
Zoek.exe v5.0.0.1 Updated 09-December-2015
Tool run by Marcel on vr 11/12/2015 at 14:42:17,83.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcel\Downloads\zoek(2).exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-11-12-200442.log	60196 bytes
C:\zoek-results2015-11-14-094709.log	76323 bytes
C:\zoek-results2015-11-14-175101.log	7843 bytes
C:\zoek-results2015-12-11-085946.log	30913 bytes

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\yl86owi6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} not found
"C:\Windows\zoek-delete.exe" not found
C:\zoek_backup deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Marcel\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-12-10 21:03:19	3553707B119AD5AAF1F31BFF5517A093	627712	----a-w-	C:\Windows\SysWOW64\usp10.dll
2015-12-10 21:03:17	F1FCE953EF04251F17BE828185B9DFA0	419928	----a-w-	C:\Windows\SysWOW64\locale.nls
2015-12-10 21:03:15	ACB16C9BE1A175A2E7BFF076DF99B3CF	69120	----a-w-	C:\Windows\SysWOW64\nlsbres.dll
2015-12-10 21:03:15	8E9152F4779CCA402F235EB9AB823854	6656	----a-w-	C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-10 21:03:15	3A593B01E4F92F04211ECFB53816240C	6656	----a-w-	C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-10 21:03:15	35D490A393A0B231F237954E6E65B224	7168	----a-w-	C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-10 20:58:58	C66D020B1C268FF9AB1672C99E76CA66	174080	----a-w-	C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 20:58:58	B1384CCEFB8F64EC85AECB70AFB91D8D	93696	----a-w-	C:\Windows\SysWOW64\wudriver.dll
2015-12-10 20:58:58	A0BF4CD0C8F805A816B67C004B12E24D	30208	----a-w-	C:\Windows\SysWOW64\wups.dll
2015-12-10 20:58:58	9AA46606BCC013F5FB7E5B70FAB1ABE0	573440	----a-w-	C:\Windows\SysWOW64\wuapi.dll
2015-12-10 20:58:58	58B9CFDD032CB92CEC0D3E8454E4C766	35328	----a-w-	C:\Windows\SysWOW64\wuapp.exe
2015-12-09 23:31:29	B0AFC72F5BAE0C06DB30B409B9D05D8A	2048	----a-w-	C:\Windows\SysWOW64\tzres.dll
2015-12-09 23:30:37	FDB73E2FFDEE1F28D1AF3B80E3F0FE99	1251328	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2015-12-09 23:30:36	0A78439765E31510D75C9E2284F3A722	833024	----a-w-	C:\Windows\SysWOW64\user32.dll
2015-12-09 23:30:32	EB11947B250AD259755939A2DE349FBB	14848	----a-w-	C:\Windows\SysWOW64\wshrm.dll
2015-12-09 23:27:43	F60154A0DD1DCCF2EE75BE45A676BA51	1242624	----a-w-	C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 23:27:43	169BDD4EF6E99E43720534E07798400C	487936	----a-w-	C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 23:27:32	8102E4A17D58BA6B18A31095C4418082	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2015-12-09 23:27:32	804FEA5A5A4B491B83AFF8EE7EFE887F	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2015-12-09 23:27:32	5FA89E1534B675CCA8CEE6B50D0B7B49	2280448	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-12-09 23:27:32	5F4DBBB0551DAE2A6EEC5EA915695250	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-09 23:27:32	081BE765C4025EC2AB8011A6BFE222B5	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 23:27:31	D1F6886A7E08134135E9C197FA387702	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-09 23:27:31	B206E8BD4938B6C6B1C84DD13C12C4DF	20366848	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-12-09 23:27:31	6ED639FAAE29626ED1A98139A3C9C289	687104	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 23:27:31	67D44EDA849BA632EC4DCEF839950F56	341192	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 23:27:31	29DDD6FB1147192B13D2C3647F581219	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2015-12-09 23:27:31	219494B7F95F86071EC9D4FC0DC4962F	1311744	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-12-09 23:27:31	13DED010D9DFA204DB2C2F650B3901B8	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 23:27:31	0955BBBB50FCC3C2B2EB485FBBFBF4D3	496640	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-12-09 23:27:29	