
Zoek.exe Version 4.0.0.4 Updated 31-08-2013
Tool run by James on 06/09/2013 at 10:48:02.18.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\James\Downloads\zoek.exe [Script inserted] [Checkboxes used]

==== System Restore Info ======================

06/09/2013 10:50:14 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\p1apk9m4.default\prefs.js:
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.search.defaulturl", "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\p1apk9m4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\p1apk9m4.default

---- Lines yahoo removed from prefs.js ----

user_pref("weboftrust.search.yahoo.display", "Yahoo!");
user_pref("weboftrust.search.yahoo.ign", "^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/|^http(s)?\\:\\/\\/.+\\/search\\/cache\\\\?");
user_pref("weboftrust.search.yahoo.ninja", "1");
user_pref("weboftrust.search.yahoo.pre0.match", 4);
user_pref("weboftrust.search.yahoo.pre0.re", "^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*http.+yahoo\\.[a-z]{2,}.+fu=(http.+)");
user_pref("weboftrust.search.yahoo.pre1.match", 4);
user_pref("weboftrust.search.yahoo.pre1.re", "^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+\\*\\*(http.+)");
user_pref("weboftrust.search.yahoo.pre2.match", 4);
user_pref("weboftrust.search.yahoo.pre2.re", "^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/click\\\\?u=(http.+)");
user_pref("weboftrust.search.yahoo.prestyle", ".bbox [ATTR], .right [ATTR] { display: none ! important; } [ATTR] { position: absolute; visibility: hidden; }");
user_pref("weboftrust.search.yahoo.style", "a.yschttl ~ [ATTR=\"NAME\"], .active a ~ [ATTR=\"NAME\"], .hd h3 a ~ [ATTR=\"NAME\"] { background: url(IMAGE) right no-repeat; margin-left: 4px; padding-top: 1px; position: relative; visibility: visible; }");
user_pref("weboftrust.search.yahoo.url", "^http(s)?\\:\\/\\/([\\w\\-]+\\.)*yahoo\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/search[;\\\\?].+");
user_pref("weboftrust.search.yahoomail.display", "Yahoo! Mail");
user_pref("weboftrust.search.yahoomail.dynamic", 1);
user_pref("weboftrust.search.yahoomail.ign", "^http(s)?\\:\\/\\/([\\w\\-]*\\.)*(yahoo\\.(com|net)|ymailupdates\\.com)\\/");
user_pref("weboftrust.search.yahoomail.match0.condition", "or");
user_pref("weboftrust.search.yahoomail.match0.match0.attribute0.name", "class");
user_pref("weboftrust.search.yahoomail.match0.match0.attribute0.re", "msg-body");
user_pref("weboftrust.search.yahoomail.match0.match0.element", "div");
user_pref("weboftrust.search.yahoomail.match0.match1.attribute0.name", "id");
user_pref("weboftrust.search.yahoomail.match0.match1.attribute0.re", "^(messageAreaIframe|ViewArea_.*)$");
user_pref("weboftrust.search.yahoomail.match0.match1.element", "$frame");
user_pref("weboftrust.search.yahoomail.prestyle", "[ATTR] { position: absolute; visibility: hidden; }");
user_pref("weboftrust.search.yahoomail.searchlevel", 60);
user_pref("weboftrust.search.yahoomail.style", "a ~ [ATTR=\"NAME\"] { background: url(IMAGE) right no-repeat; margin-left: 4px; position: relative; visibility: visible; }");
user_pref("weboftrust.search.yahoomail.url", "^http(s)?\\:\\/\\/([\\w\\-]*\\.)*mail\\.yahoo\\.(com|net)\\/(dc|neo|om\\/api)\\/");

