
Zoek.exe v5.0.0.0 Updated 17-10-2014
Tool run by Kelly en Pieter on za 18/10/2014 at 10:07:02,82.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kelly en Pieter\Boekhouding\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

18/10/2014 10:11:23 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\Babylon deleted successfully
C:\PROGRA~3\OviInstallerCache deleted successfully
C:\Users\Kelly en Pieter\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Kelly en Pieter\AppData\Roaming\Vso deleted successfully
C:\Users\Kelly en Pieter\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Kelly en Pieter\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Kelly en Pieter\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77955601-6906-40EB-8BAC-65E0E0237B5C} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B0AB0623-65EF-4405-934C-7CF7D253BE41} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB6AAC6A-BF5F-4EF5-8CAB-26CABB200388} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Salus deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Salus deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UniversalUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UniversalUpdater deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\KELLYE~1\AppData\Roaming\Mozilla\Firefox\Profiles\0

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "c6f371e8000000000000889ffaa8f965");
user_pref("extensions.BabylonToolbar_i.hardId", "c6f371e8000000000000889ffaa8f965");
user_pref("extensions.BabylonToolbar_i.instlDay", "15462");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:55:34");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- FireFox user.js and prefs.js backups ---- 

user_20141810_1036_.backup
prefs_20141810_1036_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}] 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FocoLink] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTServiceManager] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"Salus"=- 
"Salus CrashMon"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\NCH_EN not found
C:\Program Files (x86)\Funmoods not found
C:\Program Files (x86)\Ask.com not found
C:\Program Files (x86)\YoutubeDownloader.org not found
C:\PROGRA~2\Universal Updater deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\iLivid deleted
C:\user.js deleted
C:\Users\Kelly en Pieter\AppData\Roaming\DVDVideoSoftIEHelpers deleted
C:\Users\Kelly en Pieter\AppData\Roaming\Babylon deleted
C:\Users\Kelly en Pieter\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\qjaxlkio.dss deleted
C:\PROGRA~3\Tarma Installer deleted
C:\Users\Kelly en Pieter\AppData\Local\Ilivid Player deleted
C:\Users\Kelly en Pieter\AppData\Local\Softonic deleted
C:\Users\Kelly en Pieter\AppData\Local\IAC deleted
C:\Users\Kelly en Pieter\AppData\Local\CrashRpt deleted
C:\Users\Kelly en Pieter\AppData\Local\Conduit deleted
C:\Users\Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid deleted
C:\Users\Kelly en Pieter\Downloads\FreeYouTubeToMP3Converter (1).exe deleted
C:\Users\Kelly en Pieter\Downloads\FreeYouTubeToMP3Converter.exe deleted
C:\Users\Kelly en Pieter\Downloads\SoftonicDownloader_voor_handbrake.exe deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\IAC deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\searchquband deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\Funmoods deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\Softonic deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\DataMngr deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\Conduit deleted
C:\Users\Kelly en Pieter\AppData\LocalLow\NCH_EN deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\Tasks\BrowserProtect deleted
C:\windows\SysNative\drivers\salus.sys deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\KELLYE~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\ffxtlbr@babylon.com deleted
C:\Users\KELLYE~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\OneClickDownloader@OneClickDownloader.com.xpi deleted
C:\Users\Kelly en Pieter\Boekhouding\Desktop\softonic_ggl_1.6.7.4.exe deleted
"C:\Windows\Installer\83528.msi" deleted
"C:\Program Files (x86)\Salus\CrashMon.exe" deleted