DD99C9D2CA3F9B3D63B965B4EDDAE612	2050560	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 23:27:29	8BB61456A1EA19011E85C9340BC4157B	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2015-12-09 23:27:29	713919E7E3BD6196D2498C2B8166AEAD	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-12-09 23:27:29	6A37F0BDA83C7755C71A2DE5BF00381B	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2015-12-09 23:27:29	3477EAB965E9DEDCD46F95C55F78489F	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 23:27:29	1256113318DD02C9C60FF0969025CA15	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2015-12-09 23:27:28	F1ED865CA8D6223739233576D7C76C1A	476160	----a-w-	C:\Windows\SysWOW64\ieui.dll
2015-12-09 23:27:28	284442A1BAFD17731398AD22AB6C9099	12856832	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-12-09 23:27:28	0A6D92C3BB313883F286C65820E2DD30	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2015-12-09 23:27:27	517847AC160C91F04951340F9A051084	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2015-12-09 23:27:26	AC62F3866FDA5BFC4966055B1316DE94	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-09 23:27:26	668D2CA489F605E4C7A743A62632C383	4514816	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-12-09 23:27:26	6082F9978A1456863397F99E5C8E7901	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2015-12-09 23:27:26	4ED815FE30E048A52A5FC420DD6E49D0	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2015-12-09 23:27:25	B832BA2AA73CC4FC58446F4237070D96	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2015-12-09 23:27:25	B60461B5CED2BFAE1A870C61C66966C4	2011136	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-12-09 23:27:25	050F5A8F90CF18AA6F9FA75AF1851569	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2015-12-09 23:26:33	E7CA874DA58A607E11ACAB33718AE9FA	179712	----a-w-	C:\Windows\SysWOW64\els.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-12-10 21:03:19	077CC8BF1076D49E85687AACB30956A1	802304	----a-w-	C:\Windows\Sysnative\usp10.dll
2015-12-10 21:03:17	F1FCE953EF04251F17BE828185B9DFA0	419928	----a-w-	C:\Windows\Sysnative\locale.nls
2015-12-10 21:03:15	E78C5E7087763DD4F1C5DAD78D2BA141	7168	----a-w-	C:\Windows\Sysnative\KBDAZEL.DLL
2015-12-10 21:03:15	E3ECD802006128C036FAAD09B6F97F6E	7168	----a-w-	C:\Windows\Sysnative\kbdgeoqw.dll
2015-12-10 21:03:15	AE0F1E593C4AE0A1CE3868C2AA54D8E5	7168	----a-w-	C:\Windows\Sysnative\KBDAZE.DLL
2015-12-10 21:03:15	52B3CAAD627902B8D6E035A25DA4BD09	69120	----a-w-	C:\Windows\Sysnative\nlsbres.dll
2015-12-10 20:58:54	A6C4964F3C382592785EACFBA2DA8F6C	3170304	----a-w-	C:\Windows\Sysnative\wucltux.dll
2015-12-10 20:58:54	A1D9A6B41647E8F008A25DA7B80708CB	37888	----a-w-	C:\Windows\Sysnative\wups2.dll
2015-12-10 20:58:54	6BB823DF7F117BF4958303B443E8100D	91136	----a-w-	C:\Windows\Sysnative\WinSetupUI.dll
2015-12-10 20:58:54	6075791ED85E47A2A2916B1F34582944	2609152	----a-w-	C:\Windows\Sysnative\wuaueng.dll
2015-12-10 20:58:54	233AB915DBB476BFD7218DB553D91DCC	140288	----a-w-	C:\Windows\Sysnative\wuauclt.exe
2015-12-10 20:58:53	EB6D501FCFAFF726EA1B50B8276F5F34	709632	----a-w-	C:\Windows\Sysnative\wuapi.dll
2015-12-10 20:58:53	59C2B329F87F46C384F3F139376CD315	36864	----a-w-	C:\Windows\Sysnative\wups.dll
2015-12-10 20:58:53	4CD20F77149C689703A71561747E7B8D	37888	----a-w-	C:\Windows\Sysnative\wuapp.exe
2015-12-10 20:58:53	2B8660213ED7873FCF5C5540023C48F5	98816	----a-w-	C:\Windows\Sysnative\wudriver.dll
2015-12-10 20:58:53	0CF6EFBC9BCC6EDE114F71BCAEE9CCF4	192512	----a-w-	C:\Windows\Sysnative\wuwebv.dll
2015-12-10 20:58:52	2E53E71ED8277444E37BAA3932089C45	12288	----a-w-	C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-12-09 23:31:29	6EDEA5EDF5AA979CB2A99617A8478AD3	2048	----a-w-	C:\Windows\Sysnative\tzres.dll
2015-12-09 23:30:39	4287A4345CFFDD4D7710B2FCFF6C21BC	3211264	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-12-09 23:30:39	1AE1D0D71C3C61A0ECA941140E1E2FF8	1648128	----a-w-	C:\Windows\Sysnative\DWrite.dll
