
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Liesbeth on wo 16/04/2014 at 11:47:02,08.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Liesbeth\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

16/04/2014 11:49:40 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Liesbeth\AppData\Roaming\TP deleted successfully
C:\Users\Liesbeth\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Liesbeth\AppData\Local\PackageAware deleted successfully
C:\Users\sysop\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully
HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Classes\Software\Microsoft\Internet Explorer\URLSearchHooks\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully

==== Deleting Services ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"fsm"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Pivot Stickfigure DB Toolbar deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\Users\Liesbeth\AppData\Local\Software deleted
C:\Users\Liesbeth\AppData\Local\TempDIR deleted
C:\Users\Liesbeth\AppData\LocalLow\Toolbar4 deleted
C:\Windows\wininit.ini deleted
C:\Windows\Syswow64\sho1A91.tmp deleted
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" deleted
"C:\Program Files (x86)\Microsoft\BingBar" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Liesbeth\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-04-14 17:05:29	CCF19C82F6145E4A467F7CB9AF82026C	17073152	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-04-14 17:05:28	A45A13AAC7777C096A073FF1F4F5A0D5	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 14:18:03	4F8CCD3E7D9F17A7C60FA0AE2466CACF	381440	----a-w-	C:\Windows\SysWOW64\wer.dll
2014-04-12 14:17:58	76161B9D78A275F8F28DD67436013110	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2014-04-12 14:17:57	2E1D6624EE2C3F454CADF09DC59E78B0	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2014-04-12 14:17:57	1F76F7CB3C690ACB985C2FD419383B49	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2014-04-12 14:17:56	A30AB03E7C837A17AC70E67E63B8E2F6	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2014-04-12 14:17:56	9F3D88540DB73F5213D5044CB50006DF	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2014-04-12 14:17:56	1E886E327F37F34CC7465F1605D1F3CD	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
2014-04-12 14:17:53	BD5E6C894130E7BB7ECE9A0925383068	2168320	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-04-12 14:17:53	8B521873651E62EF5868DC7B339959DB	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-04-12 14:17:52	A045DAE4D242A9A50FF6902774C55BE0	524288	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 14:17:52	7EDA015D4E74177A1B187326EDB14670	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-12 14:17:52	0FF358906F2333B26267BC0064DC02C4	1156096	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-04-12 14:17:51	E23497E11866154A97BA9877656113FE	1964032	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 14:17:51	B0CBC5A7D9278DCD5B230E1E50CCA5F6	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-04-12 14:17:51	2CF6CF90BF7FE0E616C363343FFA686B	553472	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-04-12 14:17:51	1CEE521E90703BB8A01211C77747E727	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 14:17:50	E84073A2F2D3A9448CA02F48B0360490	440832	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-04-12 14:17:50	4831AA1A6A112ACCEE240C9D5FA2108B	11266048	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-04-12 14:17:48	FC46FE32B043CA7251B1D707B91BA6A7	4244480	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-04-12 14:17:48	C8DBE0B5297FD85D7311E4791103517B	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 14:17:48	B61F47EB8CACBE09C8117E4FF7D9656D	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-04-12 14:17:48	AAFEAB4FC9D70253F8C7E353E879E8A2	1820160	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-04-12 14:17:48	4605E0295C8E742B28FD63D255322795	703488	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-04-12 14:14:45	A054EA8FBE16D4D34F06D81A4F0088E2	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-12 14:14:18	B0BE998802DEDEE1FD8F5E5F9F207A30	509440	----a-w-	C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-04-14 17:05:30	C3E3EFD320D0000BE6F9CDB00CD6086F	23134208	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-04-14 17:05:29	14257E59C8452DCC38B8D55DEDC6EE0D	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-04-12 14:18:03	1075AB2C077B415760C0E948856B5126	484864	----a-w-	C:\Windows\Sysnative\wer.dll
2014-04-12 14:17:58	D2A513EE880D71BDE7F0257F38B9D019	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2014-04-12 14:17:58	2A107B611C91CD256466C58C0D776E9D	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2014-04-12 14:17:57	74959C718FF4594369645F35B7DF19C4	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2014-04-12 14:17:57	7434E01FBCA3CB86539C39412A31D5E1	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2014-04-12 14:17:57	0F090A77E664CB0F70AB8D3B230B760C	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
2014-04-12 14:17:55	04F82965C09CBDF646B487E145060301	228864	----a-w-	C:\Windows\Sysnative\wwansvc.dll
2014-04-12 14:17:54	E918C0DE5CF2AE6BEDBF387C09627D93	3156480	----a-w-	C:\Windows\Sysnative\win32k.sys
2014-04-12 14:17:53	76862AAF77C049EC20217FDC209F7F13	2765824	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-04-12 14:17:53	10B2786774CC43D835FE8303D1970874	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-04-12 14:17:51	F6BA9A0266DA93AFB8EA9BA12BF81367	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-04-12 14:17:51	BA0A21F761CE5001DF712C51BF11F953	1393664	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-04-12 14:17:51	8BA97E7747A53F80873431178889911A	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-04-12 14:17:50	E6ACA421DA3E50D7F0A31228F0C547B0	627200	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-04-12 14:17:49	D378AB3C9178424588B55AC7B652D7F9	218624	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-04-12 14:17:49	8EA01E83528503D312224FC63D40BC2B	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-04-12 14:17:48	B3DFA392735A5FBE2896BAB67950123A	2041856	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-04-12 14:17:48	A0B690402E33DC9C78F22CB41F4FDC09	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-04-12 14:17:48	4F131DB206096854505AFEDD2153FD83	53760	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-04-12 14:17:47	9C5ADB26632D46919ABB231CF7DE98B9	13051904	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-04-12 14:17:47	422106B7565350885D0930DFA5BA21A1	574976	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-04-12 14:17:46	DF79CE9B950C62677D232154E93A81C7	2334208	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-04-12 14:17:46	D3CAA61DE060BC74B4EFC638679DFE7A	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-04-12 14:17:46	CF1C73DE1FADE3D3C44FCAF254F57DB2	5768704	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-04-12 14:17:46	8D46ACDFA065C423BED405702F075B54	708608	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-04-12 14:17:46	48ED94DA88F65684B28FCD87C01288A7	817664	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-04-12 14:17:45	E97FFE2D37F01DD8B52BE81E1B91A7C0	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-04-12 14:17:45	262B8883ECFD0C7CB303B56F9D9F210E	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-04-12 14:14:45	AFCA5C1ECEAF948FC815178BC077680E	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2014-04-12 14:14:18	2C619F6023E3F7A3ABF3475ED2223359	624128	----a-w-	C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-04-12 14:18:00	B3222734D80013D2C73841B0C549FA63	27584	----a-w-	C:\Windows\Sysnative\drivers\Diskdump.sys
2014-04-12 14:18:00	A3F0BC5897F9D3786A3CB695B163633A	190912	----a-w-	C:\Windows\Sysnative\drivers\storport.sys
2014-04-12 14:18:00	96BB922A0981BC7432C8CF52B5410FE6	274880	----a-w-	C:\Windows\Sysnative\drivers\msiscsi.sys
2014-04-12 14:17:55	1A29A59A4C5BA6F8C85062A613B7E2B2	1684928	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-12 14:26:11	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-04-12 15:27:20	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\Liesbeth\AppData\Roaming ======
====== C:\Users\Liesbeth ======
2014-04-12 14:23:27	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\Liesbeth\Downloads\RSITx64.exe

