
Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by Guy on do 09/10/2014 at 16:05:09,46.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Guy\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-10-07-200750.log	2168 bytes
C:\zoek-results2014-10-08-150528.log	687 bytes

==== Empty Folders Check ======================

C:\Users\Guy\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\36q4e1br.default-1367777822496

user.js not found
---- Lines aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311 removed from prefs.js ----
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.InstallationThankYouPage", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.InstallationTime", 1410066989);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comaa338c5448f
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comaa338c5448f
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncdb_dbW
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncdb_dbW
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncintern
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.comasyncintern
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.active", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.addressbar", "NA");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.addressbarenhanced", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.asyncdb.was_copied", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.asyncinternaldb.was_copied", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.backgroundver", 2);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.certdomaininstaller", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.changeprevious", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallationTime.value", "%221410066989%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001823%2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.au.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Roman
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.au.value", "%222014-10-9%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Roma
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.cnt.value", "%22BE%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.first_run.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.first_run.value", "%221%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.install.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.install.value", "%222014-9-7%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.testingGaq.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.cookie.testingGaq.value", "%22http%3A//extclickmedia-maynemyltf.
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.description", "The must-have App extensions for Television fans 
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.domain", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.enablesearch", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.homepage", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.iframe", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%220018
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installe
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_appVer.value", "63");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_nextCheck.expiration", "Thu Oct 09 2014 22:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb._installer_additional_info.expiration", "Fri Feb 01 2
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealpl
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri 
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_regBundledWithSoftware.expiration
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_regBundledWithSoftware.value", "%
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.lastDailyReport", "1412863251726");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.lastUpdate", "1412863262487");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.manifesturl", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.name", "TheTorntvs V10 1.1");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.newtab", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.opensearch", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.pluginsurl", "http://js.newdemoonlinecloud.com/plugin/apps/63311
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.pluginsversion", 58);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.publisher", "Joseph CM");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.searchstatus", 0);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.setnewtab", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.thankyou", "");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.updateinterval", 360);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.ver", 63);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.apps", "63311");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.bic", "1484ecf62b42125551527e495e76904c");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.cid", 63311);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.firstrun", false);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.hadappinstalled", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.installationdate", 1410071487);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.installerAdditionalInfo", "{\"asw\":[-2080374782, -2147483643, 0],\"br
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.modetype", "production");
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.reportInstall", true);
user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.statsDailyCounter", 26);
---- FireFox user.js and prefs.js backups ---- 

prefs_20140710_2207_.backup
prefs_20140810_1705_.backup
prefs_20140910_1623_.backup

ProfilePath: C:\Users\Guy\AppData\Roaming\Thunderbird\Profiles\u5819eqj.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20140710_2207_.backup
prefs_20140810_1705_.backup
prefs_20140910_1623_.backup