"C:\Program Files (x86)\Salus\libeay32.dll" deleted
"C:\Program Files (x86)\Salus\nfapi.dll" deleted
"C:\Program Files (x86)\Salus\ProtocolFilters.dll" deleted
"C:\Program Files (x86)\Salus\Salus.exe" deleted
"C:\Program Files (x86)\Salus\ssleay32.dll" deleted
"C:\PROGRA~2\Salus\CrashMon.exe" deleted
"C:\PROGRA~2\Salus\libeay32.dll" deleted
"C:\PROGRA~2\Salus\nfapi.dll" deleted
"C:\PROGRA~2\Salus\ProtocolFilters.dll" deleted
"C:\PROGRA~2\Salus\Salus.exe" deleted
"C:\PROGRA~2\Salus\ssleay32.dll" deleted
"C:\Program Files (x86)\Salus" not deleted
"C:\PROGRA~2\Salus" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\KELLYE~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-18 07:47:36	A042349B7208BF8BED858B1E9B48B06D	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 16:21:47	3ABACF6D4EBEA5EF3014FEFA1D8FF5F8	3221504	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2014-10-17 16:21:46	0DBD0B4D4766CADEB8C30242A0611395	1051136	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2014-10-17 16:21:45	FD67683FBA9B2C4BB551780BD8846F64	157696	----a-w-	C:\Windows\SysWOW64\winsta.dll
2014-10-17 16:21:45	DB1D6751689B4A7EE2439C64F2ADF1C9	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2014-10-17 16:21:45	97896EE4254176CFDD9010B5B243B89F	131584	----a-w-	C:\Windows\SysWOW64\aaclient.dll
2014-10-17 16:21:45	13829161C1297F4170A5546430147BBD	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 15:16:26	06FC8A93A4FA1F42A3D1D06694F2B339	419992	----a-w-	C:\Windows\SysWOW64\locale.nls
2014-10-17 15:16:22	C7673B3F8BB35221B42D67BF7ADAFDFD	7168	----a-w-	C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 15:16:22	730B7C639957EA0BF37C1459831A1E19	6656	----a-w-	C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 15:16:22	72222991598E173BBE1429426926C020	7168	----a-w-	C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 15:16:22	45B308F20FEF040BD7321E85F69DF5E2	6656	----a-w-	C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 15:16:22	2BD0519015E899A2FF52210CC5875F88	6656	----a-w-	C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 15:16:21	37C395C075E6FA66623C82DE50A8FAED	372736	----a-w-	C:\Windows\SysWOW64\rastls.dll
2014-10-17 15:16:11	D5D5BBF6AA45D820BAA0BD1303B8AAF6	81560	----a-w-	C:\Windows\SysWOW64\mscories.dll
2014-10-17 15:16:11	A139A5E6B34F136405B030EA04595A20	156824	----a-w-	C:\Windows\SysWOW64\mscorier.dll
2014-10-17 15:16:11	8580484193CE0A0788830FBAB97CF13B	1131664	----a-w-	C:\Windows\SysWOW64\dfshim.dll
2014-10-17 15:15:52	DF59F2510EDABBF216FA837D5D964106	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 15:15:52	604C67F58747D6A333EA641BCCC2C842	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-10-17 15:15:51	D78C4DB153874DB7AC6AA6A03BE38B66	331448	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 15:15:51	BD66BA5A924DCC8392CFAEB67131A246	597504	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 15:15:51	3065FF6794A7FDC882F0DA8B6230AB6E	1190400	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-10-17 15:15:51	201EAFA3F17BE4990999C28657212D8E	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 15:15:50	F91E55DA404B834648A3B0A2477C10DB	17484800	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-10-17 15:15:50	B89F5D2B3D3BC730FAB93CFCD931742F	607744	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 15:15:50	B5B1C277E46A5B0E2FC63E5FC5624CE5	365056	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 15:15:50	97F2F82BF0B4AF86A85FFDD78DFDC87D	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 15:15:49	8FAA1E45198C4ECEC691326B7F5E71C5	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-10-17 15:15:49	58EC068116BCE16A94B1B2C429A35E41	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 15:15:48	B74B348D13134D67B4F68ADDDC76A447	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 15:15:48	835807E2AC0A8FA15B9A2EA80E2D5169	2017280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 15:15:48	55A400FDB21D157E947A0EE65AEDB1B3	2187264	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-10-17 15:15:47	EF94FA1F3D90520CCA4AE65D639A9E62	11807232	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-10-17 15:15:47	410BECCA3354D471E45344F0754CC0E4	243200	