Zoek.exe v5.0.0.0 Updated 05-July-2014
Tool run by Gabrielle on do 10/07/2014 at 16:19:18,13.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabrielle\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

10/07/2014 16:20:51 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Oracle deleted successfully
C:\Users\Gabrielle\AppData\Roaming\hpqlog deleted successfully
C:\Users\Gabrielle\AppData\Local\PackageStaging deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{932223CA-E363-89BE-9BD1-5CCC44FDE039} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{932223CA-E363-89BE-9BD1-5CCC44FDE039} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Internet Explorer\SearchScopes\{617D2AE1-A54B-4F48-8F30-8C4071DF064D} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77CC7BB1-414B-42CD-9899-BAD3A45B058B} deleted successfully
HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{932223CA-E363-89BE-9BD1-5CCC44FDE039} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{932223CA-E363-89BE-9BD1-5CCC44FDE039} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

7-Zip 9.20 (x64 edition)  
Adobe Shockwave Player 12.0  
Avira  
Avira Free Antivirus  
BlockAndSurf  
Bonjour  
Buenosearch  
CyberLink LabelPrint  
CyberLink Media Suite 10  
Cyberlink PhotoDirector  
CyberLink Power2Go 8  
CyberLink PowerDirector 10  
CyberLink PowerDVD 12  
CyberLink YouCam  
D3DX10  
DisableMSDefender  
Energy Star  
Fotogalerie  
FreeSoftToday 005.50  
Galerie de photos  
Google Chrome  
Google Update Helper  
Google+ Auto Backup  
Groot Puzzelwoordenboek  
Hewlett-Packard ACLM.NET v1.2.2.3  
HP 3D DriveGuard  
HP Connected Music (Meridian - installer)  
HP CoolSense  
HP Customer Experience Enhancements  
HP Documentation  
HP Postscript Converter  
HP Recovery Manager  
HP Registration Service  
HP SimplePass  
HP Support Assistant  
HP System Event Utility  
HP Utility Center  
HP Wireless Button Driver  
Inst5675  
Inst5676  
Intel(R) Management Engine Components  
Intel(R) Processor Graphics  
Intel(R) Rapid Storage Technology  
Intel© Trusted Connect Service Client  
Java 7 Update 55  
Java Auto Updater  
Microsoft Application Error Reporting  
Microsoft Office  
Microsoft PowerPoint Viewer  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Movie Maker  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
Notepad++  
Photo Common  
Photo Gallery  
Picasa 3  
Ralink Bluetooth Stack64  
Ralink RT3290 802.11bgn Wi-Fi Adapter  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Scrivener for Windows Beta  
Search Protect  
Settings Manager  
swMSM  
Synaptics Pointing Device Driver  
The weDownload Manager  
Windows Live  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Users\Gabrielle\AppData\Local\fst_be_50\upfst_be_50.exe
C:\Users\Gabrielle\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
C:\Program Files (x86)\di4BlockAndSurf\BlockAndSurf.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\fst_be_50\fst_be_50.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Gabrielle\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"buenosearch"=- 
"BlockAndSurf"=- 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] 

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{932223CA-E363-89BE-9BD1-5CCC44FDE039}] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"AnyProtect Scanner"=- 
"fst_be_50"=- 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] 
"upfst_be_50.exe"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\SupTab deleted
C:\ProgramData\WindowsMangerProtect deleted
C:\Program Files (x86)\NetCrawl deleted
C:\Users\Gabrielle\AppData\Roaming\sweet-page deleted
C:\Program Files (x86)\AnyProtectEx deleted
C:\ProgramData\DSearchLink deleted
C:\PROGRA~2\The weDownload Manager deleted
C:\PROGRA~2\SearchProtect deleted
