
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Etienne on wo 16/04/2014 at 18:16:37,60.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Etienne\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-04-16-075740.log	1344 bytes

==== Empty Folders Check ======================

C:\Users\Jacqueline\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully
HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{0307351f-b2d7-41f2-b44a-8af7d9d90a18} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("browser.startup.homepage", "http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-393&v=a11465-121&t=4");
user_pref("keyword.URL", "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=393&systemid=1&v=a11465-121&apn_dtid=IME001&apn_ptnrs=AGE&apn_uid=90246154
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files (
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- FireFox user.js and prefs.js backups ---- 

prefs_20141604_1830_.backup

ProfilePath: C:\Users\JACQUE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gtj9at78.default

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("keyword.URL", "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=13997&locale=en_US&apn_uid=15181B8D-EC5C-4BA7-B825-D115115D035C&
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- FireFox user.js and prefs.js backups ---- 

prefs_20141604_1830_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0307351f-b2d7-41f2-b44a-8af7d9d90a18}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
""=- 
"ApnUpdater"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"=- 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] 

==== Deleting Files \ Folders ======================

C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\extensions\{5147C8B6-24A9-37BC-F763-B7F416AC69E6} deleted
C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\extensions\toolbar@ask.com deleted
C:\Program Files (x86)\ConduitEngine deleted
C:\Program Files (x86)\Vuze_Remote deleted
C:\PROGRA~2\iMesh Applications deleted
C:\PROGRA~2\MyFree Codec deleted
C:\PROGRA~2\Conduit deleted
C:\extensions deleted
C:\Users\Etienne\AppData\Roaming\DriverCure deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Wincert deleted
C:\PROGRA~3\Tarma Installer deleted
C:\Users\Etienne\AppData\Local\APN deleted
C:\Users\Etienne\AppData\Local\iMesh deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted
C:\Users\Etienne\AppData\LocalLow\imeshmusicboxtoolbarha deleted
C:\Users\Etienne\AppData\LocalLow\AskToolbar deleted
C:\Users\Etienne\AppData\LocalLow\DataMngr deleted
C:\Users\Etienne\AppData\LocalLow\Conduit deleted
C:\Users\Etienne\AppData\LocalLow\conduitEngine deleted
C:\Users\Jacqueline\AppData\LocalLow\Vuze_Remote deleted
C:\Users\Jacqueline\AppData\LocalLow\AskToolbar deleted
C:\Users\Jacqueline\AppData\LocalLow\DataMngr deleted
C:\Users\Jacqueline\AppData\LocalLow\PriceGong deleted
C:\Users\Jacqueline\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Vuze_Remote deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Conduit deleted
C:\Windows\WININIT.INI deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\END deleted
C:\Windows\Syswow64\ConduitEngine.tmp deleted
C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\searchplugins\Ask.xml deleted
C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\searchplugins\askcom.xml deleted
C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\valueApps deleted
C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default\imeshmusicboxtoolbarha deleted
C:\Users\JACQUE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gtj9at78.default\imeshmusicboxtoolbarha deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Etienne\Desktop\iMesh.lnk deleted
C:\PROGRA~2\Mozilla Firefox\searchplugins\Ask.xml deleted
