
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by katrien on di 04/08/2015 at 10:09:33,18.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\katrien\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

==== Empty Folders Check ======================

C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\BabelFish deleted successfully
C:\PROGRA~2\Convar deleted successfully
C:\PROGRA~2\Pixum deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\log deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\Users\katrien\AppData\Local\CrashDumps deleted successfully
C:\Users\katrien\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\katrien\AppData\Local\EmieSiteList deleted successfully
C:\Users\katrien\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d79f641-c168-40df-a32f-bacea7509e75} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5d79f641-c168-40df-a32f-bacea7509e75} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully
HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.1265835822 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.1265835822 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Csrcc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Csrcc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\daugava Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\daugava Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Web Assistant Updater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Web Assistant Updater deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"daugava"=- 
"daugava64"=- 
[-HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Browser Plugin Loader] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TelevisionFanatic Search Scope Monitor] 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\TelevisionFanatic deleted
C:\Program Files\Web Assistant deleted
C:\Program Files\daugava deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-08-03 18:13:57	CA05F53ED21EC83EAFBFEF37564D7BC9	156	----a-w-	C:\Windows\Reimage.ini
====== C:\Users\katrien\AppData\Local\Temp ====
2015-08-04 08:05:37	BCA0388139FF5F60970FB96E56BC00EB	71168	----a-w-	C:\Users\katrien\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4wzk3n.dll
2015-08-03 18:20:23	D920550BA5E75D8FF7AF788C65C1018A	13530824	----a-w-	C:\Users\katrien\AppData\Local\Temp\ReimagePackage.exe
====== Java Cache =====
2015-07-30 14:30:36	5C0632D68A4F8E6486ADAEE56631FF73	100	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6710dd51-0fa1d688d65b254e9ddbb7fba82381e7a61b250c8d30b23d0d5066b50aa93b59-6.0.lap
2015-07-30 14:30:24	9CF9E992488D9B57BF788BDD55FCF92A	452	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\3b1ef3d7-f5d7d736342bfb3dba2d9e75100b87fa269a403c87f9c2f43c625d86adfffed8-6.0.lap
2015-07-30 14:30:37	76C7B689916C723A2784D327A18209A5	1368	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\77490099-1e5c09f0
2015-07-30 14:30:50	76F9C03104D8E564BDC4652BFE5247FF	863592	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1c000bdb-5176a851
2015-07-30 14:30:25	71A0A3748526D370882B8DA764E668B5	592918	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5347b2db-7df31ad0
2015-07-30 14:30:51	76F9C03104D8E564BDC4652BFE5247FF	863592	----a-w-	C:\Users\katrien\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\6a130ca0-222a2b9a
====== C:\Windows\SysWOW64 =====
2015-07-24 10:42:59	D80ECB18D64AE3C2A9D8220ABEBCE40A	25600	----a-w-	C:\Windows\SysWOW64\lpk.dll
2015-07-24 10:42:59	BBA0C61CB01BA4351C41DC36BBEB55B4	299008	----a-w-	C:\Windows\SysWOW64\atmfd.dll
2015-07-24 10:42:59	900DB967084C22C6D83D637529B77E8F	34304	----a-w-	C:\Windows\SysWOW64\atmlib.dll
2015-07-24 10:42:59	2DD3D6B44442EF17675554D0482E7BC2	70656	----a-w-	C:\Windows\SysWOW64\fontsub.dll
2015-07-24 10:42:59	0A6495A400140B89242268A13C807841	10240	----a-w-	C:\Windows\SysWOW64\dciman32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-07-24 10:42:59	D57C03D365BC71C7A30504644515F3F8	41984	----a-w-	C:\Windows\Sysnative\lpk.dll
2015-07-24 10:42:59	37C6F4906A4B3F837780AF078A1718BA	14336	----a-w-	C:\Windows\Sysnative\dciman32.dll
2015-07-24 10:42:59	2D0E2C197BA9CD67105DE5BBFBEF72A7	46080	----a-w-	C:\Windows\Sysnative\atmlib.dll
2015-07-24 10:42:59	1C4FF36152EBDF5C10A612FC9B2E1F8A	100864	----a-w-	C:\Windows\Sysnative\fontsub.dll
2015-07-24 10:42:59	08D58C21888BC2DC754F591C23709C33	372224	----a-w-	C:\Windows\Sysnative\atmfd.dll
====== C:\Windows\Sysnative\drivers =====
2015-07-31 16:32:18	0DA3FBC2ECE10BF259F3F4F2FE08FE86	61336	----a-w-	C:\Windows\Sysnative\drivers\cherimoya.sys
2015-07-15 12:25:27	C0A6C3D6E02B61B5D100FE17306C276F	95680	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-07-15 12:25:27	7A7328E427694CC7244235C3BC299F80	155584	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-07-15 12:25:27	45A03A0B6461EFBEE77E0A6AC2816EDA	129024	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-07-15 12:25:27	21AF322605D8C7F2A627C22634D1C9C9	290816	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-07-15 12:25:27	1877EB1495CFBDAB27D6A32F6DDF3818	159232	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
====== C:\Windows\Tasks ======
2015-08-03 18:21:12	FF1711560344B1742FFDDB5240960009	344	----a-w-	C:\Windows\Tasks\ReimageUpdater.job
2015-07-31 16:32:19	79213B5F8E786F25467B322E0C49DCB3	3624	----a-w-	C:\Windows\Sysnative\Tasks\Cawlez
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-08-03 18:31:22	--------	d-----w-	C:\Program Files\trend micro
2015-08-03 18:20:37	--------	d-----w-	C:\Program Files\Reimage
======= C:\PROGRA~2 =====
======= C: =====
2015-07-31 16:32:17	68444E9D77D56E5524C62DB51953C7F3	45	----a-w-	C:\user.js
====== C:\Users\katrien\AppData\Roaming ======
2015-08-01 23:30:49	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-07-31 17:23:04	--------	d-----w-	C:\Users\katrien\AppData\Locallow\Company
2015-07-31 16:32:22	--------	d-----w-	C:\Users\katrien\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-07-31 16:32:20	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Company
2015-07-31 16:32:20	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-07-31 09:00:15	--------	d-----w-	C:\Users\katrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-24 10:27:09	--------	d-----w-	C:\Users\katrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
====== C:\Users\katrien ======
2015-08-03 18:30:43	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\katrien\Desktop\RSITx64.exe
2015-08-03 18:20:56	--------	d-----w-	C:\ProgramData\Reimage Protector
2015-08-03 18:20:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-08-02 22:10:42	7FE04C9586B61719A1D2C8459B345C39	563296	----a-w-	C:\Users\katrien\Downloads\JavaSetup8u51.exe