C:\Users\Gabrielle\AppData\Roaming\aps.scan.quick.results deleted
C:\Users\Gabrielle\AppData\Roaming\aps.scan.results deleted
C:\Users\Gabrielle\AppData\Roaming\aps.uninstall.scan.results deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Gabrielle\AppData\Local\nst38B5.tmp deleted
C:\Users\Gabrielle\AppData\Local\SearchProtect deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrEeSoFtToDaY deleted
C:\Windows\Tasks\0623f81e-b9ca-40c6-8327-6544f405ff43-6.job deleted
C:\Windows\Tasks\0623f81e-b9ca-40c6-8327-6544f405ff43-7.job deleted
C:\windows\SysNative\Tasks\0623f81e-b9ca-40c6-8327-6544f405ff43-6 deleted
C:\windows\SysNative\Tasks\0623f81e-b9ca-40c6-8327-6544f405ff43-7 deleted
C:\Users\Gabrielle\Searches deleted
C:\Users\Gabrielle\Downloads\SoftonicDownloader_voor_powerpoint-viewer.exe deleted
C:\Users\Gabrielle\Downloads\SoftonicDownloader_voor_scrivener.exe deleted
C:\Users\Gabrielle\AppData\LocalLow\DataMngr deleted
C:\Windows\tasks\BlockAndSurf Update.job deleted
C:\Windows\tasks\BlockAndSurf_wd.job deleted
C:\Windows\tasks\APSnotifierPP1.job deleted
C:\Windows\tasks\APSnotifierPP2.job deleted
C:\Windows\tasks\APSnotifierPP3.job deleted
C:\windows\SysNative\tasks\APSnotifierPP1 deleted
C:\windows\SysNative\tasks\APSnotifierPP2 deleted
C:\windows\SysNative\tasks\APSnotifierPP3 deleted
C:\windows\SysNative\drivers\{890a8319-7c6f-45e4-a506-152b8d2d9310}Gw64.sys deleted
C:\Users\Gabrielle\Desktop\Continue VuuPC Installation.lnk deleted
"C:\Windows\Installer\1c4e6d.msi" deleted
"C:\Program Files (x86)\di4BlockAndSurf\BlockAndSurf.exe" deleted
"C:\Users\Gabrielle\AppData\Local\fst_be_50\upfst_be_50.exe" deleted
"C:\PROGRA~2\fst_be_50\fst_be_50.exe" deleted
"C:\Users\Gabrielle\AppData\Local\fst_be_50\upfst_be_50.exe" deleted
"C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe" deleted
"C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch\1.3.8.2\sqlite.dll" deleted
"C:\Program Files (x86)\di4BlockAndSurf" deleted
"C:\Users\Gabrielle\AppData\Local\fst_be_50" deleted
"C:\PROGRA~2\fst_be_50" deleted
"C:\Users\Gabrielle\AppData\Local\buenosearch" deleted
"C:\Users\Gabrielle\AppData\Local\fst_be_50" deleted
"C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch" deleted
"C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch\1.3.8.2" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8123 MB
CPU Info: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
CPU Speed: 2354,6 MHz
Sound Card: luidspreker/Hoofdtelefoon (Real | 
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | Ralink RT3290 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GU90N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  914,4GB | D:  16,4GB
Hard Disks - Free: C:  861,8GB | D:  1,6GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: Romance (standaardtijd)
Motherboard *: Hewlett-Packard 2163
Country: Belgi‰ 
Language: NLB 

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome	35.0.1916.153
Internet Explorer Version: 11.0.9600.17126 
Google Chrome version: 35.0.1916.153
Sun Java version: 1.7.0_55 (32-bit) 
Shockwave Player version: 12.0.4r144

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\GABRIE~1\AppData\Local\Temp ====
2014-07-10 12:34:14	FB5621842FDABF9F8359775573498FBC	605064	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\npGoogleUpdate3.dll
2014-07-10 12:34:14	C95CDDF65F9F8C9433AFF8F0A811375A	189320	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\psmachine_64.dll
2014-07-10 12:34:14	956672375AF066D958E4D07F5ABAFC1A	51080	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateOnDemand.exe
2014-07-10 12:34:14	901AC7A94B75648F4084A37640473271	895120	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateSetup.exe
2014-07-10 12:34:14	84180917AAB55EE4392C54E0E0BD4022	166792	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\psmachine.dll