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 15:15:47	158690737381C49120165A7F3F5D13EB	440320	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-10-17 15:15:45	FBE852643EDEB9D6D6502AFE6017CD64	678400	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 15:15:45	DF4BA130BD41F29A894E026E456B8481	454656	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-10-17 15:15:45	D03EB7605435FE24ADE670661A932651	4201472	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-10-17 15:15:45	AA103FEAD721863B86A1B1260948E662	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 15:15:45	8E8E6E7B4CC27B92F40F74E29C1F6290	1068032	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 15:15:45	7AE80F921027CF88CB9D0433088A3E55	1810944	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-10-17 15:15:44	6D4DD5706C297234F457B9D9018C493F	61952	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 15:15:44	2409C41081D657A3FABE3659BB989AFB	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-10-17 15:15:13	3888D02CE6413C2A06D903DE1C778BF5	2363904	----a-w-	C:\Windows\SysWOW64\msi.dll
2014-10-17 15:12:55	C120855C1133DF8FFD5E0C04A7E70B67	67072	----a-w-	C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-17 16:21:47	467D0E831D6DF8DA16BF856D0537A153	3722240	----a-w-	C:\Windows\Sysnative\mstscax.dll
2014-10-17 16:21:46	8516703179C3BDE90A3ED31B9EC16F8D	1118720	----a-w-	C:\Windows\Sysnative\mstsc.exe
2014-10-17 16:21:46	4FC4C50985E5B840F4D72E57286887B8	681984	----a-w-	C:\Windows\Sysnative\termsrv.dll
2014-10-17 16:21:45	C23B6D9D16FD86F446BE607CA18389D9	235520	----a-w-	C:\Windows\Sysnative\winsta.dll
2014-10-17 16:21:45	85E03B6E05939845BC924C91AEDE0E24	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2014-10-17 16:21:45	560CF90C026C0FE51CC6820302FF94FE	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2014-10-17 16:21:45	0374D83D003043E7DE33036294A2EFAE	150528	----a-w-	C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-17 15:16:26	06FC8A93A4FA1F42A3D1D06694F2B339	419992	----a-w-	C:\Windows\Sysnative\locale.nls
2014-10-17 15:16:22	EA21295A386C6DB2A2A90E657B37C5F4	7168	----a-w-	C:\Windows\Sysnative\KBDYAK.DLL
2014-10-17 15:16:22	BE67D99EDA34A68B827868371B5529AD	7168	----a-w-	C:\Windows\Sysnative\KBDTAT.DLL
2014-10-17 15:16:22	920B5C1CC0BAB6E574297BC3D945DA31	7168	----a-w-	C:\Windows\Sysnative\KBDBASH.DLL
2014-10-17 15:16:22	80EDA24B00478FA795F90DFA09C12E86	7168	----a-w-	C:\Windows\Sysnative\KBDRU1.DLL
2014-10-17 15:16:22	353C4A38042819CA83AEFC6F2E7051CD	6656	----a-w-	C:\Windows\Sysnative\KBDRU.DLL
2014-10-17 15:16:21	DD7C31F12936795C0516BB6C59CBCCD8	424448	----a-w-	C:\Windows\Sysnative\rastls.dll
2014-10-17 15:16:20	5602D4C331FD7938ADE06D9242138922	3198976	----a-w-	C:\Windows\Sysnative\win32k.sys
2014-10-17 15:16:11	50EC828370CB5F5E9FF08B10F1B701C8	73880	----a-w-	C:\Windows\Sysnative\mscories.dll
2014-10-17 15:16:11	5083CC5456FE8A5D21ECF9E32ACC779F	1943696	----a-w-	C:\Windows\Sysnative\dfshim.dll
2014-10-17 15:16:11	2D6C77A3DB3D8EE00FB55834A67E4073	156312	----a-w-	C:\Windows\Sysnative\mscorier.dll
2014-10-17 15:16:01	974F83636F841739FEA5CC6219BFB241	276480	----a-w-	C:\Windows\Sysnative\generaltel.dll
2014-10-17 15:16:00	510D5492BCA9E63E10E3CE0285965722	507392	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-10-17 15:15:59	767D478BB4B2F84B47B3C0956E6A5A05	424448	----a-w-	C:\Windows\Sysnative\aeinv.dll
2014-10-17 15:15:51	C109D5136DF0A6CA668C7AD888AA125F	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-10-17 15:15:51	739D9C9F220CCEDAFD8212C6B976B60D	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-10-17 15:15:51	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-10-17 15:15:50	DD8E9C85F9F428859713055183661956	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-17 15:15:50	4D21F4FDF57DF86FAD9149ED1C071D15	72704	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-17 15:15:48	B07E9AFF50DC007E7D5AC54736AA5A25	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-17 15:15:48	87D14AF9A2C3F3D5233B613CFA9C321D	378552	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-10-17 15:15:48	0F5A279522FA6A30C9C5A297A1064933	1447936	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-10-17 15:15:47	E9109E91BB8366759822DC2FC9B5DA8B	