ProfilePath: C:\Users\Guy\AppData\Roaming\TomTom\HOME\Profiles\ovc1j5wf.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20140710_2207_.backup
prefs_20140810_1705_.backup
prefs_20140910_1623_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\globalUpdate not found
C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\36q4e1br.default-1367777822496\extensions\a338c5448f724f94af2f11@cc4cdd6788a64e7ca7d83cb2cd.com deleted
C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\36q4e1br.default-1367777822496\extensions\printPages2Pdf@reinhold.ripper deleted
C:\PROGRA~2\TheTorntv V10 deleted
C:\Users\Guy\.android deleted
C:\PROGRA~2\NewFreeScreensavers deleted
C:\Users\Guy\AppData\Roaming\VOPackage deleted
C:\Users\Guy\AppData\Local\BearShare deleted
C:\Users\Guy\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
C:\Users\Guy\Downloads\7data-softonic.exe deleted
C:\Users\Guy\Downloads\SoftonicDownloader_voor_maxthon-cloud-browser(1).exe deleted
C:\Users\Guy\Downloads\SoftonicDownloader_voor_maxthon-cloud-browser.exe deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\Tasks\LaunchSignup deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\sho41E1.tmp deleted
C:\Windows\Syswow64\sho8E88.tmp deleted
C:\Windows\Syswow64\shoA43C.tmp deleted
C:\Windows\Syswow64\shoABD6.tmp deleted
C:\Users\Guy\Desktop\PC\FFSetupSoftonic295.exe deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Guy\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-08 16:25:59	BBA80D3CAB22620A6AC9BB603386EE33	519680	----a-w-	C:\Windows\SysWOW64\qdvd.dll
2014-10-08 16:25:58	C263F3E7E0523556964D661BC7CB9565	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-08 16:25:59	8D46C7BCDF7FBAAC8666D6640ADA930E	371712	----a-w-	C:\Windows\Sysnative\qdvd.dll
2014-10-08 16:25:58	A8A87343CAE432677D82C0BCC753D905	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-10-07 17:04:51	--------	d-----w-	C:\PROGRA~2\trend micro
2014-10-07 16:33:05	--------	d-----w-	C:\PROGRA~2\Elex-tech
======= C: =====
2014-10-08 19:54:14	E52F0CB375AC32A1B1A57FC9ECC19356	378	----a-w-	C:\Quarantine.reg
2014-10-08 19:54:14	AEC54222036155D900F2A02C7EB8079A	108	----a-w-	C:\Quarantine.lst
====== C:\Users\Guy\AppData\Roaming ======
2014-10-09 14:24:03	--------	d-----w-	C:\Users\Guy\AppData\Local\CrashDumps
2014-10-08 16:16:03	--------	d-----w-	C:\Users\Guy\AppData\Local\Axialis
2014-10-07 16:33:02	--------	d-----w-	C:\Users\Guy\AppData\Roaming\Elex-tech
====== C:\Users\Guy ======
2014-09-18 15:43:16	--------	d-----w-	C:\ProgramData\Chemtable Software

====== C: exe-files ==
2014-10-09 14:20:24	032835C1CEAEF5DF01F554FA5E3D286D	273008	----a-w-	C:\Users\Guy\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0\updater.exe
2014-10-08 16:25:58	916CEC665A9879DEB15BBDD943B7350B	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2014-10-08 16:10:36	0ACFCDB6F8DFA15AAD42371EF644F828	15609	----a-w-	C:\Program Files (x86)\Elex-tech\YAC\tmp\351d7967adfaade7a068acb6b117c3e6_target.zip
2014-10-08 16:01:16	83EF3433BA79AB23CDAE119986A9D20D	35134	----a-w-	C:\Program Files (x86)\Elex-tech\YAC\tmp\505C3BC2.zip
2014-10-08 14:47:31	E77759AB1BC74157D1D0E530C2D7BABD	78489	----a-w-	C:\Program Files (x86)\Elex-tech\YAC\tmp\17EA7FE0.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2165435700-71866061-3969913833-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Box Edit"="C:\\Users\\Guy\\AppData\\Local\\Box Edit\\Box Edit.exe"
"Spotify Web Helper"="\"C:\\Users\\Guy\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
"swg"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
"6F4CEC92313F9EB14C7A270E0DA24CD485F9E5AD._service_run"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=service"
"GoogleDriveSync"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"APSDaemon"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"ASUSWebStorage"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.143.296\\AsusWSPanel.exe /S"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\6F4CEC92313F9EB14C7A270E0DA24CD485F9E5AD._service_run]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="6F4CEC92313F9EB14C7A270E0DA24CD485F9E5AD._service_run"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AmIcoSinglun64"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApplePhotoStreams"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSPRP]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUSPRP"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ASUS\\APRP\\APRP.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSWebStorage]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUSWebStorage"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ASUS WebStorage\\3.0.108.222\\AsusWSPanel.exe /S"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATKMEDIA"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Media\\DMedia.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATKOSD2"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATKOSD2\\ATKOSD2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonQuickMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""
