Zoek.exe v5.0.0.0 Updated 29-11-2014 Tool run by Andy on ma 01/12/2014 at 15:37:06,93. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Andy\Downloads\SOFTWARE\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 1/12/2014 15:38:30 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\CanonIJPLM deleted successfully C:\PROGRA~2\Freemake deleted successfully C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully C:\Users\Andy\AppData\Roaming\Opera Software deleted successfully C:\Users\Andy\AppData\Local\CrashDumps deleted successfully C:\Users\Andy\AppData\Local\Opera Software deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0935b446-4882-4c51-bedb-261a5228ef05} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12364d94-10de-4384-82aa-bc5b44579f2a} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{187D698A-613E-40EE-B37F-E8E279662CF8} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{198eab3a-d53f-4922-b0df-04004b1814ad} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A909732-E04A-4D76-AF28-F697F34F7A63} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21640458-6A94-40DA-BDB2-33394E48CB5} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{251336A0-9A0C-4716-9779-47D8EAD16350} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28B3B5B0-AB26-4AC4-BF48-C43DD04791CE} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BD25675-4431-4548-96E1-90F6A9DCC39E} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c20c6e4-22a5-488a-b59d-3a5f2fc02596} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35075513-AD07-48AD-ACBC-B519CBF24D7} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D136503-6622-4F9C-AC73-226CB74081EE} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E08DB9E-265-4FAD-958-82302A7981A} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FD6E9CC-7E4F-4C14-AC8C-7868F7209C85} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4557C02D-F268-4560-83A-16668EA42731} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47799675-2B98-488F-B151-1B4B817D2F5} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48305012-39B2-4A7A-B12F-9A6BB1977052} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CADC249-EE9B-44AE-92AA-38CA1EABA25E} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CDA3412-C3D9-4AA4-A0C5-29CA8AA37BD0} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ce37fbc-a62e-4c3c-9d40-06cbeaf8ba2c} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52A75E35-1615-4CAB-B8F-641973E014C8} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{572E31AF-9CC3-4E28-AFE5-BB24DBA996} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bba550f-1513-439f-92f0-77ea19cbcca2} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D0D7FA-70F7-4BB6-BE2A-8F9E3A0632A} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{610C502D-EB0A-487F-9373-797884B833B0} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6269B2AA-50C3-4171-A4CF-339D7A4519} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65D7AB71-AD8D-4517-87F5-1D1CA14DFA7} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BE2924F-3060-4CD1-89FB-3DB5124CEA1D} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72a75f90-5c9d-4c8c-bc5f-fb1325d7c8c6} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7558B0A2-5D3C-4EDF-BE8C-4F49598FEB} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77751611-EFCE-4045-B6C2-445F5CC6586} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EEAB355-6D3F-4925-A2B8-CB32461CA989} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{825CDEAD-E6F8-4ED3-AA28-E8C08B294C5A} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CDA817-A776-4C99-9DD2-51D77705BDB} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84AA0A8-F0B3-47F5-9CB8-D7684CDB7818} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D7C9FDB-D6B7-4560-9599-661EF539201C} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DEC4127-EF56-4683-A15A-4C1CDFBE55F} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F582429-C0D-42B2-BF6A-45E36DA61EC} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{937c3af2-db46-4bbb-b36f-de23cbd024a6} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94f6c9fe-64ea-4b66-a625-afd2396bac14} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{966DBF11-FF72-4293-944-827CCEA1AB70} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0CC7166-E640-44B3-A1C0-16FE7929B3B7} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A29554ED-FCAB-446D-BC8B-95DED1C18069} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4DAD4C7-DE01-46CD-AE3E-9C245D95B98} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A504BC20-597D-49FA-ABB-8D8F5977AD8} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