
Zoek.exe Version 4.0.0.2 Updated 07-March-2013
Tool run by ddd on vr 08-03-2013 at  9:59:22,07.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handle within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== FireFox Fix ======================

Deleted from C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\qjieootp.default-1355220476152\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.nl/ig?hl=nl/");

Added to C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\qjieootp.default-1355220476152\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\ddd\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-02-27 20:44:46	600A65F922CCDCBB2D11467914241556	2284544	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-27 20:44:45	8B285BDAB7735FDFB18E6F7122923B77	187392	----a-w-	C:\Windows\SysWOW64\UIAnimation.dll
2013-02-27 20:44:28	545F1BAAADD0BF1F4FE4586293FCA07D	417792	----a-w-	C:\Windows\SysWOW64\WMPhoto.dll
2013-02-27 20:44:18	6A13B4F3B3F575F1E24B877B9359AABA	10752	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 20:44:18	49ACA548B2423F1C67898E6AC719A9A6	3584	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 20:44:17	B3170CCC779B682C3341873EA60CF084	1988096	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2013-02-27 20:44:17	6951562DC4625EEFC6EACD52AD165866	9728	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 20:44:17	3C1936A12C62254F914A01BBC6A8DC69	161792	----a-w-	C:\Windows\SysWOW64\d3d10_1.dll
2013-02-27 20:44:17	2E33DFD10F28F86C3FC40EE123CC3904	2560	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 20:44:16	FB3F036EF6A467F7AF46C821FF5D198D	220160	----a-w-	C:\Windows\SysWOW64\d3d10core.dll
2013-02-27 20:44:16	D4F264FE23F8953D840904418220C15E	293376	----a-w-	C:\Windows\SysWOW64\dxgi.dll
2013-02-27 20:44:16	D4212AB475A3B25EC4DF574536C3EDC5	249856	----a-w-	C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-27 20:44:16	C7A730AFB80B11F93EFC81B1D6F920D7	364544	----a-w-	C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-27 20:44:16	60F4AEFA103D421EA4A40E31409B4756	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 20:44:16	589CBC4989F750E1DA35625AB481CF43	4096	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 20:44:16	4FF3EC04CD47DD62181894B71B004E40	604160	----a-w-	C:\Windows\SysWOW64\d3d10level9.dll
2013-02-27 20:44:16	3BE0D923AA45A4DBE091C2D84F0B4FE7	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 20:44:16	1C60E09CA1C3A045BC4D367F67C915B7	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 20:44:16	007863E45F25AA47A4C30D0930BBFD85	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 20:44:15	8504944851DF6175CC489A8F3328459E	1080832	----a-w-	C:\Windows\SysWOW64\d3d10.dll
2013-02-27 20:44:15	7ACDFB4CC67F4993DF0E0731576309B2	1504768	----a-w-	C:\Windows\SysWOW64\d3d11.dll
2013-02-27 20:44:15	6A7B5A3EFCCDB53DA41CF6838056990F	1158144	----a-w-	C:\Windows\SysWOW64\XpsPrint.dll
2013-02-27 20:44:15	62A6EB5771580CAE445804389F3F7432	207872	----a-w-	C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-27 20:44:15	4277F5164DE9B7C665BB928B9145BEE0	1247744	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2013-02-27 20:44:15	3BCECD87AB4E6743BFB45B352AD1A529	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-27 20:44:14	9FF8F684BACF326082E5562F7C104A79	3419136	----a-w-	C:\Windows\SysWOW64\d2d1.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-03-07 07:01:48	F6FF7917A2E1270C0DDE19E096A7808F	28672	----a-w-	C:\Windows\Sysnative\IEUDINIT.EXE
2013-02-27 20:44:45	E8EEA503870CB6A6DC4E09A2433DF33E	2776576	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2013-02-27 20:44:45	04CB7C8FDC6D9640DD82A527208F72C4	221184	----a-w-	C:\Windows\Sysnative\UIAnimation.dll
2013-02-27 20:44:27	893E8C1E4A1263EDDB1A6922D0E32201	465920	----a-w-	C:\Windows\Sysnative\WMPhoto.dll
2013-02-27 20:44:18	F5CEF064C7E6D95DA86B9D064A56A969	3584	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-27 20:44:18	F49E92B50CED5C9F1725D3C0329FD933	10752	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-27 20:44:17	C498EF41B93986BCBD483597573EB96D	2565120	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2013-02-27 20:44:17	AFC3DB5C6EB8CA8017DDB81D6C0AD02A	9728	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 20:44:17	9AE80F6A66B30E3ED8CDF858CF28B11B	194560	----a-w-	C:\Windows\Sysnative\d3d10_1.dll