2014-07-10 12:34:14	77E585EDD4C7EB7AB2ACC36BC1DC32A5	1696648	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\goopdate.dll
2014-07-10 12:34:14	715CCB3F5EDA626198CCADC7AB8CE9A2	189320	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\psuser_64.dll
2014-07-10 12:34:14	3D58798BD1D1F96381C0B47CA859739D	166792	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\psuser.dll
2014-07-10 12:34:13	DEC1A40D0210FAD3BB67028B97F155A4	26112	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateHelper.msi
2014-07-10 12:34:13	AC6998D92A311E7CF0B4DAEC3566F444	51080	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateBroker.exe
2014-07-10 12:34:13	AA0E4F73727BFC8BA404884B1C1DB719	285064	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleCrashHandler64.exe
2014-07-10 12:34:13	80E350E0AA963B2125896B13E60A4D68	114568	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateComRegisterShell64.exe
2014-07-10 12:34:13	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdate.exe
2014-07-10 12:34:13	397D14958D6C9C2B365469A857B2AC4E	230792	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleCrashHandler.exe
2014-07-10 10:35:49	59271C345DBDCCCA05E37ABBE19D58E0	530928	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\uninst1.exe
2014-07-10 10:34:53	FE1BB2A4132A20D353A14CB7A3C648D9	543664	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\buenosearch.exe
2014-07-10 10:31:36	42CDD74F60853C2F4E959416A0157A08	5120	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\BbFBE8.exe
2014-07-10 10:30:34	A210F1AC135E5331C314CE5F394FB5A5	413276	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll
2014-07-10 10:30:19	9C089EC3BA65B47823D43DCD447DC647	429128	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\BuenoSearchTB.exe
2014-07-10 08:47:34	C9B0E5CAB733D9B9FBB851A85DDE0299	576083	------w-	C:\Users\Gabrielle\AppData\Local\Temp\is45637729\160897_stp\AnyProtectScannerSetup.exe
====== Java Cache =====
2014-06-14 16:16:03	86C47CA21A599230CA54E8F5EBDB6A07	124	----a-w-	C:\Users\Gabrielle\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\7\6619ee07-792f918f
====== C:\Windows\SysWOW64 =====
2014-07-10 11:18:41	0A9EB3956BCB7E5CDE15AF987BD81543	488960	----a-w-	C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-10 13:00:17	3D748E5558FD9A9F03182CB2330698DC	1018880	----a-w-	C:\Windows\Sysnative\termsrv.dll
2014-07-10 11:18:41	78FC2B2BA0E5E1C9249E3157D4EE9BC7	586240	----a-w-	C:\Windows\Sysnative\qedit.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-10 11:11:06	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-10 11:11:05	2EF4E5EDE91EF893603E8B72890AC605	57528	----a-w-	C:\Windows\Sysnative\drivers\webinstr.sys
2014-06-27 07:35:03	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-06-14 13:14:33	A9749FD0A06E22009EA972D8B9CB046B	428888	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-06-14 13:14:33	4B666AE119D2ADBAC816BEA7DB4D6881	2518872	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2014-06-14 13:14:32	D18EC2C83C2F773C9476A4FB0AA4C314	295424	----a-w-	C:\Windows\Sysnative\drivers\ks.sys
2014-06-14 13:13:59	92370F46AF28D54B67C135FA8C2AFCFC	1200128	-c--a-w-	C:\Windows\Sysnative\drivers\bthport.sys
2014-06-14 13:13:58	7C7BE474915166B61B84C025F1F10157	563200	----a-w-	C:\Windows\Sysnative\drivers\afd.sys
2014-06-14 13:13:57	FD163F487CBA9C98AFFEB546C80F49A2	677376	----a-w-	C:\Windows\Sysnative\drivers\srv2.sys
2014-06-14 13:13:57	DBA635C6398782C549E3BE45CF1D0411	206848	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-06-14 13:13:57	78514B073CC5775800A65BFB82A0D66B	443904	----a-w-	C:\Windows\Sysnative\drivers\nwifi.sys
2014-06-14 13:13:57	4BB9BC49DEE1A319EC58274A7BBED663	310616	-c--a-w-	C:\Windows\Sysnative\drivers\volsnap.sys
2014-06-14 13:13:56	0696F66E4D423793951A60562F794D14	402432	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-06-14 13:13:55	F152D55E497E12256290C43B31C7D0CE	589656	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