A882E23E-16F4-4E05-BF9F-3DFCE91ABF3D} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC652CA0-B26B-4523-833A-8710DBFCAF} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3981DB-E279-40DF-90B8-6DFCF4EAD66} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3E82B20-34F5-4FD5-9E11-DC51A34C824} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4507EBD-F211-49FA-B0A5-BFD74EBA75C2} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9929889-E47-427D-98C4-AA2DF258EC40} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD146EB-49EA-411D-B37C-3C126DC4AD66} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB833AF2-7F6D-45CF-8DED-DDB35A24351C} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEF89903-A04B-4A6B-B98E-3D613ED081} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bff2f760-1845-4fdd-bc84-dca8c3e9f21f} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1C59D59-D98D-4631-8791-20E592E93B38} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8C7F72B-E6DA-46E5-982C-B3DE571BDE15} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE399F40-D675-4C40-A964-A842BB69D8B} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D06D46B2-D1F9-43A0-9CA0-E2F9A091209B} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2BFBE12-FDF9-487F-ADE0-8FC32F39167A} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3EAD3FF-8C23-43E0-8E6B-96208BB94E64} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5774383-567a-48ce-b5fd-12ee885feacb} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6A1757A-6216-4D76-95B5-9B6C399E361F} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6F8C1F-87B6-45CD-ACAC-A61248A4D571} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D87922A1-7C0-4665-A3C-70CE2AEC5E29} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB499332-7E43-4079-AA36-2084533EC63} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1DF3791-12EE-4995-847A-C22D6D9ED9E9} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3F383FB-4D0D-4238-9965-E694548B5F6D} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E45E12CB-5D96-4329-9438-84C1B6FBF60} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECAFE50-796-4295-AE1B-BC2AA144EF6} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4047B1-A32A-4E02-9BF1-1CA429B6CB61} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC59C88E-4B27-48E7-BCBA-82C362EE66B4} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF08B04A-85ED-4BD4-A429-6A7A3D3722C8} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF1DCBCF-F59C-4004-A367-8B6EC0439EFA} deleted successfully HKEY_USERS\S-1-5-21-2617327523-635814507-1453495265-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF5DBB-9B95-401E-AA12-57F208C4597} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0935b446-4882-4c51-bedb-261a5228ef05} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12364d94-10de-4384-82aa-bc5b44579f2a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{198eab3a-d53f-4922-b0df-04004b1814ad} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2c20c6e4-22a5-488a-b59d-3a5f2fc02596} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ce37fbc-a62e-4c3c-9d40-06cbeaf8ba2c} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bba550f-1513-439f-92f0-77ea19cbcca2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72a75f90-5c9d-4c8c-bc5f-fb1325d7c8c6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{937c3af2-db46-4bbb-b36f-de23cbd024a6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94f6c9fe-64ea-4b66-a625-afd2396bac14} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bff2f760-1845-4fdd-bc84-dca8c3e9f21f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d5774383-567a-48ce-b5fd-12ee885feacb} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tuhlbom deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tuhlbom deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.37.0.1418 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPDRIVER_1.37.0.1418 deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files\ShopperPro not found C:\PROGRA~2\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found "C:\Users\Andy\AppData\Roaming\RIA.exe" not found "C:\Users\Andy\AppData\Roaming\TPORYVRW.exe" not found "C:\Windows\System32\drivers\bohofa.sys" not found C:\Program Files\Wise deleted C:\ProgramData\kingpkaddkmhedkpaalcmedfljocdeak deleted C:\Users\Andy\AppData\Roaming\Wise Registry Cleaner deleted C:\Users\Andy\.android deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\extensions.sqlite deleted C:\extensions.ini deleted C:\Users\Andy\AppData\Roaming\MAGIX deleted C:\Users\Andy\AppData\Roaming\dlg deleted C:\Users\Andy\AppData\Roaming\burnaware.ini deleted