2013-02-27 20:44:17	6F623BD09CBB4C3F97374F12976E5EA5	522752	----a-w-	C:\Windows\Sysnative\XpsGdiConverter.dll
2013-02-27 20:44:17	64A4AB126E24FD3F58EBE64852773DB5	2560	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 20:44:16	FB4045578F5180BDB1963AB352B78548	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-27 20:44:16	AFB73882AE41E1629A63E6713FE30FB9	296960	----a-w-	C:\Windows\Sysnative\d3d10core.dll
2013-02-27 20:44:16	9108540E866F75C7AF2B91DD921A8091	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-27 20:44:16	9094039A00485F71C4DE64BF51F64C46	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-27 20:44:16	8DFB5752FCE145A6B295093C0A8BE131	363008	----a-w-	C:\Windows\Sysnative\dxgi.dll
2013-02-27 20:44:16	72723D3E4781BADC62C3180C137E7B23	4096	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-27 20:44:16	63F72417CA38D8FC8F53709649B589E3	333312	----a-w-	C:\Windows\Sysnative\d3d10_1core.dll
2013-02-27 20:44:16	3834316FE8A653227282196525E07DFE	648192	----a-w-	C:\Windows\Sysnative\d3d10level9.dll
2013-02-27 20:44:16	0E6FBF19D9DFBB77316C23DF91F8A101	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-27 20:44:15	FA428BDBCFAB9DC3D58F0BD2CCD50EA2	1682432	----a-w-	C:\Windows\Sysnative\XpsPrint.dll
2013-02-27 20:44:15	F1C19F0AA151B90A7416FA1D50DDB582	245248	----a-w-	C:\Windows\Sysnative\WindowsCodecsExt.dll
2013-02-27 20:44:15	C4C183E6551084039EC862DA1C945E3D	1175552	----a-w-	C:\Windows\Sysnative\FntCache.dll
2013-02-27 20:44:15	BDDF242A49E7B7DC5CCEC291BCE53ACB	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2013-02-27 20:44:15	B2CA1AC17E78D986B22FD6C2261CD84F	1238528	----a-w-	C:\Windows\Sysnative\d3d10.dll
2013-02-27 20:44:15	7E8A672B7B06A6EB11960C22E0360C59	3928064	----a-w-	C:\Windows\Sysnative\d2d1.dll
2013-02-27 20:44:15	63BB89DED1E9104E68D33E54DE4D340D	1643520	----a-w-	C:\Windows\Sysnative\DWrite.dll
2013-02-27 20:44:15	448B02AD260EC3E1E892FCE6DFDDEEBD	1887232	----a-w-	C:\Windows\Sysnative\d3d11.dll
2013-02-26 06:44:56	90AECBA084ED34A36EC424C6CCC05849	952	----a-w-	C:\Windows\Sysnative\.crusader
====== C:\Windows\Sysnative\drivers =====
2013-02-13 06:26:05	B62A953F2BF3922C8764A29C34A22899	1913192	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2013-02-13 06:26:03	41C67E4205C606A103DEC8651D0B6FE6	288088	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-02-25 16:27:14	--------	d-----w-	C:\Program Files\iTunes
2013-02-25 16:27:14	--------	d-----w-	C:\Program Files\iPod
2013-02-12 17:16:48	--------	d-----w-	C:\Program Files\Bonjour
======= C:\Program Files (x86) =====
2013-03-06 15:01:45	--------	d-----w-	C:\Program Files (x86)\Trend Micro
2013-03-03 06:49:37	--------	d-----w-	C:\Program Files (x86)\Easy Travel
2013-02-25 16:27:14	--------	d-----w-	C:\Program Files (x86)\iTunes
2013-02-24 12:02:59	--------	d-----w-	C:\Program Files (x86)\CDBurnerXP
2013-02-24 11:45:25	--------	d-----w-	C:\Program Files (x86)\Media converter
2013-02-12 17:16:48	--------	d-----w-	C:\Program Files (x86)\Bonjour
======= C: =====
2013-03-07 20:55:50	7CA054BDEA9703579CBB1052D3DBFA32	2928	----a-w-	C:\{0DED5837-529A-490A-9934-E9BBADB59BCF}
2013-03-07 19:39:22	73CE477562E653DA309A2D30C8C5D2D2	2256	----a-w-	C:\{E2DCEE2C-81BA-4890-B350-0ED5771ABE01}
====== C:\Users\ddd\AppData\Roaming ======
2013-03-07 08:55:47	--------	d-----w-	C:\users\ddd\AppData\Roaming\Tinnes Software
2013-03-07 08:43:23	--------	d-----w-	C:\users\ddd\AppData\Roaming\HyperCalendar
2013-03-06 16:10:24	--------	d-----w-	C:\users\ddd\AppData\Local\Temp
2013-02-24 12:03:07	--------	d-----w-	C:\users\ddd\AppData\Roaming\Canneverbe Limited
2013-02-14 09:23:37	--------	d-----w-	C:\users\ddd\AppData\Roaming\DriverCure
2013-02-12 10:59:35	--------	d-----w-	C:\users\ddd\AppData\Roaming\ROUTE 66 Sync
====== C:\Users\ddd ======
2013-03-07 08:55:45	--------	d-----w-	C:\ProgramData\Tinnes Software
2013-02-25 16:27:14	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-24 12:03:07	--------	d-----w-	C:\ProgramData\Canneverbe Limited
2013-02-16 06:49:30	--------	d-----w-	C:\ProgramData\HitmanPro