====== C: exe-files ==
2014-04-12 14:28:11	5B696683E453DC3B6720ABE35896D937	8712408	----a-w-	C:\Users\Liesbeth\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.117_chrome_updater.exe
2014-04-12 14:26:12	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Liesbeth.exe
2014-04-12 14:23:27	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\Liesbeth\Downloads\RSITx64.exe
2014-04-12 14:22:11	E093151047BBFFC0CD78D52F36490206	51080	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe
2014-04-12 14:22:11	398F40FAE5ADA9521544393F1F67A17E	51080	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateBroker.exe
2014-04-12 14:22:07	039DE3F65C7992994F788EAC8E79BF4F	884504	----a-w-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateSetup.exe
2014-04-12 14:21:33	6EFC5F64258FE0D9DA3CCFA7FF4D84BD	114568	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateComRegisterShell64.exe
2014-04-12 14:21:32	7E6B107120108B3A15BFECE0DE3201DB	228744	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe
2014-04-12 14:21:32	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleUpdate.exe
2014-04-12 14:21:32	0D5CE0E5AEC3ACC7930AB955334B8533	281480	----atw-	C:\Users\Liesbeth\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
2014-04-12 14:20:58	039DE3F65C7992994F788EAC8E79BF4F	884504	----a-w-	C:\Users\Liesbeth\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.23.9\GoogleUpdateSetup.exe
2014-04-12 14:17:52	84BCBFB752B96543307E6602E669A95A	806104	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-04-12 14:17:51	3A3BEA53F039CE2E997A918E26E30B1D	808152	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-12 14:17:51	2A0FAE869BC99A460FEFD832F261DCC9	469504	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-12 14:17:49	6254A3E46A65395BFFEB393938661738	482816	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
=== C: other files ==
2014-04-12 14:18:00	B3222734D80013D2C73841B0C549FA63	27584	----a-w-	C:\Windows\System32\drivers\Diskdump.sys
2014-04-12 14:18:00	A3F0BC5897F9D3786A3CB695B163633A	190912	----a-w-	C:\Windows\System32\drivers\storport.sys
2014-04-12 14:18:00	96BB922A0981BC7432C8CF52B5410FE6	274880	----a-w-	C:\Windows\System32\drivers\msiscsi.sys
2014-04-12 14:17:55	1A29A59A4C5BA6F8C85062A613B7E2B2	1684928	----a-w-	C:\Windows\System32\drivers\ntfs.sys
2014-04-12 14:17:54	E918C0DE5CF2AE6BEDBF387C09627D93	3156480	----a-w-	C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-233258130-177071954-1538206895-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="C:\Program Files (x86)\Software Informer\softinfo.exe -autorun"
"Google Update"="C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"Dolby Advanced Audio v2"="C:\Dolby PCEE4\pcee4.exe -autostart"
"BackupManagerTray"="C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="C:\Program Files (x86)\Software Informer\softinfo.exe -autorun"
"Google Update"="C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 "
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeMovieService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer\\clear.fi\\Movie\\clear.fiMovieService.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\FileZilla Server\\FileZilla Server Interface.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Liesbeth\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_0514F9420C2F6E92BB5FEF2A49682D84]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleChromeAutoLaunch_0514F9420C2F6E92BB5FEF2A49682D84"
"hkey"="HKCU"
"command"="\"C:\\Users\\Liesbeth\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Liesbeth^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Liesbeth\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Liesbeth\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DsiWMIService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EgisTec Ticket Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ePowerSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FileZilla Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GREGService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Live Updater Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NTI IScheduleSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TurboBoost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\USBMIDIAudioDevMon]