2014-06-14 13:13:55	D90AB68D0FAC9F357F663670FDBB511E	275800	-c--a-w-	C:\Windows\Sysnative\drivers\msiscsi.sys
2014-06-14 13:13:55	CADCE0D6C30427F70A4BFA426256F68C	337240	----a-w-	C:\Windows\Sysnative\drivers\Classpnp.sys
2014-06-14 13:13:55	716059F37BCCB1ABEDE99EBE82E8E362	246272	----a-w-	C:\Windows\Sysnative\drivers\srvnet.sys
2014-06-14 13:13:55	6592D192E2823C043EDBC010E7774053	360792	----a-w-	C:\Windows\Sysnative\drivers\fltMgr.sys
2014-06-14 13:13:55	4C1E71E37B56C768900B1FCF81205027	372568	----a-w-	C:\Windows\Sysnative\drivers\storport.sys
2014-06-14 13:13:55	498288DD5CA42C2D36D125893E968C53	77312	-c--a-w-	C:\Windows\Sysnative\drivers\hdaudbus.sys
2014-06-14 13:13:55	33977549C2CED09936E05BEE7659EAFF	384856	-c--a-w-	C:\Windows\Sysnative\drivers\spaceport.sys
2014-06-14 13:13:24	182561A14F2E93E81E66FE3700D17A5A	55328	----a-w-	C:\Windows\Sysnative\drivers\wpcfltr.sys
====== C:\Windows\Tasks ======
2014-07-10 10:31:32	B47BD69E55AAE5F003E40FB9FA96E265	3634	----a-w-	C:\Windows\Sysnative\Tasks\Buenosearch
2014-06-27 07:39:31	693F0C823F7D6B1B8A0C118BC21130C7	1050	----a-w-	C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2773254006-4265912764-3895464385-1001Core1cf91daee850a22.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-10 12:45:15	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2014-07-10 10:30:57	--------	d-----w-	C:\PROGRA~2\Scrivener
2014-06-21 15:37:26	--------	d-----w-	C:\PROGRA~2\Notepad++
======= C: =====
====== C:\Users\Gabrielle\AppData\Roaming ======
2014-07-10 12:40:35	--------	d-----w-	C:\Users\Gabrielle\AppData\Local\ElevatedDiagnostics
2014-07-03 15:43:10	--------	d-----w-	C:\Users\Gabrielle\AppData\Roaming\CyberLink
2014-06-27 07:38:46	--------	d-----w-	C:\Users\Gabrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-06-27 07:38:46	--------	d-----w-	C:\Users\Gabrielle\AppData\Local\Programs
2014-06-21 15:37:27	--------	d-----w-	C:\Users\Gabrielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-21 15:37:26	--------	d-----w-	C:\Users\Gabrielle\AppData\Roaming\Notepad++
====== C:\Users\Gabrielle ======
2014-07-10 12:45:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Gabrielle\Downloads\RSITx64.exe
2014-07-10 11:11:04	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\ProgramData\ntuser.pol
2014-07-10 10:31:07	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2014-06-27 07:37:54	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-27 07:37:28	2294324CC84BA6D4CE08355580723189	17312072	----a-w-	C:\Users\Gabrielle\Downloads\picasa39-setup.exe
2014-06-21 15:37:27	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

====== C: exe-files ==
2014-07-10 12:45:15	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Gabrielle.exe
2014-07-10 12:45:00	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Gabrielle\Downloads\RSITx64.exe
2014-07-10 12:34:28	EDAC53E2964C7ACE868208C3B6C5C8F1	39078480	----a-w-	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\35.0.1916.153\35.0.1916.153_chrome_installer.exe
2014-07-10 12:34:14	956672375AF066D958E4D07F5ABAFC1A	51080	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateOnDemand.exe
2014-07-10 12:34:14	901AC7A94B75648F4084A37640473271	895120	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateSetup.exe
2014-07-10 12:34:13	AC6998D92A311E7CF0B4DAEC3566F444	51080	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateBroker.exe
2014-07-10 12:34:13	AA0E4F73727BFC8BA404884B1C1DB719	285064	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleCrashHandler64.exe
2014-07-10 12:34:13	80E350E0AA963B2125896B13E60A4D68	114568	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdateComRegisterShell64.exe
2014-07-10 12:34:13	506708142BC63DABA64F2D3AD1DCD5BF	116648	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleUpdate.exe