====== C: exe-files ==
2013-03-08 06:53:51	8A7C8F4C713E70D73946833D76B77035	115608	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2013-03-07 10:52:33	31E4ED61C538755707FFD68537D4DC17	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$I5EJXKI.exe
2013-03-07 10:52:26	5A811D28F93F59B2CF127C53D76EC7DE	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$I6TYHF4.exe
2013-03-07 10:52:22	A68C86489FFF57ED089D5F89584CD7E4	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$INTFXEA.exe
2013-03-07 08:55:45	A048C33A0AEB1A2D7B55BC58ECB31BFE	1259465	----a-w-	C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\unins000.exe
2013-03-07 08:55:45	60688C7F19279C23E0DA8D4B21420ED2	260608	----a-w-	C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\desktopcalendar.exe
2013-03-07 08:53:29	B6138AD6CAE89E8E351CB96F2ACBB6F8	1961389	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$RNTFXEA.exe
2013-03-07 08:43:02	B6138AD6CAE89E8E351CB96F2ACBB6F8	1961389	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$R6TYHF4.exe
2013-03-07 08:38:52	E17CCCF87642DB3507C69B3BC1944269	265288	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-1545117835-1005181052-2276486622-1000\$R5EJXKI.exe
2013-03-05 06:36:24	526F48333DC36D7AA3BF9314AA195E38	829280	----a-w-	C:\Users\ddd\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.152\25.0.1364.152_25.0.1364.97_chrome_updater.exe
2013-03-03 06:58:52	3DF432AE9D14A0D7006EEE4389CA8D89	437727	----a-w-	C:\Program Files (x86)\Easy Travel\2012\Uninstall.exe
2013-03-01 22:35:38	EAE917700E7B339060EB3855A1EBE2D2	20851712	----a-w-	C:\Program Files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-7.0.3.8542.exe
=== C: other files ==
2013-03-07 08:55:45	D77C2F10A5CF893568FEAB209895A22F	1264	----a-w-	C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\scripts\VB\dateFunctions.vbs
2013-03-07 08:55:45	26337AF8D611F7954175331EE0A036C4	124	----a-w-	C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\scripts\VB\functions.vbs
2013-03-07 08:55:45	1372FC2A58B9D1FCDA646AA329B1E482	611	----a-w-	C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\scripts\VB\alert.vbs

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1545117835-1005181052-2276486622-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files (x86)\DU Meter\DUMeter.exe /autostart"
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"04095E2D46FBAB1772C7A849718066C270DBDF4E._service_run"="C:\Users\ddd\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"Google Update"="C:\Users\ddd\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NF22-B22-4abb-B07C-C084B04B4F12}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files (x86)\DU Meter\DUMeter.exe /autostart"
"googletalk"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"04095E2D46FBAB1772C7A849718066C270DBDF4E._service_run"="C:\Users\ddd\AppData\Local\Google\Chrome\Application\chrome.exe --type=service"
"Google Update"="C:\Users\ddd\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"
"hkey"="HKCU"
"item"=""
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\04095E2D46FBAB1772C7A849718066C270DBDF4E._service_run]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="04095E2D46FBAB1772C7A849718066C270DBDF4E._service_run"
"hkey"="HKCU"
"command"="\"C:\\Users\\ddd\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --type=service"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrMfcWnd]
"command"="C:\\Program Files (x86)\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"hkey"="HKLM"
"item"="BrMfcWnd"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"command"="C:\\Windows\\system32\\hkcmd.exe"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"command"="C:\\Windows\\system32\\igfxtray.exe"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliPoint"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\itype]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="itype"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""
"hkey"="HKCU"
"item"="OfficeSyncProcess"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"command"="C:\\Windows\\system32\\igfxpers.exe"
"hkey"="HKLM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSDMonitor]
"command"="C:\\Program Files (x86)\\Common Files\\PC Tools\\sMonitor\\SSDMonitor.exe"
"hkey"="HKLM"
"item"="SSDMonitor"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile-based device management]
"command"="C:\\Windows\\WindowsMobile\\wmdcBase.exe"
"hkey"="HKLM"
"item"="Windows Mobile-based device management"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"item"="WinZip Quick Pick"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files (x86)\\WinZip\\WZQKPICK.EXE "
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AudioSrv]