"hkey"="HKLM"
"item"="CLMLServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\com.apple.dav.bookmarks.daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="com.apple.dav.bookmarks.daemon"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\BookmarkDAV_client.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EaseUS EPM tray"
"hkey"="HKLM"
"command"="C:\\EaseUS Partition Master 9.2.1 Home Edition\\bin\\EpmNews.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ETDCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlashPlayerUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
"item"="FlashPlayerUpdate"
"hkey"="HKCU"
"command"="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_Plugin.exe -update plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDriveSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HControlUser"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Package\\ATK Hotkey\\HControlUser.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]
"command"="C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler"
"hkey"="HKCU"
"item"="ISUSPM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MobileDocuments"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ubd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Cyberlink\\PowerDVD10\\PDVD10Serv.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVBg"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /SF3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
"hkey"="HKLM"
"item"="RtHDVCpl"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SonicMasterTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SonicMasterTray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\SonicMaster\\SonicMasterTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Guy\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Guy\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME.exe"
"hkey"="HKCU"
"command"="\"C:\\tomtom\\\\TomTom HOME 2\\TomTomHOMERunner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePSTShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePSTShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Cyberlink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Cyberlink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VAWinAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VAWinAgent"
"hkey"="HKLM"
"command"="C:\\ExpressGateUtil\\VAWinAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{6CE6B062-EF6C-465c-AF36-96C67DAD3B65}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="{6CE6B062-EF6C-465c-AF36-96C67DAD3B65}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Pocket Watch, LLC\\ActivePrint System\\ActivePrintSystem.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]
"item"="AsusVibeLauncher"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AsusVibeLauncher.lnk"
"backup"="C:\\Windows\\pss\\AsusVibeLauncher.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\ASUS\\AsusVibe\\ASUSVI~2.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FancyStart daemon.lnk"
"backup"="C:\\Windows\\pss\\FancyStart daemon.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Windows\\Installer\\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\\_77B5857C27147149171BE7.exe -d"
"item"="FancyStart daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"item"="Dropbox"
"path"="C:\\Users\\Guy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Guy\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]
"item"="OpenOffice.org 3.3 "
"path"="C:\\Users\\Guy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Guy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
"item"="OpenOffice.org 3.4"
"path"="C:\\Users\\Guy\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.4.lnk"
"backup"="C:\\Windows\\pss\\OpenOffice.org 3.4.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"IntelTBRunOnce"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\""
"HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
"Persistence"="C:\\Windows\\system32\\igfxpers.exe"
"IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/10/2014 18:21]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2012 20:15]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2012 20:15]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS Patch 10430001" [C:\Windows\AsPatch10430001.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\AsusVibeSchedule" ["C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe"]
"C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\TuneUpUtilities_Task_BkGndMaintenance2013" [C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe]
"C:\Windows\SysNative\tasks\{1EA4F355-653D-4D2B-A6F3-05487C488BC9}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\36q4e1br.default-1367777822496
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- PrintPrint Preview - %ProfilePath%\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi

ProfilePath: C:\Users\Guy\AppData\Roaming\Thunderbird\Profiles\u5819eqj.default
- Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org

ProfilePath: C:\Users\Guy\AppData\Roaming\TomTom\HOME\Profiles\ovc1j5wf.default
- Map status indicator - C:\tomtom\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\tomtom\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Guy\AppData\Roaming\Mozilla\Firefox\Profiles\36q4e1br.default-1367777822496
DFC9460CC37E5C414DC4680B10C19E7A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -	Shockwave Flash
95812430959AE88CDD0301AB3A71913B	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -	Shockwave Flash
960A9681F9F36A73BAB22C0421E42BE3	- C:\Users\Guy\AppData\Local\Box Edit\npBoxEdit.dll -	Box Edit
C548328E9DE5EB73350EF292D7140662	- c:\Picasa\Picasa3\npPicasa3.dll -	Picasa


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15/07/2014 18:10]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Guy\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[07/09/2014 16:55]

Google Drive - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
avast Online Security - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Bananatag for Gmail - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid
Google Wallet - Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Preferences
yMLu2jHfg7Rhj50oCKcOFU7C5UAAAABGRqyuPTRDx5qQYyBYQUvri5Nil7EAq2WeCL3otfGRUQPFYWw8UIu\\/FUghFcIn3rBt0FgI7RZBwYTv9Od14O7z\\\",\\\"last_synced_time\\\":\\\"13049112812366012\\\",\\\"managed_user_shared_settings\\\":true,\\\"managed_users\\\":true,\\\"passwords\\\":true,\\\"preferences\\\":true,\\\"priority_preferences\\\":true,\\\"search_engines\\\":true,\\\"session_sync_guid\\\":\\\"session_sync9aO2mokNEKNHkBMYB24TiA==\\\",\\\"sessions\\\":true,\\\"suppress_start\\\":false,\\\"synced_notifications\\\":true,\\\"tabs\\\":true,\\\"themes\\\":true,\\\"typed_urls\\\":true},\\\"sync_promo\\\",{\\\"show_ntp_bubble\\\":false,\\\"startup_count\\\":1,\\\"user_skipped\\\":true},\\\"synced_notification\\\",{\\\"enabled_sending_services\\\":[\\\"Google+\\\"],\\\"first_run\\\":false,\\\"initialized_sending_services\\\":[\\\"Google+\\\"]},\\\"translate_accepted_count\\\",{\\\"fr\\\":0,\\\"nl\\\":0}]},\\\"translate_blocked_languages\\\":[\\\"en\\\",\\\"nl\\\"],\\\"translate_denied_count\\\":{\\\"fr\\\":3,\\\"nl\\\":2},\\\"translate_language_blacklist\\\":[\\\"nl\\\"],\\\"translate_site_blacklist\\\":[\\\"www.hln.be\\\"]}\",\"translate_whitelists\":\"homepage\",\"http:\\/\\/www.trovi.com\\/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M4C272EB9-093F-4639-8F34-A835AB4E06F5&SearchSource=55&CUI=&UM=2&UP=SP53C84613-D5EB-4B47-9E41-7782B579B60D&SSPV=\":\"homepage_is_newtabpage\",\"false\":\"intl\",\"{\\\"accept_languages\\\":\\\"en-US,en\\\"}\":\"invalidator\",\"{\\\"client_id\\\":\\\"2GQFJV48P1b3CU1VYEvROg==\\\"}\":\"media\",\"{\\\"device_id_salt\\\":\\\"Z\\\\\\/D9wRv8BhMsVrvsIvVZyQ==\\\"}\":\"net\",\"{\\\"http_server_properties\\\":{\\\"servers\\\":{\\\"ad.doubleclick.net:80\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":80,\\\"protocol_str\\\":\\\"quic\\\"}},\\\"clients2.google.com:443\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":443,\\\"protocol_str\\\":\\\"quic\\\"},\\\"settings\\\":{\\\"4\\\":100,\\\"5\\\":32,\\\"6\\\":0},\\\"supports_spdy\\\":true},\\\"clients2.googleusercontent.com:443\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":443,\\\"protocol_str\\\":\\\"quic\\\"},\\\"settings\\\":{\\\"4\\\":100,\\\"5\\\":107,\\\"6\\\":0},\\\"supports_spdy\\\":true},\\\"cm.g.doubleclick.net:80\