==== Startup Folders ======================

2014-01-10 18:36:22	1131	----a-w-	C:\Users\Liesbeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Acer Registration - Data Sending task.job --a------ C:\Program Files (x86)\Acer\Registration\GREG.exe [25/01/2011 04:59]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-233258130-177071954-1538206895-1001Core.job --a------ C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe [05/10/2011 12:38]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-233258130-177071954-1538206895-1001UA.job --a------ C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe [05/10/2011 12:38]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Acer Registration - Data Sending task" [C:\Program Files (x86)\Acer\Registration\GREG.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\clear.fi" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\SysNative\tasks\clear.fiAgent" ["C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\SysNative\tasks\DMREngine" ["C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-233258130-177071954-1538206895-1001Core" [C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-233258130-177071954-1538206895-1001UA" [C:\Users\Liesbeth\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Liesbeth\AppData\Roaming\Mozilla\Firefox\Profiles\ohm45fy4.default
F891089A6AB9E12FEDEBCC5EC0F40D66	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll -	Shockwave Flash
F3B0E300AFC94E1A775A2D935A7D384F	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll -	Shockwave for Director / Shockwave for Director
7EFF79934842F1C28992638AF19BF9CD	- C:\Users\Liesbeth\AppData\Roaming\Mozilla\plugins\npo1d.dll -	Google Talk Plugin Video Renderer
F87D7EB5573C0A84D8D460C54CBC5585	- C:\Users\Liesbeth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -	Google Talk Plugin
C2321043FA2CA4C32FF449DE6116B5D9	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll -	Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

Google Drive - Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Feedly - News Blogs and Youtube - Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob
Windows Media Player Extension for HTML5 - Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
Minibar - Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo
Google Wallet - Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo deleted successfully
C:\Users\Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpcknfcdcgpffjddjeceioobdelceffo_0.localstorage deleted successfully
C:\Users\Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpcknfcdcgpffjddjeceioobdelceffo_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bigseekpro.com/pivotstickfigure/{B70F753D-CE4C-4837-A478-A7408A379532}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.bigseekpro.com/pivotstickfigure/{B70F753D-CE4C-4837-A478-A7408A379532}?s_src=newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.bigseekpro.com/pivotstickfigure/{B70F753D-CE4C-4837-A478-A7408A379532}?s_src=newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liesbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liesbeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Liesbeth\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liesbeth\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liesbeth\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\sysop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Liesbeth\AppData\Local\Mozilla\Firefox\Profiles\ohm45fy4.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Liesbeth\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4753 folders=1213 57615890 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Liesbeth\AppData\Local\Temp will be emptied at reboot
C:\Users\sysop\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Liesbeth\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\Microsoft\BingBar"  not found

==== EOF on wo 16/04/2014 at 12:35:34,90 ======================