2015-12-09 23:30:38	BCB16AE33AA58E0042F3EF34CFB6396A	1180160	----a-w-	C:\Windows\Sysnative\FntCache.dll
2015-12-09 23:30:37	06BF84D26A05D400F6B3FB3D3DE0B03A	1008640	----a-w-	C:\Windows\Sysnative\user32.dll
2015-12-09 23:30:32	2DA9EB73046595D79ADE306BC22B02C4	17408	----a-w-	C:\Windows\Sysnative\wshrm.dll
2015-12-09 23:27:43	E385472FF300F2BFD323B667EBAE93C7	1735680	----a-w-	C:\Windows\Sysnative\comsvcs.dll
2015-12-09 23:27:43	75DFE3CE6A8BFC995CC1D615B74DF8B0	525312	----a-w-	C:\Windows\Sysnative\catsrvut.dll
2015-12-09 23:27:32	581486C09915529B172B844F620800EB	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2015-12-09 23:27:32	5040CEF0DC919A81AF2C10CC67F3F36C	2887168	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-12-09 23:27:32	1E32A0EF31E39783589F3FF33C71EB26	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2015-12-09 23:27:31	ECF5CF7E1712A137FD95DCC89ECE2FE5	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2015-12-09 23:27:31	D63583C3645A5D29D643298273EC2125	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-12-09 23:27:31	33E703517D83F367B0B0B3EF2C807C77	718336	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-12-09 23:27:30	8403AAA093BD7B790111326197D5C30B	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2015-12-09 23:27:29	DDA2687E5FC070E066623330BF5A9375	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2015-12-09 23:27:29	DA9927502C6CC6C6D4A5E57E00CAB796	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2015-12-09 23:27:29	D0EB186DFF60A296B144A0FC2490AC31	1546752	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-12-09 23:27:29	CFB4DC8B180EE1FA0F38ED98A82BFFDC	387792	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2015-12-09 23:27:28	503155AF5513116632202504D71FA29D	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2015-12-09 23:27:28	23D900117F368A884C4C36A57E201F97	798208	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-12-09 23:27:28	1537D3FFDC70A1EF8792235A99DC4C4B	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-12-09 23:27:27	FBBC836885522FD1E00A23DC65F78A28	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2015-12-09 23:27:27	64F4B886C95379DEA6EF3DDF3CE2D853	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-12-09 23:27:26	6D86F7F6C9FE6059B610DB1D6EF77659	2123264	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-12-09 23:27:26	32C4438BACFF7AAC86AE54FAE74AA483	571392	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-12-09 23:27:25	B49AF2AB8CDF52290A7529BE3D8B1429	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2015-12-09 23:27:24	A2F0AB5736B60AC22D63113489D37FF1	14456832	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-12-09 23:27:24	9D8862210504591545E33FE562BE7078	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2015-12-09 23:27:24	963F01E33EFADF54DDCCDDF31DFC2D37	615936	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-12-09 23:27:24	2A0AB8E59C47DC589C2DF3CEB1AA22EF	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-12-09 23:27:23	FE196D24FDCE4402EB1762264FA3DE0B	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2015-12-09 23:27:23	4264B4BD10C5A21CF4A15998CB71551F	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-12-09 23:27:23	377C0436711DE3AFB9527FB88F831F44	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2015-12-09 23:27:23	02A92A8C880FDC242441FBE0620CF14B	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2015-12-09 23:27:22	E2C385B0D816AD37616BD4C4204D0633	2487808	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-12-09 23:27:22	D3CC1DBE8FE63F3A2FAD5658146DF39B	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2015-12-09 23:27:22	3F0827114CE89176253684B588D4B02E	5923840	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-12-09 23:27:21	B7F26EC33F55842C66A1C3FA34EB8D27	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2015-12-09 23:27:21	AF71D38B9F23907AB54BC8D9F573CEB3	417792	----a-w-	C:\Windows\Sysnative\html.iec