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\apcrtldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\Datamngr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\IEBHO.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\mgrldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\apcrtldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\Datamngr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\IEBHO.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\mgrldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\apcrtldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\Datamngr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\IEBHO.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\mgrldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\apcrtldr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\Datamngr.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\IEBHO.dll" deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64\mgrldr.dll" deleted
"C:\PROGRA~2\Ask.com\Updater\Updater.exe" deleted
"C:\Users\Etienne\AppData\Roaming\Temp" deleted
"C:\Program Files (x86)\Ask.com" not deleted
"C:\PROGRA~2\Music Toolbar" not deleted
"C:\PROGRA~2\Music Toolbar" not deleted
"C:\PROGRA~2\Ask.com" not deleted
"C:\Users\Etienne\AppData\Roaming\OpenCandy" deleted
"C:\Users\Etienne\AppData\Local\Conduit" deleted
"C:\Users\Etienne\AppData\LocalLow\Vuze_Remote" deleted
"C:\Program Files (x86)\Ask.com\Updater" not deleted
"C:\PROGRA~2\Music Toolbar\Datamngr" not deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64" not deleted
"C:\PROGRA~2\Music Toolbar\Datamngr" not deleted
"C:\PROGRA~2\Music Toolbar\Datamngr\x64" not deleted
"C:\PROGRA~2\Ask.com\Updater" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Etienne\AppData\Local\Temp ====
====== Java Cache =====
2014-04-06 16:41:51	FED06ED0728F89F4A6F3F81092025292	38	----a-w-	C:\Users\Etienne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7ce62fc0-6.0.lap
2014-04-06 16:41:51	CA680BD1963D2F74BDA917695A9704C0	24165	----a-w-	C:\Users\Etienne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7e6ea965-52601b13
====== C:\Windows\SysWOW64 =====
2014-04-13 08:40:53	CCF19C82F6145E4A467F7CB9AF82026C	17073152	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-04-13 08:40:52	A45A13AAC7777C096A073FF1F4F5A0D5	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 08:40:03	A30AB03E7C837A17AC70E67E63B8E2F6	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2014-04-13 08:40:03	9F3D88540DB73F5213D5044CB50006DF	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2014-04-13 08:40:03	76161B9D78A275F8F28DD67436013110	1114112	----a-w-	C:\Windows\SysWOW64\kernel32.dll
2014-04-13 08:40:03	2E1D6624EE2C3F454CADF09DC59E78B0	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2014-04-13 08:40:03	1F76F7CB3C690ACB985C2FD419383B49	14336	----a-w-	C:\Windows\SysWOW64\ntvdm64.dll
2014-04-13 08:40:03	1E886E327F37F34CC7465F1605D1F3CD	5120	----a-w-	C:\Windows\SysWOW64\wow32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-04-13 08:40:53	C3E3EFD320D0000BE6F9CDB00CD6086F	23134208	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-04-13 08:40:52	14257E59C8452DCC38B8D55DEDC6EE0D	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-04-13 08:40:03	D2A513EE880D71BDE7F0257F38B9D019	1163264	----a-w-	C:\Windows\Sysnative\kernel32.dll
2014-04-13 08:40:03	74959C718FF4594369645F35B7DF19C4	16384	----a-w-	C:\Windows\Sysnative\ntvdm64.dll
2014-04-13 08:40:03	7434E01FBCA3CB86539C39412A31D5E1	362496	----a-w-	C:\Windows\Sysnative\wow64win.dll
2014-04-13 08:40:03	2A107B611C91CD256466C58C0D776E9D	243712	----a-w-	C:\Windows\Sysnative\wow64.dll
2014-04-13 08:40:03	0F090A77E664CB0F70AB8D3B230B760C	13312	----a-w-	C:\Windows\Sysnative\wow64cpu.dll
====== C:\Windows\Sysnative\drivers =====
2014-04-13 08:40:38	B3222734D80013D2C73841B0C549FA63	27584	----a-w-	C:\Windows\Sysnative\drivers\Diskdump.sys
2014-04-13 08:40:38	A3F0BC5897F9D3786A3CB695B163633A	190912	----a-w-	C:\Windows\Sysnative\drivers\storport.sys
2014-04-13 08:40:38	96BB922A0981BC7432C8CF52B5410FE6	274880	----a-w-	C:\Windows\Sysnative\drivers\msiscsi.sys
2014-04-13 08:39:59	1A29A59A4C5BA6F8C85062A613B7E2B2	1684928	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-04-15 18:17:25	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Etienne\AppData\Roaming ======
2014-04-16 16:32:02	--------	d-----w-	C:\Users\Etienne\AppData\Locallow\DataMngr
2014-04-08 07:00:56	--------	d-----w-	C:\Users\Jacqueline\AppData\Locallow\Google
====== C:\Users\Etienne ======
2014-04-15 18:16:11	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\Etienne\Downloads\RSITx64.exe
2014-04-11 15:51:45	F1E3B9388D1F936376AD7033F34DBBF8	884712	----a-w-	C:\Users\Jacqueline\Downloads\ChromeSetup.exe