2014-07-10 12:34:13	397D14958D6C9C2B365469A857B2AC4E	230792	----atw-	C:\Users\Gabrielle\AppData\Local\Temp\{5F243E95-6C0A-4E76-8B05-69C92D002278}\GoogleCrashHandler.exe
2014-07-10 12:28:13	9D2290F43B7F559AF8D0B6B327BBCAFE	4621032	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\T7F3IHG0\avira_en_av___ws2.exe
2014-07-10 11:18:42	6946919260BB72A21C69037C6BA2CDB5	2095616	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2014-07-10 11:10:58	972A44481C2D26D92834B3C7445B83BF	5203881	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\N7YCNHYR\BlockAndSurf_2222-5510[1].exe
2014-07-10 11:10:50	15F8CABCE48DF2E95B847014F358A3C5	3310448	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\ZSGCUA8S\setup_fst_be[1].exe
2014-07-10 11:07:52	AA86DCFE35EB5B6EDEBA279FD2679A9C	49502	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\T7F3IHG0\REDChecker[1].exe
2014-07-10 11:07:42	A3F35950BD24CBF465159A9B3745F0C9	192392	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\N7YCNHYR\VuuPC_VO2_8907[1].exe
2014-07-10 11:06:51	8A7BF5C34A5F81096E5650243D7A0B54	590642	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\5PT3MUSF\Setup[2].exe
2014-07-10 10:35:49	59271C345DBDCCCA05E37ABBE19D58E0	530928	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\uninst1.exe
2014-07-10 10:34:53	FE1BB2A4132A20D353A14CB7A3C648D9	543664	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\buenosearch.exe
2014-07-10 10:33:47	B40301CE9FFFB505FA7CEDF1EA859DB7	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2773254006-4265912764-3895464385-1001\$IALITP7.exe
2014-07-10 10:33:42	BF2D4C247F7120A213066BB6CB7738A5	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2773254006-4265912764-3895464385-1001\$IZPYYLI.exe
2014-07-10 10:31:56	D1CE3D8285ADB2270EABF35E11C4EA5E	16976896	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\ZSGCUA8S\AnyProtect[1].exe
2014-07-10 10:31:54	D95A0FC514AFD834CA445E9D8CAE00FC	591520	----a-w-	C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\IE\5PT3MUSF\Setup[1].exe
2014-07-10 10:31:36	42CDD74F60853C2F4E959416A0157A08	5120	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\BbFBE8.exe
2014-07-10 10:31:07	CD3D461658465AF4CD0A0B6677074ED0	5618659	----a-w-	C:\Program Files (x86)\Scrivener\uninstall.exe
2014-07-10 10:31:06	5607B6CDC262DFAECE1549587C6D0D15	5733296	----a-w-	C:\Program Files (x86)\Scrivener\liveupdates\autoupdate-windows.exe
2014-07-10 10:31:04	21B17DD3842396576A7AE8E082D1D25C	24450	----a-w-	C:\Program Files (x86)\Scrivener\Aspell\bin\word-list-compress.exe
2014-07-10 10:31:03	1755663BDF906F1B348FAF1090FB3733	788332	----a-w-	C:\Program Files (x86)\Scrivener\Aspell\bin\aspell.exe
2014-07-10 10:31:01	D4EAC1E91D473B13EDDF36961C32FFAA	9302648	----a-w-	C:\Program Files (x86)\Scrivener\Scrivener.exe
2014-07-10 10:31:01	9153F1EAE1F0B0A3F9F25C7624982E66	15474688	----a-w-	C:\Program Files (x86)\Scrivener\docformats\doc2any.exe
2014-07-10 10:30:58	C95557D374704C312643C9EEAECF2895	282656	----a-w-	C:\Program Files (x86)\Scrivener\docformats\mmd\multimarkdown.exe
2014-07-10 10:30:19	B89F024CD38FE880D6A97FA7DC86F181	48742912	----a-w-	C:\$Recycle.Bin\S-1-5-21-2773254006-4265912764-3895464385-1001\$RZPYYLI.exe
2014-07-10 10:30:19	9C089EC3BA65B47823D43DCD447DC647	429128	----a-w-	C:\Users\Gabrielle\AppData\Local\Temp\BuenoSearchTB.exe
2014-07-10 10:30:19	4B00697B32264F7D26E9EBE50E7CA22F	287750	----a-w-	C:\$Recycle.Bin\S-1-5-21-2773254006-4265912764-3895464385-1001\$RALITP7.exe
2014-07-10 08:47:34	C9B0E5CAB733D9B9FBB851A85DDE0299	576083	------w-	C:\Users\Gabrielle\AppData\Local\Temp\is45637729\160897_stp\AnyProtectScannerSetup.exe
2014-07-07 11:53:12	E18DA87960DB27144D31D2E944BD55A2	189520	----a-w-	C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
