
Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by mathilda on di 17-06-2014 at 21:34:56,19.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mathilda\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

17-6-2014 21:37:42 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\GUMA469.tmp deleted successfully
C:\PROGRA~2\GUMB399.tmp deleted successfully
C:\PROGRA~2\GUMF43D.tmp deleted successfully
C:\PROGRA~2\WinRAR deleted successfully
C:\PROGRA~2\Wolf deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Systweak deleted successfully
C:\Users\mathilda\AppData\Roaming\.# deleted successfully
C:\Users\mathilda\AppData\Roaming\DigitalSites deleted successfully
C:\Users\mathilda\AppData\Roaming\QuickScan deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} deleted successfully
HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Internet Explorer\SearchScopes\{824BDCE7-DF1C-45A2-B34F-6523B4F263CF} deleted successfully
HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E6545B63-8CEB-41AD-9B0E-A60D05CC3F1E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{87775fdb-6972-41f9-ae51-8326e38cb206} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{41564952-412D-5637-00A7-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MgAssistService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MgAssistService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Mega Browse deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update Mega Browse deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Mega Browse deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util Mega Browse deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default

---- Lines CT2865317 removed from prefs.js ----
user_pref("CT2865317.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
---- Lines mysearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.order.1", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("extensions.irmysearch.aflt", "dsites_14_14_ie");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyEtCyBtAyDtByEtBtAtAtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1
user_pref("extensions.irmysearch.cr", "1685700076");
user_pref("extensions.irmysearch.instlRef", "140305_b");
---- FireFox user.js and prefs.js backups ---- 