2015-12-09 23:27:21	0A477F2CCC151E3AED4143B4FDDF74A5	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2015-12-09 23:27:20	A8B4563632BAF46BB005A0127727E82D	25837568	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-12-09 23:26:33	218D2848CDDE80DD9AF72D5DD78F225C	241664	----a-w-	C:\Windows\Sysnative\els.dll
====== C:\Windows\Sysnative\drivers =====
2015-12-09 23:30:32	5BD6B1EC997FF3DD779D62E05D2079A8	146944	----a-w-	C:\Windows\Sysnative\drivers\rmcast.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-11-24 12:14:19	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2015-11-15 10:26:17	--------	d-----w-	C:\PROGRA~2\EasyBits For Kids
======= C: =====
====== C:\Users\Marcel\AppData\Roaming ======
2015-12-11 08:59:46	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2015-12-11 08:59:46	--------	d-----w-	C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp
2015-12-11 08:59:46	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-12-11 08:59:46	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-12-11 08:59:46	--------	d-----w-	C:\Users\UpdatusUser\AppData\Local\Temp
2015-12-11 08:59:46	--------	d-----w-	C:\Users\TEMP\AppData\Local\Temp
2015-12-11 08:59:45	--------	d-----w-	C:\Users\Marcel\AppData\Local\Temp
2015-12-11 08:59:45	--------	d-----w-	C:\Users\Gast\AppData\Local\Temp
2015-12-11 08:59:45	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-12-11 08:59:45	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-11-12 19:14:57	--------	d-----w-	C:\Users\Marcel\AppData\Roaming\Sun
2015-11-12 19:13:59	--------	d-----w-	C:\Users\Marcel\AppData\Locallow\Oracle
====== C:\Users\Marcel ======
2015-12-10 13:01:08	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Marcel\Downloads\RSITx64(1).exe
2015-11-15 10:29:00	--------	d-----w-	C:\ProgramData\Easybits
2015-11-12 19:14:56	--------	d-----w-	C:\Users\Marcel\.oracle_jre_usage

====== C: exe-files ==
2015-12-10 13:01:08	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Marcel\Downloads\RSITx64(1).exe
2015-12-09 23:31:29	DA53494C9F58B0CC7FCB780CE9B0DBB6	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2015-12-09 23:27:31	86B198DEEEE852E5EEAB84A60A2FE7CB	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-12-09 23:27:29	E4D66ACC2628505EA1EBB7ACEF51EFE6	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2015-12-09 23:27:29	A6FD59F4B16195367C4089F890F5E8FE	815304	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-12-09 23:27:29	4D4835564157BF4EFF683360115E3979	473600	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-12-09 23:27:26	C571C60A30A7CC38DF08DEF9AD3A2352	814280	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2015-12-09 23:27:26	C1E9DBB3A8C7066D767BD78485491270	491008	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2015-12-09 22:59:55	4DF8AE87AF8B98D84F2D0C0B66550E5B	6000232	----a-w-	C:\ProgramData\Avg\Setup\av\avgmfapx.exe
2015-12-09 22:59:55	3CAF959D7275C91B2DB96BF60AFEB6EF	71592	----a-w-	C:\ProgramData\Avg\Setup\av\avguirux.exe
2015-12-04 21:49:27	4FB8599F4FBB04FBF264C26FA88A87BA	36408	----a-w-	C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\ActiveCheck\product_line\Detect_EOSStatus.exe
=== C: other files ==
2015-12-09 23:30:39	4287A4345CFFDD4D7710B2FCFF6C21BC	3211264	----a-w-	C:\Windows\System32\win32k.sys
2015-12-09 23:30:32	5BD6B1EC997FF3DD779D62E05D2079A8	146944	----a-w-	C:\Windows\System32\drivers\rmcast.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2044600135-1690355392-2278222146-1000\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-21-2044600135-1690355392-2278222146-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2044600135-1690355392-2278222146-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe c:\Program Files (x86)\Hewlett-Packard\Media\Webcam UpdateWithCreateOnce Software\Hewlett-Packard\Media\Webcam"
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\Av\avgui.exe /TRAYONLY"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /fmw.trayonly"
"Easybits Recovery"="C:\Program Files (x86)\Easybits For Kids\ezRecover.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel File Shell Monitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Corel File Shell Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Corel\\Corel Paint Shop Pro Photo X2\\CorelIOMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Easybits Recovery"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPADVISOR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPADVISOR"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe autorun=AUTORUN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WirelessAssistant]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WirelessAssistant"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe"


==== Startup Folders ======================

2013-11-07 19:53:15	1316	----a-w-	C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2013-07-27 11:00:19	914	----a-w-	C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk
2013-07-27 11:00:19	934	----a-w-	C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk
2013-07-27 11:00:19	918	----a-w-	C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [10/12/2015 08:29]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CapSchedInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe]
"C:\Windows\SysNative\tasks\CapSvcInst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe]
"C:\Windows\SysNative\tasks\CapUninst" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc" [c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe]
"C:\Windows\SysNative\tasks\DVDAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\TVAgent" [c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe]
"C:\Windows\SysNative\tasks\{ACF00358-B19B-4C78-BB1A-AA922DA1E8A8}" [C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2015-10-24 10:46:26	--------	d-----w-	C:\PROGRA~3\Avg
2015-11-15 10:29:00	--------	d-----w-	C:\PROGRA~3\Easybits

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ffx8z8mx.default
user_pref("browser.startup.homepage", "http://www.seniorennet.be/|about:home");

ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\yl86owi6.default
user_pref("browser.startup.homepage", "http://www.seniorennet.be/");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\yl86owi6.default
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\yl86owi6.default
F7E675EBDE6DA3A1665F2DCFA683322F	- C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
5DF56521E8985BFD8F21A3D97A4D4574	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll -	Shockwave Flash


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{5C4527E9-228C-44B5-BA78-28897055568D} - http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{5C4527E9-228C-44B5-BA78-28897055568D} - http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{35BF2E55-B7F6-4579-A804-A7EDC80450C0}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{35BF2E55-B7F6-4579-A804-A7EDC80450C0} - http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes\{5C4527E9-228C-44B5-BA78-28897055568D} - http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\ffx8z8mx.default\cache2 emptied successfully
C:\Users\Marcel\AppData\Local\Mozilla\Firefox\Profiles\yl86owi6.default\cache2 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\48me3gdq.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=
==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Marcel\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marcel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on vr 11/12/2015 at 15:33:45,81 ======================