AVG Secure Search"  not found
"C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HZXVO8QZ" not found
"C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q47UWL4V" not found
"C:\Users\Koos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1B14GY1" not found

==== EOF on wo 24-09-2014 at 21:58:17,90 ======================