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-10-17 15:15:47	DAF317E9F4CEC206D0D443014A427341	446464	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-10-17 15:15:47	45B736E3184B68515FDB71D4083A9BCF	731136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-10-17 15:15:47	0467A4DDA6B2CE8E27A8178BF035BA18	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-10-17 15:15:46	646C004F58AA4762F92BF7C595216C37	2108416	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-10-17 15:15:46	050FD78BA4EFA62417F61F4C098B5B25	2796032	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-10-17 15:15:45	BE37AA454460539877420951EEA16EF0	51200	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-10-17 15:15:44	98241BE7EB26C41562D33393DD12608F	289280	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-10-17 15:15:44	88D2165E07CEDC3F34CBE1A5A807673D	595968	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-10-17 15:15:43	A2105E46DC9CE38A1D57FB124436E1BC	85504	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-10-17 15:15:43	7E60EE8A68F7270D1E1662CBA275D4FA	13619200	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-10-17 15:15:43	70527367E5779C3537992F0768D9C59A	1249280	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-17 15:15:42	F9FA80C1CB6EAC55A7F534937F6AC4E4	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-10-17 15:15:42	DB101A62F9BF8E7765685950169EF52B	758272	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-10-17 15:15:42	D3B07C2FABEAE749E4E51F1E93CABA23	5829632	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-10-17 15:15:42	328143D6BC5951E1797BD524C4E98CDC	547328	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-10-17 15:15:41	9D98D4F390F0B14A782F3B931E613A1A	2309632	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-10-17 15:15:41	30FB9ABB6C45C3299CFA5F556904DD5F	83968	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2014-10-17 15:15:41	2E5AF1507CBE735B4D7EBFF1908EA0E1	775168	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-10-17 15:15:40	EB710A3AF29BEC4EE7475A1ED5C575DE	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-10-17 15:15:40	7415B29AFE2E4494A57358B8C7E78600	23631360	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-10-17 15:15:40	15847E14811FEDDF77E934AF4F0BEF45	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-17 15:15:16	ADD3F2C3E6B89BD16D4BFC61B3658DD9	3241472	----a-w-	C:\Windows\Sysnative\msi.dll
2014-10-17 15:12:55	1DB68B8A1E3BDE3C19F1D3612CE436CA	77312	----a-w-	C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-17 16:21:45	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-17 16:21:45	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-17 17:24:02	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-10-18 07:47:52	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-10-18 07:46:00	--------	d-----w-	C:\PROGRA~2\Java
2014-10-04 07:10:18	--------	d-----w-	C:\PROGRA~2\DVD Shrink
2014-10-04 07:08:51	--------	d-----w-	C:\PROGRA~2\Salus
2014-09-19 09:19:29	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\Kelly en Pieter\AppData\Roaming ======
2014-10-01 14:52:14	--------	d-----w-	C:\Users\Kelly en Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
====== C:\Users\Kelly en Pieter ======
2014-10-18 07:46:57	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-18 07:41:38	92F975B07E65EF3AE67D89A016FDAACC	638888	----a-w-	C:\Users\Kelly en Pieter\JavaSetup8u25.com
2014-10-04 07:10:25	--------	d-----w-	C:\ProgramData\DVD Shrink
2014-10-04 07:10:18	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2014-09-19 09:19:30	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2014-10-18 07:46:58	AA3520FB0133A56BEE1DB34D74DBEF64	0	----a-we	C:\ProgramData\Oracle\Java\javapath\java.exe