==== Startup Folders ======================

2012-01-28 20:15:14	1140	----a-w-	C:\users\ddd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 09:48]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-11-2011 17:17]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1545117835-1005181052-2276486622-1000Core.job --a------ C:\Users\ddd\AppData\Local\Google\Update\GoogleUpdate.exe [22-02-2013 07:31]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1545117835-1005181052-2276486622-1000UA.job --a------ C:\Users\ddd\AppData\Local\Google\Update\GoogleUpdate.exe [22-02-2013 07:31]
C:\Windows\tasks\PC Optimizer Pro Updates.job --a------ C:\Program Files\PC Optimizer Pro\StartApps.exe []
C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [21-08-2012 14:44]
C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [21-08-2012 14:43]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\qjieootp.default-1355220476152
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Interclue - %ProfilePath%\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi
- BlockSite - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\ddd\AppData\Roaming\Mozilla\Firefox\Profiles\qjieootp.default-1355220476152
78B8643467B68FCAD26C4D9E4A77EDB5	- C:\Users\ddd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -	Google Talk Plugin Video Accelerator
FE66393FF0F0A1CAF53FA54EFBBA5533	- C:\Users\ddd\AppData\Roaming\Mozilla\plugins\npo1d.dll -	Google Talk Plugin Video Renderer
416DE10C59706B4AB7F90CCD04C1EFB0	- C:\Users\ddd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -	Google Talk Plugin
E64819B6014A93E2503BB52419A0F6F3	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll -	Shockwave Flash
E0FF893763BA82BAABB869A351F0C455	- C:\Users\ddd\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll -	Google Update
3E21E80D10E1033D9C137440554FF724	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 6.0.370.6
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft� Windows� Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10-10-2011 10:09]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx[01-02-2013 23:18]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[31-07-2012 12:58]

Skype Click to Call - ddd - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Norton Identity Protection - ddd - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
GoPhoto.it - ddd - Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/ig?hl=nl/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/ig?hl=nl/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{1BA683A5-1F4F-4129-91D3-90960476408B}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1BA683A5-1F4F-4129-91D3-90960476408B} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\users\ddd\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\ddd\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts in Users Start Menu ======================

C:\Users\ddd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\ddd\AppData\Local\Google\Chrome\Application\chrome.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\ddd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe  /t

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk - C:\Program Files (x86)\Calibre2\calibre.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk - C:\Program Files (x86)\Calibre2\ebook-viewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk - C:\Program Files (x86)\Calibre2\lrfviewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Calendar\Desktop Calendar.lnk - C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\desktopcalendar.exe -action addtosidebar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter\DU Meter Help.lnk - C:\Program Files (x86)\DU Meter\DUMeter.exe /help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter\DU Meter.lnk - C:\Program Files (x86)\DU Meter\DUMeter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Travel\EasyTravel 2012.lnk - C:\Program Files (x86)\Easy Travel\2012\EasyTravel.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk - C:\Windows\SysWOW64\msiexec.exe /x {34B32B70-8081-11E2-89AF-B8AC6F98CCE3} FEEDBACK=1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter\Media converter.lnk - C:\Program Files (x86)\Media converter\MediaConverter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter\Uninstall Media converter.lnk - C:\Program Files (x86)\Media converter\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\LiveUpdate.lnk - C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\uistub.exe /lu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\NBRT.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Norton 360.lnk - C:\Program Files (x86)\Norton 360\Engine64\6.4.1.14\uistub.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Support.lnk - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\symerr.exe /support
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Uninstall Norton 360.lnk - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\6.4.1.14\inststub.exe /X /shortcut

==== shortcuts in Quick Launch ======================

C:\Users\ddd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Media converter.lnk - C:\Program Files (x86)\Media converter\MediaConverter.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\EasyTravel 2012.lnk - C:\Program Files (x86)\Easy Travel\2012\EasyTravel.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EasyTravel 2012.lnk - C:\Program Files (x86)\Easy Travel\2012\EasyTravel.exe 
C:\Users\ddd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ddd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\ddd\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ddd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\ddd\AppData\Local\Mozilla\Firefox\Profiles\q4p7x5xp.default\Cache emptied successfully
C:\users\ddd\AppData\Local\Mozilla\Firefox\Profiles\qjieootp.default-1355220476152\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\ddd\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ddd\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ddd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found