====== C: exe-files ==
2015-08-04 08:07:06	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\30037\AdobeARMHelper.exe
2015-08-03 19:01:38	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\7208\AdobeARMHelper.exe
2015-08-03 18:38:36	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\2695\AdobeARMHelper.exe
2015-08-03 18:31:22	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\katrien.exe
2015-08-03 18:30:43	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\katrien\Desktop\RSITx64.exe
2015-08-03 18:20:38	72CB31555DA5996B6DC008F2F6BCBBFF	772016	----a-w-	C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
2015-08-03 18:20:23	D920550BA5E75D8FF7AF788C65C1018A	13530824	----a-w-	C:\Users\katrien\AppData\Local\Temp\ReimagePackage.exe
2015-08-03 12:11:57	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\25245\AdobeARMHelper.exe
2015-08-02 22:10:42	7FE04C9586B61719A1D2C8459B345C39	563296	----a-w-	C:\Users\katrien\Downloads\JavaSetup8u51.exe
2015-07-31 08:59:19	A01180B391FA520936CD8347A005AF63	48888168	----a-w-	C:\Users\katrien\AppData\Local\Dropbox\Update\Download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\3.8.5\DropboxClient_3.8.5.exe
2015-07-30 18:14:35	51539966269C0B0E3EC0A19E929973C6	794192	----a-w-	C:\Users\katrien\AppData\Local\Google\Update\Install\{A06D832A-8749-4134-8D7E-28AB410F5FEF}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
2015-07-30 18:14:35	51539966269C0B0E3EC0A19E929973C6	794192	----a-w-	C:\Users\katrien\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.125\44.0.2403.125_44.0.2403.107_chrome_updater.exe
2015-07-29 12:30:15	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\27117\AdobeARMHelper.exe
2015-07-29 12:15:16	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\24188\AdobeARMHelper.exe
2015-07-29 12:01:15	31657ADA786863B73FAC28E5BD0753AD	382168	----a-w-	C:\ProgramData\Adobe\ARM\S\21439\AdobeARMHelper.exe
=== C: other files ==
2015-07-31 16:32:18	0DA3FBC2ECE10BF259F3F4F2FE08FE86	61336	----a-w-	C:\Windows\System32\drivers\cherimoya.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\tray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-370917196-725970299-3790744164-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c"
"Facebook Update"="C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Spotify Web Helper"="C:\Users\katrien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"
"Dropbox Update"="C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"Google Photos Backup"="C:\Users\katrien\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\tray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c"
"Facebook Update"="C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Google Update"="C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Spotify Web Helper"="C:\Users\katrien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CCleaner Monitoring"="C:\Program Files (x86)\CCleaner\CCleaner64.exe /MONITOR"
"Dropbox Update"="C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"Google Photos Backup"="C:\Users\katrien\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\(default)]
"command"=""
"hkey"="HKLM"
"item"="(default)"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"
"hkey"="HKLM"
"item"="AdobeCS5ServiceManager"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"
"hkey"="HKLM"
"item"="AppleSyncNotifier"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager]
"command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"
"hkey"="HKLM"
"item"="Microsoft Default Manager"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"
"hkey"="HKLM"
"item"="SmartMenu"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayServer]
"command"="C:\\Program Files (x86)\\MAGIX\\Video_deluxe_MX\\TrayServer_nl.exe"
"hkey"="HKLM"
"item"="TrayServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Startup Folders ======================

