
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Stefan on wo 16/04/2014 at 20:08:39,83.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stefan\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

16/04/2014 20:11:25 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Anvil-Soft deleted successfully
C:\PROGRA~2\MediaPlayerV1 deleted successfully
C:\PROGRA~2\MediaViewerV1 deleted successfully
C:\PROGRA~2\MediaViewV1 deleted successfully
C:\PROGRA~2\MediaWatchV1 deleted successfully
C:\PROGRA~2\Quadriga Games deleted successfully
C:\PROGRA~2\VideoPlayerV3 deleted successfully
C:\PROGRA~2\WebexpEnhancedV1 deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\BSR Screen Recorder 5 deleted successfully
C:\Users\Stefan\AppData\Local\Bulents deleted successfully
C:\Users\Stefan\AppData\Local\PackageAware deleted successfully
C:\Users\Stefan\AppData\Local\Unity deleted successfully
C:\Users\Stefan\AppData\Local\VC 2 Paradise Resort deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\tld69lvd.default

---- Lines conduit removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
---- FireFox user.js and prefs.js backups ---- 

user_20141604_2023_.backup
prefs_20141604_2023_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\MediaViewerV1 not found
C:\Program Files (x86)\MediaViewV1 not found
C:\Program Files (x86)\MediaPlayerV1 not found
C:\Program Files (x86)\VideoPlayerV3 not found
C:\Program Files (x86)\WebexpEnhancedV1 not found
C:\Program Files (x86)\Java deleted
C:\Users\Stefan\AppData\Roaming\Alawar deleted
C:\Users\Stefan\AppData\Roaming\GoforFiles deleted
C:\Users\Stefan\AppData\Roaming\YoudaGames deleted
C:\Users\Stefan\AppData\Roaming\pdfforge deleted
C:\Users\Stefan\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\Alawar deleted
C:\PROGRA~3\Trymedia deleted
C:\Users\Stefan\AppData\Local\TempDIR deleted
C:\Users\Stefan\AppData\Local\SwvUpdater deleted
C:\Users\Stefan\AppData\LocalLow\boost_interprocess deleted
C:\windows\SysNative\tasks\AmiUpdXp deleted
C:\windows\SysNative\tasks\RunAsStdUser Task deleted
C:\windows\SysNative\Tasks\GoforFilesUpdate deleted
C:\END deleted
C:\Windows\Syswow64\SearchProtect deleted
C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\tld69lvd.default\searchplugins\safesearch.xml deleted
"C:\Windows\tasks\AmiUpdXp.job" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Stefan\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-04-14 14:45:32	BC63D80B6810238266D4334A80783D60	2382848	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 14:45:32	AC65D9692CA56D8581F75FCFE0C0C4D6	73216	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-04-14 14:45:30	447C9FADAC167AA7031328C11464C7D0	421376	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-04-14 14:45:29	46F8078ED1D499BF8149B7FDF915E5D5	1796096	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-04-14 14:45:28	D20FBD7E03F24A2720EAD746EADEE5A2	176640	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-04-14 14:45:27	48CB5C9B0942011010F5504F056FBF4E	142848	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-04-14 14:45:26	077B7BE0796C9DA2E8C45F90496CFE36	231936	----a-w-	C:\Windows\SysWOW64\url.dll
2014-04-14 14:45:25	4C43E955E8F782E722659364341E0529	65024	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 14:45:24	8229FB32D999CDD1DFA731E8E2E510A4	1427968	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-04-14 14:45:24	62077F806BC59CBD5A404338D710D133	1129472	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-04-14 14:45:24	25B97E6F25AFDA7EA0C9BF3CB137B4D8	1105408	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-04-14 14:45:23	DCEBA94B909C218BA2E471AEB9913E1C	607744	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 14:45:22	E8E0342BC443D013E8806EE1B69C1FC7	717824	----a-w-	C:\Windows\SysWOW64\jscript.dll
2014-04-14 14:45:22	6D4BC1F977EDF186A8C68152BFB43769	1806848	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-04-14 14:45:19	10D0FA4F2A6ADBEEA0FFF10583CC5407	12347904	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-04-14 14:45:16	D15B8C3BD0F2F6F520A10D5CFCE68879	9739264	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-04-10 14:41:59	F55CB10F43802526018AD72604420878	861696	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2014-04-05 16:10:05	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Windows\SysWOW64\config.nt
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-04-14 14:45:32	A259D58B8DFAFD3BFD17CF3F766E48E2	96768	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-04-14 14:45:32	15CA3C94585FBFB3C24C58467823E348	2382848	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-04-14 14:45:29	08EECD1F8935B1A4DE04410E17D44523	2147840	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-04-14 14:45:28	E1D326630AB7331CDCDE89EDEFBE1338	173056	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-04-14 14:45:28	50A8CEDD3D3E5BA6FD15F7C210EBD254	248320	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-04-14 14:45:26	DCFC9E297BB41902CE3C15AA665D316A	237056	----a-w-	C:\Windows\Sysnative\url.dll
2014-04-14 14:45:26	691CF424BD6E01BE23C6C533167C39A7	85504	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-04-14 14:45:24	CB1B9ACC111EC16C47DFE25FC8023B72	1347072	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-04-14 14:45:24	56932FF02302B2A294A2221FF7FF1F06	1392128	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-04-14 14:45:23	D7151627525D724BF0E2A95DCBED8251	1494528	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-04-14 14:45:23	A7E7461CB7F88B5373CC0F4C9B663EA0	729088	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-04-14 14:45:23	61CE85A38BFCE26F46BDF9869841A961	2334720	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-04-14 14:45:22	EED5256DC69F266E7680EC1E3F1586DA	816640	----a-w-	C:\Windows\Sysnative\jscript.dll
2014-04-14 14:45:22	DF066F9762A7B31D1146A4C406053E4C	599040	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-04-14 14:45:17	DB06224C72F52FAF8339D2669175A222	17848832	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-04-14 14:45:16	AC56947896A8B4E40386CBD03B792DF4	10926592	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-04-10 14:41:59	3D2BC46317D0FB5854F5C86686D593DB	1212416	----a-w-	C:\Windows\Sysnative\kernel32.dll
====== C:\Windows\Sysnative\drivers =====
2014-04-05 16:21:38	E16E2431516D904CED3946AD3FF8C86B	854	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF
2014-04-05 16:21:38	97E11C50CE52277B377396EA8838E539	177752	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS
2014-04-05 16:21:38	7846ED59291A134CC5DD017C6EC7B433	8222	----a-w-	C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT
2014-04-03 16:19:45	F88EF61BCD43ADDF2C9555430C16CD96	310984	----a-w-	C:\Windows\Sysnative\drivers\atksgt.sys
2014-04-03 16:19:44	8E4CA9AFD55EF6B509C80A8715ABF8C6	42696	----a-w-	C:\Windows\Sysnative\drivers\lirsgt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-05 15:12:20	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-04-04 15:11:22	--------	d-----w-	C:\PROGRA~2\Trend Micro
2014-04-03 15:59:32	--------	d--h--w-	C:\PROGRA~2\InstallShield Installation Information
2014-04-03 15:59:06	--------	d-----w-	C:\PROGRA~2\COMMON~1\InstallShield
2014-04-03 14:56:04	--------	d-----w-	C:\PROGRA~2\SpellForce
======= C: =====
====== C:\Users\Stefan\AppData\Roaming ======
2014-04-14 15:51:44	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps
2014-04-05 21:07:11	--------	d-----w-	C:\Users\Stefan\AppData\Local\CrashDumps
2014-04-05 14:35:50	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun
2014-04-03 15:00:08	--------	d-----w-	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpellForce
====== C:\Users\Stefan ======
2014-04-05 15:11:29	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\Stefan\Downloads\RSITx64.exe
2014-04-03 15:59:32	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellForce

====== C: exe-files ==
2014-04-14 14:45:31	BBC3D21C78230F38EF1B77309B82650A	468480	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-14 14:45:31	7FDA611E666CBA13783DD5A427C8DB99	482816	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-14 14:45:28	E1D326630AB7331CDCDE89EDEFBE1338	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-04-14 14:45:25	7116680C2C62709EE81BDDC69EF26B93	757488	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-14 14:45:25	62D1CE9232CE753D9627402C9B95E3D5	763632	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
=== C: other files ==
2014-04-16 17:23:12	1415934B6AD6921010BD262A417FAEEA	108	---ha-w-	C:\Program Files (x86)\Common Files\X10\Common\x10prod.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\s-1-5-21-3589482643-295888939-1930123342-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Stefan\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Pro Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Stefan\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSC"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Xvid"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\Windows\\pss\\WinZip Quick Pick.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/03/2014 17:38]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Opstaan" ["F:\Muziek\Rammstein [Liebe Ist Fr Alle Da][2010]NeRoZ\09 Liebe Ist fr Alle Da.mp3"]
"C:\Windows\SysNative\tasks\Opstaan luiaard" ["F:\Muziek\Adele - Make You Feel My Love.mp3"]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3589482643-295888939-1930123342-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3589482643-295888939-1930123342-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3589482643-295888939-1930123342-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3589482643-295888939-1930123342-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3589482643-295888939-1930123342-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{1E0C4FD9-C8A3-4FA8-B0B7-529BE80DC3EA}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\wakeup" ["F:\Muziek\Serj Tankian - Elect the Dead\Serj Tankian - Elect The Dead - 07 - Baby.mp3"]
"C:\Windows\SysNative\tasks\Wekker" [F:\Muziek\04-terra_naomi-im_happy.mp3]
"C:\Windows\SysNative\tasks\{52EC99EC-0F88-4AF1-85D6-34BF745BBD18}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn" [16/04/2014 19:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\tld69lvd.default
- Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\tld69lvd.default
95812430959AE88CDD0301AB3A71913B	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -	Shockwave Flash
AB87C54CA19675880B0CAE65B8AF140C	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.70.11
1BFD18699636B8F1AA26675BA43D2F8F	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll -	Shockwave for Director / Shockwave for Director
4676A8E1EE37E71486717ECD1E61C17B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
3170FDFA0CCE1D9133B6546315D11983	- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -	RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
76C5ADFE97A6960D0851522EA7AA5AF4	- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -	RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
FC5866F7793AF2CBCD425CC4B8D32A9E	- C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll -	Zylom Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ajadlheagenmmedmhaoafgkdenfilcme - C:\Program Files (x86)\BetterSurf\BetterSurfPlusV1\ch\BetterSurfPlusV1.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10/08/2011 14:02]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[11/03/2014 22:44]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 15:13]
poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@bettersurfplusv1.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ajadlheagenmmedmhaoafgkdenfilcme deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Stefan\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stefan\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Stefan\AppData\Local\Mozilla\Firefox\Profiles\tld69lvd.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=681 folders=62 192400302 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Stefan\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Stefan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not found

==== EOF on wo 16/04/2014 at 20:41:22,68 ======================