user_17-06-2014_2157_.backup
prefs_17-06-2014_2157_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Mysearchdial not found
C:\Program Files (x86)\Mobogenie not found
C:\Program Files (x86)\Mega Browse not found
C:\Program Files (x86)\RegClean Pro not found
C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default\extensions\ffxtlbr@mysearchdial.com not found
"C:\Windows\tasks\RegClean Pro_DEFAULT.job" not found
"C:\Windows\tasks\RegClean Pro_UPDATES.job" not found
"C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default\searchplugins\Mysearchdial.xml" not found
C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} deleted
C:\Users\mathilda\daemonprocess.txt deleted
C:\Users\mathilda\.android deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\PROGRA~2\OpenIt deleted
C:\Users\mathilda\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted
C:\Users\mathilda\AppData\Roaming\systweak deleted
C:\Users\mathilda\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! deleted
C:\windows\SysNative\Tasks\MySearchDial deleted
C:\Windows\Tasks\MySearchDial.job deleted
C:\Windows\SysNative\sasnative64.exe deleted
C:\Users\mathilda\AppData\LocalLow\DataMngr deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\SysNative\Tasks\Advanced System Protector_startup deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\Windows\tasks\Digital Sites.job deleted
C:\windows\SysNative\tasks\RegClean Pro deleted
C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default\CT2865317 deleted
C:\Users\mathilda\Desktop\Schoon uw register gratis op!.lnk deleted
"C:\Users\mathilda\AppData\Roaming\temp\ICON.htm" deleted
"C:\Users\mathilda\AppData\Roaming\temp" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\mathilda\AppData\Local\Temp ====
2014-06-17 17:06:27	5634C601025C31032A0AF1590B4C0CA6	43008	----a-w-	C:\Users\mathilda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy5muns.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-06-11 17:54:50	A5F833506BF6A1B5D693E1499DEE2444	626688	----a-w-	C:\Windows\SysWOW64\usp10.dll
2014-06-11 17:54:46	E227B810296AA27E6C69307A7B6456E5	1389056	----a-w-	C:\Windows\SysWOW64\msxml6.dll
2014-06-11 17:54:46	8B8D1CEF498678CAB9DF17145D34BC64	1237504	----a-w-	C:\Windows\SysWOW64\msxml3.dll
2014-06-11 17:54:46	2E673E776136354ECFB57BFD62E7EC3D	2048	----a-w-	C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 17:54:46	0789F82BAE171323F74B8F175D406AB8	2048	----a-w-	C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 17:54:41	BB9BADED14F0963498855AC28446CED5	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 17:54:41	7E27FB6AB8976897A530FB30F5FF7691	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 17:54:41	6D8E6A9A524FFAAFA4D2F6C8EF38D0BB	592896	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 17:54:40	D5ECBB3BFDC73A59440D9CA79AB3A342	17271296	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-06-11 17:54:40	C1F5812F355D0C9495C1B2E7165DA2AF	32256	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 17:54:40	8DF06ACA017949D37C38B6A0EF747D4E	526336	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 17:54:40	0AFCE8EEF3751810FE2101FD608FB8B3	1143296	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-06-11 17:54:40	017B99D09904DCA35D5F66AD79084B5F	368128	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 17:54:38	D9F5B424C307B195E16A9B0A21E53BCC	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-06-11 17:54:38	C69FDD49AB9E8BCF2BAAC469CE0CC756	1964544	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 17:54:38	9EAAB4305536829D6B7D9C3A47E92861	2179072	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-06-11 17:54:37	E0EA58834CD19FDFCD1BC37B22E1D3D8	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 17:54:37	D36574C287D0764C95AC777DFF367715	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-06-11 17:54:36	814E0D53EF020BD93097F26B53B573F0	440832	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-06-11 17:54:36	688227D38A6FF6403B293D0C50B454B9	11725312	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-06-11 17:54:36	5B5815477A53ED92B89955FFE7EDCB2E	242688	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 17:54:35	4D3074AA172DCFD5D56BE764B671085A	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 17:54:32	CC0077F9C7ACD7E97707DFC763A4EA99	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 17:54:32	C58E97EEB1CB80CE91D5E7FD5E78794F	4244992	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-06-11 17:54:32	771CDBC3D62437D6DB070820BB1EDCCF	1790976	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-06-11 17:54:32	22D7FFA4B94916F18EB1F1D107B86839	704512	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:54:32	0AC4E3C93D49E37D5B008ED99092115C	1068032	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 17:54:32	09771ABC896D2A88370F3AB8BADC242E	455168	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-06-11 17:54:31	EB960643DC62832C88272573204B6DBA	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-06-11 17:54:50	088CF6AFCD5CDD44E40C0ACDE3C1A5E0	801280	----a-w-	C:\Windows\Sysnative\usp10.dll