2015-07-24 10:29:20	1147	----a-w-	C:\Users\katrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-05-06 09:26:26	275072	----a-w-	C:\Users\katrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/07/2015 13:59]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core.job --a------ C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/06/2015 12:07]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA.job --a------ C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe [20/06/2015 12:07]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core.job --a------ C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/11/2012 17:12]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA.job --a------ C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe [03/11/2012 17:12]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 11:15]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/10/2014 11:15]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core.job --a------ C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe [16/10/2014 06:15]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA.job --a------ C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe [16/10/2014 06:15]
C:\Windows\tasks\ReimageUpdater.job --a------ C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [19/05/2015 12:47]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Cawlez" ["C:\Program Files\daugava\Irosioe.bat"]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core" [C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA" [C:\Users\katrien\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core" [C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA" [C:\Users\katrien\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001Core" [C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-370917196-725970299-3790744164-1001UA" [C:\Users\katrien\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPOSIAPP64" ["%ProgramFiles(x86)%\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-370917196-725970299-3790744164-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-370917196-725970299-3790744164-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\{00597B5D-AF2A-4939-BEEF-2BD5E8FBEACD}" [C:\Program Files (x86)\Adobe\Adobe Premiere Elements 8.0\Adobe Premiere Elements 8.0.exe]
"C:\Windows\SysNative\tasks\{028C18AA-6F3B-4583-A0A9-17B23EE06A59}" [C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe]
"C:\Windows\SysNative\tasks\{1A6AF942-09DA-4949-A7BD-47E8B3216FE8}" [C:\Program Files (x86)\Adobe\Adobe Premiere Elements 8.0\Adobe Premiere Elements 8.0.exe]
"C:\Windows\SysNative\tasks\{483E1A71-232B-4459-BA3C-3EFCD9E4F9D9}" [C:\Program Files (x86)\Garmin\Express\Express.exe]
"C:\Windows\SysNative\tasks\{4AC490B9-315C-4C6D-B090-B05B6515F1D9}" [C:\Program Files (x86)\Garmin\MapSource.exe]
"C:\Windows\SysNative\tasks\{63280520-60D2-40C6-8DDC-3363F10A2E3D}" [C:\Users\katrien\AppData\Local\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{7CC9661C-3FBB-4EA1-AF04-B0A9025A4191}" [C:\Program Files (x86)\Garmin\MapSource.exe]
"C:\Windows\SysNative\tasks\{89C5E71A-3E48-4599-881D-75EED6C3F3EB}" [C:\Program Files (x86)\Garmin\Express\Express.exe]
"C:\Windows\SysNative\tasks\{A627E38B-5142-420B-A346-9FD45970CC89}" [C:\Program Files (x86)\Adobe\Adobe Premiere Elements 8.0\Adobe Premiere Elements 8.0.exe]
"C:\Windows\SysNative\tasks\{CF835ACC-2F90-482B-8792-2B240D158EBB}" [C:\Users\katrien\AppData\Local\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\{D388B64D-96BD-444A-91B0-F7C791F8AB65}" [C:\Program Files (x86)\Garmin\MapSource.exe]
"C:\Windows\SysNative\tasks\{E1955F90-43FE-4699-90C2-FF5A54E42D26}" [C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\uistub.exe]
"C:\Windows\SysNative\tasks\{EFDE6357-25B8-437D-A3CC-F40070E013E5}" [C:\Program Files (x86)\Garmin\MapSource.exe]
"C:\Windows\SysNative\tasks\Symantec\Norton Error Analyzer 5.2.2.3" [C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe]
"C:\Windows\SysNative\tasks\Symantec\Norton Error Processor 5.2.2.3" [C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8E9E3331-D360-4f87-8803-52DE43566502}"="C:\Program Files\Web Assistant\Firefox" []
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [05/01/2011 21:58]

==== Firefox Extensions ======================

ProfilePath: C:\Users\katrien\AppData\Roaming\Mozilla\Firefox\Profiles\Mail
- TelevisionFanatic - %ProfilePath%\extensions\64ffxtbr@TelevisionFanatic.com
- Undetermined - %ProfilePath%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

ProfilePath: C:\Users\katrien\AppData\Roaming\TomTom\HOME\Profiles\ic95zdo8.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.8.414.1239@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\64ffxtbr@TelevisionFanatic.com deleted successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=
==== EOF on di 04/08/2015 at 10:24:58,24 ======================