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":80,\\\"protocol_str\\\":\\\"quic\\\"}},\\\"pubads.g.doubleclick.net:80\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":80,\\\"protocol_str\\\":\\\"quic\\\"}},\\\"www.facebook.com:443\\\":{\\\"supports_spdy\\\":true},\\\"www.google.com:443\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":443,\\\"protocol_str\\\":\\\"quic\\\"},\\\"settings\\\":{\\\"4\\\":100,\\\"5\\\":32,\\\"6\\\":0},\\\"supports_spdy\\\":true},\\\"www.googleapis.com:443\\\":{\\\"alternate_protocol\\\":{\\\"port\\\":443,\\\"protocol_str\\\":\\\"quic\\\"},\\\"settings\\\":{\\\"4\\\":100,\\\"5\\\":32,\\\"6\\\":20},\\\"supports_spdy\\\":true}},\\\"version\\\":3}}\":\"null\",\"null\":\"pinned_tabs\",\"plugins\":{\"migrated_to_pepper_flash\":true,\"plugins_list\":\"removed_old_component_pepper_flash_settings\",\"true\":\"profile\"},\"{\\\"avatar_index\\\":0,\\\"content_settings\\\":{\\\"clear_on_exit_migrated\\\":true,\\\"pattern_pairs\\\":\\\"pref_version\\\",\\\"1\\\":\\\"exit_type\\\"},\\\"Normal\\\":\\\"exited_cleanly\\\",\\\"true\\\":\\\"icon_version\\\",\\\"2\\\":\\\"managed_user_id\\\",\\\"\\\":\\\"name\\\",\\\"First user\\\":\\\"per_host_zoom_levels\\\",\\\"protection\\\":{\\\"macs\\\":{\\\"browser\\\":{\\\"show_home_button\\\":\\\"9A7A687E1EEB825533D4F8E44B7138712C8043AC7FBEDD4DE1B70B3B0C8F5BDF\\\"},\\\"default_search_provider\\\":{\\\"keyword\\\":\\\"2B07F921448241664A9C55C44306A3FCA26C59146DA8EE095F8599DAFD6C47E9\\\",\\\"name\\\":\\\"6FF398CCCDDC1BC90DC4D73A1DEF72A3498523FDB6E53F28FCBDDB1B9FA8DB50\\\",\\\"search_url\\\":\\\"A4F1A39ED51B5C9A5ADC9D529E0DE89B27E3616801B650E93293C45230A52616\\\"},\\\"default_search_provider_data\\\":{\\\"template_url_data\\\":\\\"9F0FD6EB976A5DF24A8B5D91BC8CF3799B47C2DAC21940019423582A66FA83E6\\\"},\\\"extensions\\\":{\\\"known_disabled\\\":\\\"114846CF9BC782BFA0269983EED40CC19B32E0666C0B64AC2DA601D21DE79151\\\",\\\"settings\\\":{\\\"ahfgeienlihckogmohjhadlkjgocpleb\\\":\\\"AC550681F89869527BB08ADF86C7EE712F3CD3E410182ABBC4A39706B3907371\\\",\\\"apdfllckaahabafndbhieahigkjlhalf\\\":\\\"FB016024883528C28AE48C31EC0280BD5D4683F0146C50224EF214724D81C110\\\",\\\"bepbmhgboaologfdajaanbcjmnhjmhfn\\\":\\\"D873EDB78DD8D604A7725E687BC046FA7905B0BA4A9E3EA9BC9426DCF46C58DD\\\",\\\"dnhpdliibojhegemfjheidglijccjfmc\\\":\\\"67F70DE38C6E02558C6C79B6239E010A3A756FDD1771447939C0F8B19C3516E6\\\",\\\"eemcgdkfndhakfknompkggombfjjjeno\\\":\\\"D3377DC59745FA33FA94DEFA3C5A090CE91DA61A6DD7DB3A12906C3BDD7743C0\\\",\\\"ennkphjdgehloodpbhlhldgbnhmacadg\\\":\\\"A31565B7BF1484EA57830434F430778015A4CC3FE5C350B98AD3C260C51F31E5\\\",\\\"gfdkimpbcpahaombhbimeihdjnejgicl\\\":\\\"7AC69AA5323B4866D15AE4F86E2D8F9F08BBA5AFF2CC4DC68ECEF9E051302FC2\\\",\\\"gomekmidlodglbbmalcneegieacbdmki\\\":\\\"DC1A6D0478D9045A470DDB8CE0F388ACC04BBA4243E55BE6ECA4C863512A17C2\\\",\\\"jpbnpbfpgjkblmejlgkfkekajajhjcid\\\":\\\"4EB6E386831E8B3DCD027004CDAC6D750DBDA5342AF5685F07170852305A8F82\\\",\\\"kioijmpindokaaahaeigkkkbogccljhm\\\":\\\"A7044403CFE5A22014C52932BC6B04656B9FBADD339404B4AB4A1AAE9B52AA85\\\",\\\"kmendfapggjehodndflmmgagdbamhnfd\\\":\\\"3C1E60CDBBB6DB6F232FA7A49FD53C8B288423EB23806B766BF739E90FBF7F9B\\\",\\\"mfehgcgbbipciphmccgaenjidiccnmng\\\":\\\"C357362624BCC7CC50333175AA231C893EB5CD276EB3B4BB439C72B993384132\\\",\\\"mgndgikekgjfcpckkfioiadnlibdjbkf\\\":\\\"C01A2852C9AF5C1A51C50C9E427283685D02404DEF7A6090320289D7B51740F4\\\",\\\"neajdppkdcdipfabeoofebfddakdcjhd\\\":\\\"F0A1EB6BAB3C2762733767625146A793D9945262A65527F55E5D85F351F6C7AD\\\",\\\"nkeimhogjdpnpccoofpliimaahmaaome\\\":\\\"3DE890C52ACBE44036C2F495B1C761DF1FDB9FF5A490ABA5F9E74FD27F0A1CC0\\\",\\\"nmmhkkegccagdldgiimedpiccmgmieda\\\":\\\"EB6D6B9143B94367BAE64A5C240860622D39900B7B2F9AC4970871AF8548D6A7\\\",\\\"pafkbggdmjlpgkdkcbjmhmfcdpncadgh\\\":\\\"911F5E5875358C9895C35B6081DFC803FA390548016A82279E3223453E5C0412\\\"}},\\\"google\\\":{\\\"services\\\":{\\\"last_username\\\":\\\"C168CC448492DE3EF379F5605907CDB8811CDB097176B8FB214EDAE27A57789F\\\"}},\\\"homepage\\\":\\\"0DA5A343BE728C39625F7D3AC7588B6E42D4A3A3376B58BBB12E66456A68C458\\\",\\\"homepage_is_newtabpage\\\":\\\"A6CE4FB66C372A7F49D973ACCCDB82D878D4CE8A9A4CC179ACEC2BF6C6234180\\\",\\\"pinned_tabs\\\":\\\"30AE325A68F2D8B4329E586DF333FCCD99C20625C938E63EE0DE0FAA408ED04D\\\",\\\"prefs\\\":{\\\"preference_reset_time\\\":\\\"AC835E8EFED51E17BB58CD1C24F77327667D8DCB895E6D56FBD1B32733D98A6C\\\"},\\\"profile\\\":{\\\"reset_prompt_memento\\\":\\\"007AA054E359874341FE581A9969CB3E0D4DAEA348B73BAD410C0ECBC42CC65A\\\"},\\\"safebrowsing\\\":{\\\"incident_report_sent\\\":\\\"18CEBC640E6C19246A61C6D49C8CB963448A998F8802F2D1F0442B3E84FDB17E\\\"},\\\"search_provider_overrides\\\":\\\"C66B56A34BC336A75650C3BE18BA10EE3B0E48EBA247D7BAB2D72E4A5387C4CB\\\",\\\"session\\\":{\\\"restore_on_startup\\\":\\\"062FFE3FEF31302874DDBFAE9452F21EAE3FA3F2A681999E560B195ADD4993C3\\\",\\\"startup_urls\\\":\\\"75C472846B375CE45CE4C9F00CD77076237D3CD55C586490E25E8D74265FCB6B\\\"},\\\"sync\\\":{\\\"remaining_rollback_tries\\\":\\\"FA47A9D3696972076A6AD8A89E79ABD52594A21ECFD9A294955A6DD78C977158\\\"}}}}\":\"session\",\"{\\\"restore_on_startup\\\":4,\\\"restore_on_startup_migrated\\\":true,\\\"startup_urls\\\":[\\\"http:\\\\\\/\\\\\\/www.trovi.com\\\\\\/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M4C272EB9-093F-4639-8F34-A835AB4E06F5&SearchSource=55&CUI=&UM=2&UP=SP53C84613-D5EB-4B47-9E41-7782B579B60D&SSPV=\\\"],\\\"startup_urls_migration_time\\\":\\\"13052312860885496\\\"}\":\"sync\",\"{\\\"remaining_rollback_tries\\\":0}\":\"translate_accepted_count\"}": {


==== Chromium Fix ======================

C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kioijmpindokaaahaeigkkkbogccljhm deleted successfully
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kioijmpindokaaahaeigkkkbogccljhm_0.localstorage deleted successfully
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kioijmpindokaaahaeigkkkbogccljhm_0 deleted successfully
C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kioijmpindokaaahaeigkkkbogccljhm deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.trovi.com/?gd=&ctid=CT3328140&octid=EB_ORIGINAL_CTID&ISID=M4C272EB9-093F-4639-8F34-A835AB4E06F5&SearchSource=55&CUI=&UM=2&UP=SP53C84613-D5EB-4B47-9E41-7782B579B60D&SSPV="
"Search Bar"="http://www.bing.com"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backache.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backbone.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fastboot.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spotify.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7B43EFE6-9562-D51C-1D9C-AE9F0F49AAD0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TheTorntv V10 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6CE6B062-EF6C-465c-AF36-96C67DAD3B65} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Guy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=546 folders=62 108232279 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guy\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Guy\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 09/10/2014 at 16:39:37,14 ======================