2014-06-11 17:54:47	0E3A7EC2B9590EA7767BBB1823630DEA	2002432	----a-w-	C:\Windows\Sysnative\msxml6.dll
2014-06-11 17:54:46	ECA6AC33BD9E441F7B47D173D715D268	1882112	----a-w-	C:\Windows\Sysnative\msxml3.dll
2014-06-11 17:54:46	3408DD8081DC22858AE2E6ABD2594C02	2048	----a-w-	C:\Windows\Sysnative\msxml6r.dll
2014-06-11 17:54:46	0465A8CFDDB4FFDB569802A70B9443D5	2048	----a-w-	C:\Windows\Sysnative\msxml3r.dll
2014-06-11 17:54:44	EF2D8BBA6E077559B675513BC0EE5FC2	3178496	----a-w-	C:\Windows\Sysnative\rdpcorets.dll
2014-06-11 17:54:44	2147C5330F983D76A36B73F4A804F778	16384	----a-w-	C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2014-06-11 17:54:40	DA7AAB5D4E5F7160E906C0D2EB9A2B9F	38400	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-06-11 17:54:40	3ED5C9055F7A635399FC12892F565287	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-06-11 17:54:38	D5C446B14DC667B7B9FBB30EA1701D92	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-06-11 17:54:38	3A1AB9DE852F2BC1ECE6403BDD01B9F0	1398272	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-06-11 17:54:37	DFD834E89B819B5ECE8E251C56B5A3CE	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-06-11 17:54:37	BFD3178735D97C858FFA467F8199700C	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-06-11 17:54:36	867DD52B23D3B0390B88F3D7AD1E600C	631808	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-06-11 17:54:36	12BA419E27DBC5DBF9262C8A885FA361	452096	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-06-11 17:54:35	EAAA62F272858695814A1F42D5E59BD3	608768	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-06-11 17:54:34	B34D3F303769E65CE7EFBD4E6FB62B25	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-06-11 17:54:33	3FC3828E8820D1C93DBFBAD4BE456D85	2040832	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-06-11 17:54:33	063EF4239479F52DAF9F4849B0B304F1	2768384	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-06-11 17:54:31	CE6109C73C3A04CC2B8C6110B0F0FEF9	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-06-11 17:54:31	790FD40601502C5FE8213D4F335DA0BD	51200	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-06-11 17:54:30	CB8A91074AE1B5051E240B50A328DCF5	295424	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-06-11 17:54:30	B2C037F50A02D6C057B1E0791BBF41A5	574976	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-06-11 17:54:30	2DBB9127794BC30BC31D26FA088F8BAB	13522944	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-06-11 17:54:29	CC603EF96BA456D4BCD9FF849ED07A2A	85504	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-06-11 17:54:29	A4A58E3171C03A1145D1C3EC488D1B4F	1249280	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-06-11 17:54:28	AB3FA3D9B1F1D0571CBC43D1487CCD6F	5782528	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-06-11 17:54:28	770F067D833DC017CEB8A36A2A1EC942	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-06-11 17:54:28	6B9925F498D4E91FB57576CC3776D428	752640	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-06-11 17:54:28	2F474D40626B0C694400589F3FBB9AA9	548352	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-06-11 17:54:27	9013D5BBE1B6D3A060F54B4B5BB2C3A3	846336	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-06-11 17:54:27	8E3C6008250A904C06943BCEA585E344	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-06-11 17:54:27	40BFD9D6EC8E174145F012246CA73CCD	2266112	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-06-11 17:54:26	F343ECB3C683EBD7E3990C03AD680855	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-06-11 17:54:25	56803B20D168C1B740D12CE0BE4588F5	23414784	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-06-11 17:53:43	2C053C9B2A8249F1F9B38ED1AE455771	506368	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-06-11 17:53:42	84A13AB118F433898B5ABA36E8D7CA91	424448	----a-w-	C:\Windows\Sysnative\aeinv.dll
====== C:\Windows\Sysnative\drivers =====
2014-06-17 15:51:36	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-06-17 15:42:13	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-06-17 15:42:13	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-06-17 15:42:13	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-06-11 17:54:49	17F685B67C74B8F7BFED4308790B71DE	288192	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-06-11 17:54:49	04ADD18EE5CC9FBEDAEC1DD1CD0CB45E	1903552	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2014-05-20 20:52:56	C7ACB0EADF24E61424EE14E54919A487	61120	----a-w-	C:\Windows\Sysnative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-06-17 15:41:47	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\mathilda\AppData\Roaming ======
====== C:\Users\mathilda ======
2014-06-17 15:41:18	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\mathilda\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-17 15:39:27	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\mathilda\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-17 15:39:13	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\mathilda\Downloads\RSITx64.exe
2014-05-19 16:56:27	--------	d-----r-	C:\Windows\SysNative\config\systemprofile\Searches

====== C: exe-files ==
2014-06-17 15:41:47	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\mathilda.exe
2014-06-17 15:41:18	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\mathilda\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-17 15:39:27	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\mathilda\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-17 15:39:13	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\mathilda\Downloads\RSITx64.exe
2014-06-15 15:08:17	DF61864BA778845C6E725F7BF1EAEB0E	2675280	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.153\35.0.1916.153_35.0.1916.114_chrome_updater.exe
2014-06-11 17:54:41	4F2AA3E7BD7257E4937E071E3700819E	810200	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-06-11 17:54:41	4AFAE8BAF6E85311AD78395C47351A1D	222720	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-06-11 17:54:39	60F88F6CA6303E8273AF7AAA9AAFECAC	812248	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-06-11 17:54:38	50989AAF09CDCEBC0FD8EB0FE79C2A98	470016	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-06-11 17:54:38	4076E62E061769E42186AE860007FA08	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2014-06-11 17:54:37	BFD3178735D97C858FFA467F8199700C	111616	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-06-11 17:54:35	EAAA62F272858695814A1F42D5E59BD3	608768	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-06-11 17:54:34	159C5979C61F51EEFC84D9AB17C4E0E7	482816	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-06-11 17:54:32	CC0077F9C7ACD7E97707DFC763A4EA99	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 17:54:28	770F067D833DC017CEB8A36A2A1EC942	139264	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-06-11 17:54:26	F343ECB3C683EBD7E3990C03AD680855	940032	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-11 17:53:43	511E0519B437C263E95EA46330312B7F	172224	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-06-11 17:53:42	EF15B0554634BD981BB718E9BF6EE891	46784	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
=== C: other files ==
2014-06-17 15:51:36	8A50D5304E6AE48664CF5838EC32F647	122584	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-17 15:42:13	F92B0E478C0FAA6D6661E6E977247E60	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-06-17 15:42:13	9D9ED48F841EA37AA5310D54B9E5D3C7	91352	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-17 15:42:13	15E8ABC06843672955CE26A009533BAD	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-06-11 17:54:49	17F685B67C74B8F7BFED4308790B71DE	288192	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 17:54:49	04ADD18EE5CC9FBEDAEC1DD1CD0CB45E	1903552	----a-w-	C:\Windows\System32\drivers\tcpip.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3019251466-2718040965-2357396526-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
"Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe --hidden --nowizard"
"Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Reader Library Launcher"="C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"AppleIEDAV"="C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe"
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"InstallerLauncher"="C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe /run:C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"hkey"="HKLM"
"item"="Adobe Reader Speed Launcher"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSMTray]
"command"="C:\\Program Files (x86)\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe"
"hkey"="HKLM"
"item"="ADSMTray"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Camera ScreenSaver]
"command"="C:\\Windows\\AsScrProlog.exe"
"hkey"="HKLM"
"item"="ASUS Camera ScreenSaver"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"command"="C:\\Windows\\AsScrPro.exe"
"hkey"="HKLM"
"item"="ASUS Screen Saver Protector"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATKMEDIA"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Media\\DMedia.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKOSD2]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATKOSD2"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATKOSD2\\ATKOSD2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""
"hkey"="HKLM"
"item"="CLMLServer"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HControlUser]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HControlUser"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ATK Hotkey\\HControlUser.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudDeck"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\VIA\\VIAudioi\\VDeck\\VDeck.exe -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateLBPShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateLBPShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\LabelPrint\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\LabelPrint\" UpdateWithCreateOnce \"Software\\CyberLink\\LabelPrint\\2.5\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateP2GoShortCut]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdateP2GoShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\CyberLink\\Power2Go\" UpdateWithCreateOnce \"SOFTWARE\\CyberLink\\Power2Go\\6.0\""


==== Startup Folders ======================

2012-10-13 16:24:06	1059	----a-w-	C:\Users\mathilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14-05-2014 22:50]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [25-01-2014 21:13]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe]
"C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe]
"C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe]
"C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe]
"C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\mathilda\AppData\Roaming\Mozilla\Firefox\Profiles\7p73v4f9.default
A58DE0A570148AF5FF3512B2A340D09F	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -	Shockwave Flash


==== Chrome Look ======================

Google Wallet - mathilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully
C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully
C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{824BDCE7-DF1C-45A2-B34F-6523B4F263CF}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{824BDCE7-DF1C-45A2-B34F-6523B4F263CF}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mathilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mathilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\mathilda\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mathilda\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mathilda\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\mathilda\AppData\Local\Mozilla\Firefox\Profiles\7p73v4f9.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\mathilda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=329 folders=57 20773357 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\mathilda\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\mathilda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on di 17-06-2014 at 22:20:16,60 ======================