---- Lines yahoo modified from prefs.js ----


---- Lines yahoo removed from user.js ----


---- Lines ask.com removed from prefs.js ----

user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

---- Lines ask.com modified from prefs.js ----


---- Lines ask.com removed from user.js ----


---- Lines Web Search removed from prefs.js ----


---- Lines Web Search modified from prefs.js ----


---- Lines Web Search removed from user.js ----


---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----


---- Lines browser.startup.page removed from user.js ----


---- FireFox user.js and prefs.js backups ---- 

user_092013_1210_.backup
user_092013_1242_.backup
prefs_092013_1210_.backup
prefs_092013_1242_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not found 
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml" not found 
"C:\Program Files (x86)\ConduitEngine" not found 
"C:\Program Files (x86)\Expat Shield" not found 
"C:\Program Files (x86)\Softonic-Eng7" not found 
"C:\Program Files (x86)\DealPly" not found 

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\James\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-09-03 07:53:14	9FA7BF625122CCAC90FCD307174D8CF3	3913664	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-03 07:53:13	DD5F17D44E9966E7EA447AE8C4D12D6C	3968960	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-03 07:53:13	528D298F9914C558EA7A9809BE598E65	1292192	----a-w-	C:\Windows\SysWOW64\ntdll.dll
2013-09-03 07:53:12	77F5D2CB80697EB96C45E79A869A6FAC	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2013-09-03 07:53:12	4E77948A7BD16BA5724EC79C60176B03	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2013-09-03 07:53:11	D313AE69128A75367AA36E15522931F6	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2013-09-03 07:53:11	CFEEF3185342ADEAE1E77A017052565B	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2013-09-03 07:53:11	3EED15C223E139C3A28B458800E52BF3	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-09-03 07:53:13	D6180FBBADA79BC28E5FD8187EBE7F64	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2013-09-03 07:53:13	C19DCA1024135D5485E25AB1047F77BC	5550528	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2013-09-03 07:53:13	8E45DD84F8F786B2DB94AD95225B9246	1732032	----a-w-	C:\Windows\Sysnative\ntdll.dll
====== C:\Windows\Sysnative\drivers =====
2013-08-10 08:35:42	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-05 08:19:54	--------	d-----w-	C:\Program Files\trend micro
2013-09-03 15:55:42	--------	d-----w-	C:\Program Files\Speccy
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\James\AppData\Roaming ======
2013-09-05 11:33:25	--------	d-----w-	C:\users\James\AppData\Local\Temp
====== C:\Users\James ======
2013-09-05 08:18:45	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\James\Downloads\RSITx64.exe
2013-09-03 15:55:43	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2013-09-03 15:55:00	1EFDECC41128BABB5B09B4C9BEB98D46	5127856	----a-w-	C:\Users\James\Downloads\spsetup122.exe