2014-10-18 07:46:58	75D477E868CA51EC1B09D730570F322B	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-10-18 07:46:58	691D49FB44EDE9788288CABE4F7E0DAF	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-10-18 07:46:48	E3E6B18458FFB07CB24D7A0BA77C9FDF	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-10-18 07:46:48	DC197DCE6325CBAC905DE0D0E3BA3E8E	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-10-18 07:46:48	BB8C890E3E6372F2720709262BD42BF4	30632	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-10-18 07:46:48	B719E0F43166037DF46B5CFBE60A5118	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-10-18 07:46:48	AA3520FB0133A56BEE1DB34D74DBEF64	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-10-18 07:46:48	A458E2535E46151690E53E2A03FAA711	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-10-18 07:46:48	9BFAEF308D50779F6B255CB7BA7DCA5A	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-10-18 07:46:48	7AB1F1B3FB6C3DACA34EA2F988CDF5AC	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-10-18 07:46:48	75EE99C7F0038C746D82C76221ECA4EF	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-10-18 07:46:48	75D477E868CA51EC1B09D730570F322B	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-10-18 07:46:48	74713E9C1B01B152DDD3A1A3519A3647	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-10-18 07:46:48	70E67429D2C011FD0419AF899A8D0D70	68520	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-10-18 07:46:48	691D49FB44EDE9788288CABE4F7E0DAF	272296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-10-18 07:46:48	67F763B09F4BC8689E6FA9761E068D74	159656	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-10-18 07:46:48	57E1F756FAA787623DFCD2C1B2AACC68	51112	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-10-18 07:46:48	4367C05B0CF5553E71B34F51003D0615	76200	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-10-18 07:46:48	4109C4DB4BD48F5BF8115C7523A6B6F8	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-10-18 07:46:48	33D2AF53E209DA3E2BA939EB89801DC0	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-10-18 07:46:48	29E65AC6AFD8A0A9CAA361FF6F7B4886	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-10-18 07:46:48	28FC00F89631B0F6E1E9CA386FADD566	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-10-18 07:46:48	26C7F32186B1F0364CD06EA69227A79D	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-10-17 19:56:14	EC87C870FC286178E461C1D917567DCE	41081424	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-17 17:24:02	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Kelly en Pieter.exe
2014-10-17 17:22:56	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Kelly en Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JSC9QYQ\RSITx64.exe
2014-10-17 16:21:46	8516703179C3BDE90A3ED31B9EC16F8D	1118720	----a-w-	C:\Windows\System32\mstsc.exe
2014-10-17 16:21:46	0DBD0B4D4766CADEB8C30242A0611395	1051136	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2014-10-17 15:16:48	68270679465EC5A66B65489C6E44AD64	11100752	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.104\38.0.2125.104_37.0.2062.124_chrome_updater.exe
2014-10-17 15:16:00	D43F34B4901C499FE13798149879DCD8	161960	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-17 15:15:59	97EBB8C10D4A6CA575E3D916B25A3BEF	46752	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
2014-10-17 15:15:51	6B9FDB34A5A490FF6A7EDE280062626A	810680	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-10-17 15:15:51	54C9747BB0A64F4D9D401E4648363386	222720	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-17 15:15:51	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-10-17 15:15:49	F9F310F9FB7F294F00ABDD03453D8CEE	812736	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-17 15:15:49	649E8F572EC0D929F4EED13A53AC0475	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-17 15:15:49	53E24F2DB97EFAF85FE093AA254790EC	470528	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-17 15:15:47	E9109E91BB8366759822DC2FC9B5DA8B	111616	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-10-17 15:15:46	C876F8303AA30481A36FE2AACDE77671	483840	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-17 15:15:45	AA103FEAD721863B86A1B1260948E662	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 15:15:42	F9FA80C1CB6EAC55A7F534937F6AC4E4	139264	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-10-17 15:15:40	15847E14811FEDDF77E934AF4F0BEF45	940032	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
=== C: other files ==
2014-10-18 07:46:49	CE44A9D4918DCDC7CCCF5503BF4D7A3D	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-10-18 07:41:38	92F975B07E65EF3AE67D89A016FDAACC	638888	----a-w-	C:\Users\Kelly en Pieter\JavaSetup8u25.com