2014-07-07 11:53:10	CD60BA2B102F114D6AF53BE17EEDCD4B	141392	----a-w-	C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
2014-07-07 11:53:02	A90E79883A321BB2C857E18BADA64D72	76880	----a-w-	C:\Program Files (x86)\Avira\My Avira\Avira.OE.Messenger.exe
2014-07-04 09:33:35	BC8AE949C6AE0191DEB38A5A62388668	4342264	----a-w-	C:\ProgramData\Avira\My Avira\Temp\avira_en.exe
2014-07-04 07:08:59	8DEE08F59851CC0802A14FC6C3E491FD	491600	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\wsctool.exe
2014-07-04 07:08:59	4CB9C602FEB19998A645810B6BEE2879	67152	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\toastNotifier.exe
2014-07-04 07:08:58	251BF5D259B75B6E291B0CA6D497DAA1	1870928	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\setup.exe
2014-07-04 07:08:58	140D7FF21B9F8EDF580A5B99ACAB116C	416336	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\setuppending.exe
2014-07-04 07:08:57	E6D8165A8457823538C0A08B2936A4A6	447056	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\ipmgui.exe
2014-07-04 07:08:57	71FF376D7483374E3C8907A7A6B2FCAB	482384	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\licmgr.exe
2014-07-04 07:08:57	4C14746BCBF9985BDBF1CD1BEED96DF8	430160	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\sched.exe
2014-07-04 07:08:57	1D28958CD5EFF2CC4A1EE046B7037332	486480	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\inssda64.exe
2014-07-04 07:08:56	190602B46E570F731FD33BBE6D5B433A	656976	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\guardgui.exe
2014-07-04 07:08:55	FD3FD69225A261EA685999168C8114CB	878672	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\fact.exe
2014-07-04 07:08:55	6B87DBF7C8A17D6D297A4DE9CD9AE6F7	463440	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\ccuac.exe
2014-07-04 07:08:55	40386BC96A963F0F40928B4E2A200786	399440	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\checkt.exe
2014-07-04 07:08:53	D8D796E27D3EAAB079F90372F7C80EC2	494672	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avwebloader.exe
2014-07-04 07:08:53	9FC22B8EFC90A1BFBA5AB5649BE773BA	622672	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\vista64\avshadow.exe
2014-07-04 07:08:53	8900BF6C4D6B02F8E4CBE9A276D15B50	1028688	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avwebgrd.exe
2014-07-04 07:08:53	766252EC1A3E4AAA6C9AC4EAD152D3AA	407632	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avupgsvc.exe
2014-07-04 07:08:53	2A2BC67284FC54EAD31390CD130A0D5C	1203808	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avwsc.exe
2014-07-04 07:08:52	8777CD17E524EDAF32A42930B4C5A5B9	545360	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avrestart.exe
2014-07-04 07:08:52	4888521CC073279950204635385E0E19	1042512	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avscan.exe
2014-07-04 07:08:51	F1F9E1CE076954D57772A0DE1C8E9FA1	855632	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avconfig.exe
2014-07-04 07:08:51	6C1B71D162F409E9ECF013EE444D7880	683600	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avnotify.exe
2014-07-04 07:08:51	4C14746BCBF9985BDBF1CD1BEED96DF8	430160	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avguard.exe
2014-07-04 07:08:51	1E9B225DE829A6F666A0BA9B8A7984BF	750160	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avgnt.exe
2014-07-04 07:08:50	76BBAFE390FAA4F071D4987A3C9E9DDB	415312	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avadmin.exe
2014-07-04 07:08:50	2C4279C5FFD077B62F1E31A46015A60C	702032	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\avcenter.exe
2014-07-04 07:08:43	88D5E978D96EE153E6EAD9D6E2225A3D	1054288	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\update.exe
2014-07-04 07:08:43	4502AC81669E8B35653815606E69F4A1	392272	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\updrgui.exe
=== C: other files ==
2014-07-10 11:11:05	2EF4E5EDE91EF893603E8B72890AC605	57528	----a-w-	C:\Windows\System32\drivers\webinstr.sys