====== C: exe-files ==
2014-04-15 18:17:26	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Etienne.exe
2014-04-15 18:16:11	662C39FC1E27131551D557862CEC47F0	935175	----a-w-	C:\Users\Etienne\Downloads\RSITx64.exe
2014-04-13 14:06:33	5547AB584CA80A42F1A0CFC6405D0EE7	37003992	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_chrome_installer.exe
2014-04-13 09:04:49	8FAE9109245E4B4FF42704ECFB86F1B6	8704216	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\34.0.1847.116\34.0.1847.116_33.0.1750.154_chrome_updater.exe
2014-04-13 08:40:03	A30AB03E7C837A17AC70E67E63B8E2F6	2048	----a-w-	C:\Windows\SysWOW64\user.exe
2014-04-13 08:40:03	9F3D88540DB73F5213D5044CB50006DF	7680	----a-w-	C:\Windows\SysWOW64\instnm.exe
2014-04-13 08:40:03	2E1D6624EE2C3F454CADF09DC59E78B0	25600	----a-w-	C:\Windows\SysWOW64\setup16.exe
2014-04-11 15:51:45	F1E3B9388D1F936376AD7033F34DBBF8	884712	----a-w-	C:\Users\Jacqueline\Downloads\ChromeSetup.exe
=== C: other files ==
2014-04-13 08:40:38	B3222734D80013D2C73841B0C549FA63	27584	----a-w-	C:\Windows\System32\drivers\Diskdump.sys
2014-04-13 08:40:38	A3F0BC5897F9D3786A3CB695B163633A	190912	----a-w-	C:\Windows\System32\drivers\storport.sys
2014-04-13 08:40:38	96BB922A0981BC7432C8CF52B5410FE6	274880	----a-w-	C:\Windows\System32\drivers\msiscsi.sys
2014-04-13 08:39:59	1A29A59A4C5BA6F8C85062A613B7E2B2	1684928	----a-w-	C:\Windows\System32\drivers\ntfs.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"gStart"="C:\Program Files (x86)\Garmin\gStart.exe"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

[HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe -update activex"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe 196609"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe                                                                                                                                                                                                             "
"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"WRSVC"="C:\Program Files\Webroot\WRSA.exe -ul"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"gStart"="C:\Program Files (x86)\Garmin\gStart.exe"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~3\\Wincert\\WIN32C~1.DLL C:\\PROGRA~2\\MUSICT~1\\Datamngr\\mgrldr.dll "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ANT Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ANT Agent"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Garmin\\ANT Agent\\ANT Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PLFSetI"
"hkey"="HKLM"
"command"="\"C:\\Windows\\PLFSetI.exe\""


==== Startup Folders ======================

2010-07-10 05:16:19	2262	----a-w-	C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole PMB.lnk
2010-07-02 18:05:08	2103	---ha-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/03/2014 19:03]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/07/2010 20:20]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/07/2010 20:20]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\Windows\SysNative\tasks\{5983235F-EDC2-4BFE-8C5E-65D4E95D0ACA}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{A92628D0-DFF0-4650-AC75-B6BD6DB98AEE}" [C:\Program Files (x86)\Versalsoft\InternetDownload\FLVPlayer.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"webrootsecure@webroot.com"="C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer" [07/03/2014 14:07]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [02/07/2010 20:08]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\ktjmf8o2.default
95812430959AE88CDD0301AB3A71913B	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Etienne\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[]
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[]
kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx[31/01/2014 07:31]
niapdbllcanepiiimjjndipklodoedlc - C:\Users\Etienne\AppData\Local\Temp\YontooLayers.crx[]

Webroot Filtering Extension - Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd
Google Wallet - Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Webroot Filtering Extension - Jacqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd
Google Wallet - Jacqueline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage deleted successfully
C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-393&v=a10781-121&t=4"
"Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7741&r=273606100716l0478z175t5521k552"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3105510953-1787002251-2514171500-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\imeshmusicboxtoolbarhaIE deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etienne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etienne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jacqueline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jacqueline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jacqueline\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jacqueline\Documents\Jacqueline\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Etienne\AppData\Local\Mozilla\Firefox\Profiles\ktjmf8o2.default\Cache emptied successfully
C:\Users\Jacqueline\AppData\Local\Mozilla\Firefox\Profiles\gtj9at78.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Jacqueline\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1574 folders=256 271439158 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Etienne\AppData\Local\Temp will be emptied at reboot
C:\Users\Jacqueline\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Etienne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jacqueline\AppData\Local\Temp\aipflib.log" not found
"C:\Users\Jacqueline\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not found
"C:\Users\Jacqueline\AppData\Local\Temp\LManager.log" not found
"C:\Users\Jacqueline\AppData\Local\Temp\LMworker.log" not found
"C:\Program Files (x86)\Ask.com"  not found
"C:\PROGRA~2\Music Toolbar"  not found
"C:\PROGRA~2\Music Toolbar"  not found
"C:\PROGRA~2\Ask.com"  not found

==== EOF on wo 16/04/2014 at 21:28:12,32 ======================