2014-10-17 16:21:45	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2014-10-17 16:21:45	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\System32\drivers\tssecsrv.sys
2014-10-17 15:16:20	5602D4C331FD7938ADE06D9242138922	3198976	----a-w-	C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"CrashMon"="C:\Program Files (x86)\Universal Updater\CrashMon.exe UniversalUpdater http://log.data-url.com/crash/"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\com.apple.dav.bookmarks.daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="com.apple.dav.bookmarks.daemon"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\BookmarkDAV_client.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Easybits Recovery"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\miCoach Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="miCoach Manager"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\adidas\\miCoach Manager\\SyncManager.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchSettings"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Spigot\\Search Settings\\SearchSettings.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish PictureMover.lnk"
"backup"="C:\\Windows\\pss\\Snapfish PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE -det"
"item"="Snapfish PictureMover"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/10/2014 16:29]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/01/2014 11:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/01/2014 11:10]
C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\Communicator.exe [16/09/2012 12:14]
C:\Windows\tasks\HPCeeScheduleForKELLYENPIETER$.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\SysNative\tasks\4810" [wscript.exe C:\Users\KELLYE~1\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForKELLYENPIETER$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCustParticipation HP Deskjet 1050 J410 series" ["C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe"]
"C:\Windows\SysNative\tasks\Kelly en Pieter Local Autobackup 5 4" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF" [20/11/2013 01:56]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - No path found[]
fdloijijlkoblmigdofommgnheckmaki - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx[]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
jbolfgndggfhhpbnkgnpjkfhinclbigj - No path found[]
jplinpmadfkdgipabgcdchbdikologlh - C:\Program Files (x86)\1ClickDownload\1click11.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20/09/2014 10:52]

NCH EN - Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Norton Identity Protection - Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Startpages ======================

C:\Users\Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://start.funmoods.com/?f=1&a=make",
"startup_urls": [ "http://start.funmoods.com/?f=1&a=make" ],


==== Chromium Fix ======================

C:\Users\Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdloijijlkoblmigdofommgnheckmaki_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Unknown  Url="Not_Found"
{d944bb61-2e34-4dbf-a683-47e505c587dc} Unknown  Url="Not_Found"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} deleted successfully
HKEY_USERS\S-1-5-21-2857530014-734982590-2328789001-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iLivid deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Salus deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kelly en Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kelly en Pieter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Kelly en Pieter\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kelly en Pieter\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Kelly en Pieter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=886 folders=266 261529758 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Kelly en Pieter\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KELLYE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Salus"  not found
"C:\PROGRA~2\Salus"  not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on za 18/10/2014 at 10:55:18,81 ======================