====== C: exe-files ==
2013-09-05 08:55:26	514FC42D49F76C16CC1839A6B9D3AC05	1611104	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\29.0.1547.66\29.0.1547.66_29.0.1547.62_chrome_updater.exe
2013-09-05 08:19:55	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\James.exe
2013-09-05 08:18:45	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\James\Downloads\RSITx64.exe
2013-09-04 09:12:28	85A00D39DE2CDC02CE127E19792BF6E5	22368	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.182\deploy\jpatch.exe
2013-09-03 15:55:00	1EFDECC41128BABB5B09B4C9BEB98D46	5127856	----a-w-	C:\Users\James\Downloads\spsetup122.exe
2013-09-03 07:53:14	9FA7BF625122CCAC90FCD307174D8CF3	3913664	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-03 07:53:13	DD5F17D44E9966E7EA447AE8C4D12D6C	3968960	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-03 07:53:13	C19DCA1024135D5485E25AB1047F77BC	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-09-03 07:53:11	D313AE69128A75367AA36E15522931F6	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2013-09-03 07:53:11	CFEEF3185342ADEAE1E77A017052565B	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2013-09-03 07:53:11	3EED15C223E139C3A28B458800E52BF3	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2669616586-821110155-888127141-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"InstallIQUpdater"="C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe /silent /autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"
"BCU"="C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"InstallIQUpdater"="C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe /silent /autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Linksys Wireless Manager"="c:\program files (x86)\linksys\linksys wireless manager\linksyswirelessmanager.exe /cm /min /lcid 1043"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe"
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"command"="c:\\program files (x86)\\common files\\adobe\\oobe\\pdapp\\uwa\\updaterstartuputility.exe"
"hkey"="HKLM"
"item"="AdobeAAMUpdater-1.0"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS4ServiceManager]
"command"="\"c:\\program files (x86)\\common files\\adobe\\cs4servicemanager\\cs4servicemanager.exe\" -launchedbylogin"
"hkey"="HKLM"
"item"="AdobeCS4ServiceManager"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"command"="c:\\users\\james\\appdata\\local\\akamai\\netsession_win.exe"
"hkey"="HKCU"
"item"="Akamai NetSession Interface"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCU]
"command"="c:\\program files (x86)\\devicevm\\browser configuration utility\\bcu.exe"
"hkey"="HKLM"
"item"="BCU"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"command"="c:\\program files (x86)\\microsoft office\\office12\\groovemonitor.exe"
"hkey"="HKLM"
"item"="GrooveMonitor"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HF_G_Jul]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HydraVisionDesktopManager]
"command"="c:\\program files (x86)\\ati technologies\\hydravision\\hydradm.exe"
"hkey"="HKCU"
"item"="HydraVisionDesktopManager"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstallIQUpdater]
"command"="\"c:\\program files (x86)\\w3i\\installiqupdater\\installiqupdater.exe\" /silent /autorun"
"hkey"="HKCU"
"item"="InstallIQUpdater"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kernel and Hardware Abstraction Layer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPeerNexonEU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Linksys Wireless Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nmctxth]
"command"="c:\\program files (x86)\\common files\\pure networks shared\\platform\\nmctxth.exe"
"hkey"="HKLM"
"item"="nmctxth"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NUSB3MON]
"command"="c:\\program files (x86)\\renesas electronics\\usb 3.0 host controller driver\\application\\nusb3mon.exe"
"hkey"="HKLM"
"item"="NUSB3MON"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QFan Help]
"command"="c:\\program files (x86)\\asus\\ai suite\\qfan4\\fanhelp.exe"
"hkey"="HKLM"
"item"="QFan Help"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_DTS]
"command"="c:\\program files\\realtek\\audio\\hda\\ravbg64.exe /fordtsuptbt"
"hkey"="HKLM"
"item"="RtHDVBg_DTS"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"command"="c:\\program files\\realtek\\audio\\hda\\rtkngui64.exe -s"
"hkey"="HKLM"
"item"="RTHDVCPL"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"command"="\"c:\\program files (x86)\\ati technologies\\ati.ace\\core-static\\clistart.exe\" msrun"
"hkey"="HKLM"
"item"="StartCCC"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="c:\\program files (x86)\\common files\\java\\java update\\jusched.exe"
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svchost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"command"="c:\\program files (x86)\\avg secure search\\vprot.exe"
"hkey"="HKLM"
"item"="vProt"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Startup Folders ======================

2013-08-01 11:44:01	1938	----a-w-	C:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Deskjet 2510 series.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [23/08/2013 20:51]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/04/2011 13:36]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/04/2011 13:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\p1apk9m4.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- LavaFox V2 - %ProfilePath%\extensions\info@djzig.com
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Expat Shield Helper Please allow this installation - %AppDir%\extensions\afurladvisor@anchorfree.com
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\p1apk9m4.default
0C8597DBC74AAF5179471BA013E3C6B4	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll -	Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.250.17
4676A8E1EE37E71486717ECD1E61C17B	- C:\Windows\system32\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
A63259925ADB2A1181C712513EBFB8ED	- C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft� Windows� Operating System


==== Chrome Look ======================

Google Docs - James - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - James - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - James - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - James - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Card number - James - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - James - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox"
{443789B7-F39C-4b5c-9287-DA72D38F4FE6} AOL Search Url="http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=ABB2985A35374A1EB3D19F38A3EF57F5&tb_oid=26-04-2013&tb_mrud=26-04-2013"
{512E847A-300C-43c3-B83B-6581EEBE1894} Google  Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=nl&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"

==== Reset Google Chrome ======================

C:\users\James\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\James\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TKDU623 will be deleted at reboot
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HD2WNJ7 will be deleted at reboot
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ2ZJ97O will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\James\AppData\Local\Mozilla\Firefox\Profiles\p1apk9m4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\James\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\users\James\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully