
Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Els on za 05/07/2014 at 14:12:24,06.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: H:\Users\Els\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

5/07/2014 14:14:11 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

H:\Program Files\MSXML 4.0 deleted successfully
H:\Program Files\saevve ioon deleted successfully
H:\Program Files\Settings Manager deleted successfully
H:\Users\Els\AppData\Roaming\WinRAR deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2126267046-3157385359-980679794-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: H:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\o09oepzw.default

user.js not found
---- Lines extensions.zUyOOcFfO0B2 removed from prefs.js ----
user_pref("extensions.zUyOOcFfO0B2.epoch", "1404585743");
user_pref("extensions.zUyOOcFfO0B2.url", "http://jobfirstnet.info/sync2/?q=hfZ9ofq7B75MCyVUojwFqTaMg708BNmGWj8cmihGheDUojw9rdCEqdw5qds9rihIC7n0rjnEqHa
---- FireFox user.js and prefs.js backups ---- 

prefs_20140507_1427_.backup

ProfilePath: H:\Users\Els\AppData\Roaming\Thunderbird\Profiles\bt4amfkc.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20140507_1427_.backup

ProfilePath: H:\Users\Els\AppData\Roaming\Thunderbird\Profiles\cqoq3xal.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_20140507_1427_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] 

==== Deleting Files \ Folders ======================

C:\ProgramData\saevve ion not found
H:\Program Files\saevve ion not found
H:\ProgramData\860e0442dd70d5f6 deleted
H:\Users\Els\Searches deleted
H:\Windows\system32\config\systemprofile\Searches deleted

==== Files Recently Created / Modified ======================

====== H:\Windows ====
2014-07-05 05:19:10	357CEBBCD99C8928A2D1A61A6CACC168	43152	----a-w-	H:\Windows\avastSS.scr
2014-06-09 14:29:06	9EF838B0ADD9CC6B2C94B5948FB2D39D	213447	----a-w-	H:\Windows\hpoins40.dat
2014-06-09 14:29:06	3963F1FE15A0E8D3A36B15940DA1D501	918	------w-	H:\Windows\hpomdl40.dat
====== H:\Users\Els\AppData\Local\Temp ====
2014-07-04 18:34:41	09814F775DA3CB93CDA28B18BACC1F98	1384448	----a-w-	H:\Users\Els\AppData\Local\Temp\2b796835\setup.exe
2014-07-04 18:28:31	C4AEDBEEA07AE32C46A2D48DE4B1E425	24857	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT63.tmp.exe
2014-07-04 18:28:31	C2C6231139CB2B73E03F1934C63AEED8	4302	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT42.tmp.exe
2014-07-04 18:28:31	B51DB4C413AC6C6B9881EA6D203F8E4C	64875	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1D.tmp.exe
2014-07-04 18:28:31	AE84CC4B886A8DCC4C8BB3CAE51FDB5C	4828	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT53.tmp.exe
2014-07-04 18:28:31	84BD159141A52895BFBE3816A1D78EAA	473736	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFB.tmp.exe
2014-07-04 18:28:31	68433E5EE213C545B963CD7F7C94C2C6	429647	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1F.tmp.exe
2014-07-04 18:28:31	645FEF15EA5466332FD3EA9669A9F83C	817664	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFC.tmp.exe
2014-07-04 18:28:31	5D3C8C98A1CB4D79D53D4FF8B88F05AF	6521	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1C.tmp.exe
2014-07-04 18:28:31	571270A5B43D78A6BF9F87678A7767E0	9785	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT31.tmp.exe
2014-07-04 18:28:31	409855ED68E62B0FA9EC385A40E5B2BF	8093	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT41.tmp.exe
2014-07-04 18:28:31	394E57F81FDD5085B8546D39677886AD	64852	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1E.tmp.exe
2014-07-04 18:28:31	29A0902E8F036F63C9A79647614FF053	305	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT30.tmp.exe
2014-07-04 18:28:31	281475C13DF34EE2B896107CBDF222A3	5937	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFA.tmp.exe
====== Java Cache =====
====== H:\Windows\system32 =====
2014-07-05 05:47:52	0C3FD9A9742058B019C901773A4DEBE4	92708840	----a-w-	H:\Windows\System32\MRT.exe
====== H:\Windows\system32\drivers =====
2014-07-05 05:18:57	EAA4A59CFA4AB73843B13E86B50F573D	270752	----a-w-	H:\Windows\System32\drivers\aswNdisFlt.sys
2014-07-05 05:03:17	12E71DA845D76665B56753AD149E32B3	110296	----a-w-	H:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 05:02:54	BD27D97297934FD4217A37FD28A7ABC7	51928	----a-w-	H:\Windows\System32\drivers\mwac.sys
2014-07-05 05:02:54	8683C1B450F4B3872839308D836E0F92	23256	----a-w-	H:\Windows\System32\drivers\mbam.sys
2014-07-05 05:02:54	1AA835E8A0B8EDF3D676B4ED4BF5EF07	74456	----a-w-	H:\Windows\System32\drivers\mbamchameleon.sys
2014-06-11 22:30:41	DEE7EDA5AAA96C4C68A1F098F5145799	187840	----a-w-	H:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 22:30:41	5579DD18546999F5D0EC39D018726C6B	1294272	----a-w-	H:\Windows\System32\drivers\tcpip.sys
====== H:\Windows\Tasks ======
2014-07-05 05:24:59	5B90B051DD874DFFB33F1F7A3425EF5D	4034	----a-w-	H:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2014-07-05 05:24:59	463841CE2157A7D9D168FEF6B6A6922A	1038	----a-w-	H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-05 05:24:57	EE8936F10E5B0BA35D0F55B53EF5AFF7	3782	----a-w-	H:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2014-07-05 05:24:57	6C5E5081B771314CA289B696F8870493	1034	----a-w-	H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== H:\Windows\Temp ======
======= H:\Program Files =====
2014-07-05 09:15:38	--------	d-----w-	H:\Program Files\trend micro
2014-07-05 05:24:53	--------	d-----w-	H:\Program Files\Google
2014-06-22 14:28:48	--------	d-----w-	H:\Program Files\MP3Gain
2014-06-13 07:07:30	--------	d-----w-	H:\Program Files\Mozilla Thunderbird
2014-06-09 15:31:55	--------	d-----w-	H:\Program Files\Common Files\Adobe
2014-06-09 15:31:55	--------	d-----w-	H:\Program Files\Adobe
2014-06-09 14:33:33	--------	d-----w-	H:\Program Files\Common Files\HP
2014-06-09 14:33:15	--------	d-----w-	H:\Program Files\Common Files\Hewlett-Packard
2014-06-09 14:23:10	--------	d-----w-	H:\Program Files\Hp
2014-06-09 14:23:10	--------	d-----w-	H:\Program Files\Hewlett-Packard
======= H: =====
====== H:\Users\Els\AppData\Roaming ======
2014-07-05 05:30:01	--------	d-----w-	H:\Windows\system32\config\systemprofile\AppData\Local\Google
2014-07-04 18:41:55	--------	d-----w-	H:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-04 18:41:55	--------	d-----w-	H:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-04 18:41:55	--------	d-----w-	H:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Gast\AppData\Local\Torch
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Gast\AppData\Local\Comodo
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Els\AppData\Local\Torch
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Els\AppData\Local\Comodo
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Els\AppData\Local\Chromatic Browser
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Administrator\AppData\Local\Torch
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Administrator\AppData\Local\Comodo
2014-07-04 18:41:55	--------	d-----w-	H:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-04 18:41:54	--------	d-----w-	H:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-04 18:41:54	--------	d-----w-	H:\Users\Gast\AppData\Local\Google
2014-07-04 18:41:54	--------	d-----w-	H:\Users\Els\AppData\Local\Google
2014-07-04 18:41:54	--------	d-----w-	H:\Users\Administrator\AppData\Local\Google
2014-07-04 18:28:40	--------	d-----w-	H:\Users\Els\AppData\Local\Programs
2014-07-01 05:56:34	--------	d-----w-	H:\Users\Els\AppData\Local\Microsoft Games
2014-06-22 15:04:44	--------	d-----w-	H:\Users\Els\AppData\Local\Diagnostics
2014-06-22 14:28:48	--------	d-----w-	H:\Users\Els\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-21 12:59:59	--------	d-----w-	H:\Users\Els\AppData\Local\ElevatedDiagnostics
2014-06-18 05:29:48	--------	d-----w-	H:\Users\Els\AppData\Local\Adobe
2014-06-13 14:14:13	407AAB8C27CF7081EECE071C90A65B83	17	----a-w-	H:\Users\Els\AppData\Local\resmon.resmoncfg
2014-06-09 15:17:27	--------	d-----w-	H:\Users\Els\AppData\Local\HP
2014-06-09 15:15:19	--------	d-----w-	H:\Users\Els\AppData\Roaming\HP
2014-06-09 14:36:04	--------	d-----w-	H:\Users\Els\AppData\Roaming\HpUpdate
====== H:\Users\Els ======
2014-07-05 09:15:22	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	H:\Users\Els\Downloads\RSIT (1).exe
2014-07-05 09:14:58	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	H:\Users\Els\Downloads\RSIT.exe
2014-07-05 05:25:34	--------	d-----w-	H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-05 05:02:07	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	H:\Users\Els\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 18:48:14	--------	d-----w-	H:\ProgramData\saevve ioon
2014-07-04 18:41:57	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	H:\ProgramData\ntuser.pol
2014-07-04 18:41:54	--------	d-----w-	H:\Users\HomeGroupUser$\AppData
2014-07-04 18:41:54	--------	d-----w-	H:\Users\Gast\AppData
2014-07-04 18:41:54	--------	d-----w-	H:\Users\Administrator\AppData
2014-07-04 18:27:10	FB0B80498604B738E2CC376D0919C590	444448	----a-w-	H:\Users\Els\Downloads\Brian Eno & Karl Hyd...P3  320Kbps [EDM RG].exe
2014-06-22 14:28:48	--------	d-----w-	H:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-06-22 14:28:12	72A874D2DDCD2E783D999F97DA623BE2	667344	----a-w-	H:\Users\Els\Downloads\mp3gain-win-1_2_5.exe
2014-06-09 15:31:44	--------	d-----w-	H:\ProgramData\Adobe
2014-06-09 15:16:29	--------	d-----w-	H:\ProgramData\WEBREG
2014-06-09 14:35:01	--------	d-----w-	H:\ProgramData\HP Product Assistant
2014-06-09 14:33:00	--------	d-----w-	H:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-09 14:25:31	--------	d-----w-	H:\ProgramData\HP

====== H: exe-files ==
2014-07-05 09:15:41	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	H:\Program Files\trend micro\Els.exe
2014-07-05 09:15:22	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	H:\Users\Els\Downloads\RSIT (1).exe
2014-07-05 09:14:58	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	H:\Users\Els\Downloads\RSIT.exe
2014-07-05 05:47:52	0C3FD9A9742058B019C901773A4DEBE4	92708840	----a-w-	H:\Windows\System32\MRT.exe
2014-07-05 05:30:09	AC6998D92A311E7CF0B4DAEC3566F444	51080	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-07-05 05:30:09	956672375AF066D958E4D07F5ABAFC1A	51080	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-07-05 05:30:09	901AC7A94B75648F4084A37640473271	895120	----a-w-	H:\Program Files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-07-05 05:30:05	AA0E4F73727BFC8BA404884B1C1DB719	285064	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-07-05 05:30:05	80E350E0AA963B2125896B13E60A4D68	114568	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-07-05 05:30:05	397D14958D6C9C2B365469A857B2AC4E	230792	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-07-05 05:30:02	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	H:\Program Files\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-07-05 05:29:59	901AC7A94B75648F4084A37640473271	895120	----a-w-	H:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe
2014-07-05 05:25:21	EDAC53E2964C7ACE868208C3B6C5C8F1	39078480	----a-w-	H:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\35.0.1916.153\35.0.1916.153_chrome_installer.exe
2014-07-05 05:24:53	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	H:\Program Files\Google\Update\GoogleUpdate.exe
2014-07-05 05:02:07	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	H:\Users\Els\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 18:34:41	09814F775DA3CB93CDA28B18BACC1F98	1384448	----a-w-	H:\Users\Els\AppData\Local\Temp\2b796835\setup.exe
2014-07-04 18:28:31	C4AEDBEEA07AE32C46A2D48DE4B1E425	24857	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT63.tmp.exe
2014-07-04 18:28:31	C2C6231139CB2B73E03F1934C63AEED8	4302	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT42.tmp.exe
2014-07-04 18:28:31	B51DB4C413AC6C6B9881EA6D203F8E4C	64875	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1D.tmp.exe
2014-07-04 18:28:31	AE84CC4B886A8DCC4C8BB3CAE51FDB5C	4828	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT53.tmp.exe
2014-07-04 18:28:31	84BD159141A52895BFBE3816A1D78EAA	473736	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFB.tmp.exe
2014-07-04 18:28:31	68433E5EE213C545B963CD7F7C94C2C6	429647	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1F.tmp.exe
2014-07-04 18:28:31	645FEF15EA5466332FD3EA9669A9F83C	817664	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFC.tmp.exe
2014-07-04 18:28:31	5D3C8C98A1CB4D79D53D4FF8B88F05AF	6521	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1C.tmp.exe
2014-07-04 18:28:31	571270A5B43D78A6BF9F87678A7767E0	9785	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT31.tmp.exe
2014-07-04 18:28:31	409855ED68E62B0FA9EC385A40E5B2BF	8093	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT41.tmp.exe
2014-07-04 18:28:31	394E57F81FDD5085B8546D39677886AD	64852	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT1E.tmp.exe
2014-07-04 18:28:31	29A0902E8F036F63C9A79647614FF053	305	----a-w-	H:\Users\Els\AppData\Local\Temp\UNT30.tmp.exe
2014-07-04 18:28:31	281475C13DF34EE2B896107CBDF222A3	5937	----a-w-	H:\Users\Els\AppData\Local\Temp\UNTFFFA.tmp.exe
2014-07-04 18:27:10	FB0B80498604B738E2CC376D0919C590	444448	----a-w-	H:\Users\Els\Downloads\Brian Eno & Karl Hyd...P3  320Kbps [EDM RG].exe
=== H: other files ==
2014-07-05 05:18:57	EAA4A59CFA4AB73843B13E86B50F573D	270752	----a-w-	H:\Windows\System32\DriverStore\FileRepository\aswndisflt.inf_x86_neutral_d00351d079a23f96\x86\aswNdisFlt.sys
2014-07-05 05:18:57	EAA4A59CFA4AB73843B13E86B50F573D	270752	----a-w-	H:\Windows\System32\drivers\aswNdisFlt.sys
2014-07-05 05:03:17	12E71DA845D76665B56753AD149E32B3	110296	----a-w-	H:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 05:02:54	BD27D97297934FD4217A37FD28A7ABC7	51928	----a-w-	H:\Windows\System32\drivers\mwac.sys
2014-07-05 05:02:54	8683C1B450F4B3872839308D836E0F92	23256	----a-w-	H:\Windows\System32\drivers\mbam.sys
2014-07-05 05:02:54	1AA835E8A0B8EDF3D676B4ED4BF5EF07	74456	----a-w-	H:\Windows\System32\drivers\mbamchameleon.sys
2014-07-03 05:08:29	F3334626CB6F02C0FC3C7B84FFCFF77D	564732	----a-w-	H:\Users\Els\AppData\Roaming\Thunderbird\Profiles\bt4amfkc.default\extensions\tbtestpilot@labs.mozilla.com.xpi
2014-07-03 05:08:29	32AEFADD3B193716B90DA0502BEEC1CE	18285	----a-w-	H:\Users\Els\AppData\Roaming\Thunderbird\Profiles\bt4amfkc.default\extensions\extra-cols@jminta_gmail.com.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2126267046-3157385359-980679794-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="H:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="H:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="H:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="H:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="H:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="H:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="H:\Windows\system32\hkcmd.exe"
"Persistence"="H:\Windows\system32\igfxpers.exe"
"AvastUI.exe"="H:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"GrooveMonitor"="H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="H:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Folders ======================

2014-06-09 14:34:24	2069	----a-w-	H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

H:\Windows\tasks\Adobe Flash Player Updater.job --a------ H:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/06/2014 06:28]
H:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ H:\Program Files\Google\Update\GoogleUpdate.exe [05/07/2014 07:24]
H:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ H:\Program Files\Google\Update\GoogleUpdate.exe [05/07/2014 07:24]

==== Other Scheduled Tasks ======================

"H:\Windows\system32\tasks\Adobe Flash Player Updater" [H:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"H:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [H:\Program Files\Google\Update\GoogleUpdate.exe]
"H:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [H:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09/06/2014 16:35]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="H:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [09/06/2014 16:35]

==== Firefox Extensions ======================

ProfilePath: H:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\o09oepzw.default
- avast Online Security - H:\Program Files\AVAST Software\Avast\WebRep\FF

ProfilePath: H:\Users\Els\AppData\Roaming\Thunderbird\Profiles\bt4amfkc.default
- Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: H:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: H:\Users\Els\AppData\Roaming\Mozilla\Firefox\Profiles\o09oepzw.default
FB5621842FDABF9F8359775573498FBC	- H:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll -	Google Update
738C29EAC995029E13333034C1402F56	- H:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll -	Shockwave Flash
14365399E83D7BC15760E8676E890C87	- H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -	Adobe Acrobat
14365399E83D7BC15760E8676E890C87	- H:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -	Adobe Acrobat
0E8B2D0D9E3415A91EF259CE1112C579	- H:\Windows\system32\Adobe\Director\np32dsw_1210150.dll -	Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - H:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/07/2014 07:19]

saVE on - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Administrator\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Els\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Els\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
Google Docs - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
saVE on - Els\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Els\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - Gast\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg
saVE on - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg

==== Chrome Fix ======================

H:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Els\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Els\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Els\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Els\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully
H:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\pfejodmaiohjojamfihcklceolpiikhg deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

H:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
H:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
H:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
H:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
H:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

H:\Users\Els\AppData\Local\Mozilla\Firefox\Profiles\o09oepzw.default\Cache emptied successfully

==== Empty Chrome Cache ======================

H:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== H:\zoek_backup content ======================

H:\zoek_backup (files=108 folders=42 1078824 bytes)

==== Empty Temp Folders ======================

H:\Users\Default\AppData\Local\Temp emptied successfully
H:\Users\Default User\AppData\Local\Temp emptied successfully
H:\Users\Els\AppData\Local\Temp will be emptied at reboot
H:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
H:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
H:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

H:\Windows\Temp successfully emptied
H:\Users\Els\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

H:\$RECYCLE.BIN successfully emptied
H:\RECYCLER successfully emptied

==== EOF on za 05/07/2014 at 14:48:25,21 ======================