2014-07-10 10:30:59	FC102BE1D0C4E785D95A023063325403	100	----a-w-	C:\Program Files (x86)\Scrivener\docformats\mmd\mmd.bat
2014-07-10 10:30:59	F3F293A0197F4B583C8FB7D0BCF9BBD7	109	----a-w-	C:\Program Files (x86)\Scrivener\docformats\mmd\mmd2tex.bat
2014-07-04 07:08:50	4663C5AD76FE8E19592DE808156FA07D	117712	----a-w-	C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira13\win32\en\pecl\win864\avgntflt.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Gabrielle\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Google+ Auto Backup"="C:\Users\Gabrielle\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"upfst_be_50.exe"="C:\Users\Gabrielle\AppData\Local\fst_be_50\upfst_be_50.exe -runonce"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Gabrielle\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Google+ Auto Backup"="C:\Users\Gabrielle\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/04/2014 13:03]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/04/2014 13:03]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2773254006-4265912764-3895464385-1001Core1cf91daee850a22.job --a-------- C:\Users\Gabrielle\AppData\Local\Google\Update\GoogleUpdate.exe [27/06/2014 09:38]
C:\Windows\tasks\HPCeeScheduleForGabrielle.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 05:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Buenosearch" [C:\Users\Gabrielle\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{8644489E-1B84-473A-936D-37A021C58C6F}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{5932BCAD-47CC-DE58-D9CC-57BBB4D71873}"="C:\Program Files (x86)\di4BlockAndSurf\175.xpi" []

==== Chrome Look ======================

Google Docs - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avira Browser Safety - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
{page b.html}content_scripts:[{all_frames:falsejs:[c.js]matches:[http://*/*https://*/*]run_at:document_end}]description:icons:{16:icon16.png48:icon48.png128:icon128.png}manifest_version:2name:BlockAndSurfpermissions:[cookiesstorageunlimitedStoragehttp://*/*https://*/*tabswebRequestwebRequestBlocking]version:1.175.0.0} - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalkmjahglhgjafbhgljpfbhmldpklom
Google Wallet - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal deleted successfully
C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalkmjahglhgjafbhgljpfbhmldpklom deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.buenosearch.com/?babsrc=HP_kms&tt=na&mntrId=0263fbca52052e6150cc3f4909181e57&affID=128493&tsp=5304"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{77CC7BB1-414B-42CD-9899-BAD3A45B058B}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77CC7BB1-414B-42CD-9899-BAD3A45B058B}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2773254006-4265912764-3895464385-1001\Software\Mozilla\Firefox\Extensions\{5932BCAD-47CC-DE58-D9CC-57BBB4D71873} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\RunOnce: [upfst_be_50.exe] C:\Users\Gabrielle\AppData\Local\fst_be_50\upfst_be_50.exe -runonce
O4 - HKCU\..\Run: [Google Update] "C:\Users\Gabrielle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\Gabrielle\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service:  HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem21.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service:  HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Gabrielle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Gabrielle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=298 folders=111 69876549 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabrielle\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GABRIE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 10/07/2014 at 16:32:05,13 ======================