C:\PROGRA~2\spds90.txt deleted C:\PROGRA~2\MAGIX deleted C:\Users\Andy\AppData\Local\Installer deleted C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\tasks\EYPKLTH.job deleted C:\Windows\system32\tasks\EYPKLTH deleted C:\Windows\tasks\LG.job deleted C:\Windows\system32\tasks\LG deleted C:\Windows\wininit.ini deleted C:\Windows\system32\Tasks\YTAUpdate deleted C:\Windows\system32\tasks\Wise Registry Cleaner Schedule Task deleted C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\AniGIF.ocx deleted C:\Users\Andy\AppData\Roaming\EYPKLTH.exe deleted C:\Users\Andy\AppData\Roaming\LG.exe deleted "C:\Windows\tasks\RIA.job" deleted "C:\Windows\tasks\TPORYVRW.job" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-17 18:10:24 9E1C9A4AAC4D77351A0B45783F3BBF2C 20 --sha-w- C:\Windows\Win7745.Settings Collection 2014-11-11 12:53:39 682AE0FFA6A865A8D137C43139BB4BCD 1905 ----a-w- C:\Windows\diagwrn.xml 2014-11-11 12:53:39 682AE0FFA6A865A8D137C43139BB4BCD 1905 ----a-w- C:\Windows\diagerr.xml ====== C:\Users\Andy\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-11-23 19:12:13 40F3E0FE9E9FAD5943DEA83F6410517D 13594 ----a-w- C:\Windows\System32\BroomData.bit 2014-11-19 04:45:42 98B3C919C6B9C5F810FF2CAFA339822B 186880 ----a-w- C:\Windows\System32\pku2u.dll 2014-11-19 04:45:42 3373A35D31AF6BD85FD831AF99253828 690688 ----a-w- C:\Windows\System32\adtschema.dll 2014-11-19 04:45:42 1DB51E3046B6BF2C6ED1A397B69C3B24 551424 ----a-w- C:\Windows\System32\kerberos.dll 2014-11-18 20:56:31 CB4CC3D4EA7C94A35F1D81C3D750BC8D 626688 ----a-w- C:\Windows\System32\vp7vfw.dll 2014-11-18 20:56:31 6D22E6E5F03CDA4EEBED1E68CCAA1695 1184984 ----a-w- C:\Windows\System32\wvc1dmod.dll ====== C:\Windows\system32\drivers ===== 2014-12-01 10:25:43 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-01 10:24:58 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-12-01 10:24:58 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-01 10:24:58 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-11-29 16:33:42 01CE484FF6D70A39479BC6D619DE7ED6 19984 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2014-11-12 05:16:27 7B7B6B779F08A2C36A978F409054C1A9 136632 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2014-11-22 16:05:40 535F02AD89A6852F051EEF70C3A1417E 3314 ----a-w- C:\Windows\system32\Tasks\{DB9552B4-BDA4-4BEF-962F-9D3DC1621F19} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-01 13:44:39 -------- d-----w- C:\Program Files\trend micro 2014-11-29 16:33:20 -------- d-----w- C:\Program Files\Enigma Software Group 2014-11-22 14:54:40 -------- d-----w- C:\Program Files\All in One Converter 2014-11-18 20:56:20 -------- d-----w- C:\Program Files\VSO 2014-11-17 18:10:11 -------- d-----w- C:\Program Files\PowerTools Lite 2013 ======= C: ===== ====== C:\Users\Andy\AppData\Roaming ====== 2014-11-28 20:57:35 -------- d-----w- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-11-23 19:31:38 FDB7B09D458E9265F4E01A6124F340B9 60968 ----a-w- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-22 12:37:03 -------- d-sh--w- C:\Users\Andy\AppData\Local\EmieBrowserModeList 2014-11-22 12:36:48 -------- d-sh--w- C:\Users\Andy\AppData\Locallow\EmieBrowserModeList 2014-11-18 20:56:42 92D731932167FFF6C4D682310EFE4FD3 7887 ----a-w- C:\Users\Andy\AppData\Roaming\pcouffin.cat 2014-11-18 20:56:42 8E688E3230764E28D765FD8688B16E9D 1144 ----a-w- C:\Users\Andy\AppData\Roaming\pcouffin.inf 2014-11-18 20:56:42 5B6C11DE7E839C05248CED8825470FEF 47360 ----a-w- C:\Users\Andy\AppData\Roaming\pcouffin.sys 2014-11-18 20:56:42 254FBCA565E049648B0CCE2CEADF05D2 87608 ----a-w- C:\Users\Andy\AppData\Roaming\inst.exe 2014-11-18 20:56:41 -------- d-----w- C:\Users\Andy\AppData\Roaming\Vso 2014-11-17 18:10:24 9E1C9A4AAC4D77351A0B45783F3BBF2C 20 --sha-w- C:\Users\Andy\AppData\Roaming\App4870.ConfCollection.bin 2014-11-17 18:10:18 -------- d-----w- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerTools Lite 2013 2014-11-02 19:00:15 -------- d-----r- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices ====== C:\Users\Andy ====== 2014-11-28 20:57:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-11-22 14:42:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid 2014-11-22 09:10:25 -------- d-----w- C:\ProgramData\vsosdk 2014-11-18 20:56:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-11-18 20:56:20 -------- d-----w- C:\ProgramData\VSO 2014-11-17 18:04:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner ====== C: exe-files == 2014-12-01 13:44:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Andy.exe 2014-12-01 13:44:17 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Andy\Downloads\SOFTWARE\RSIT.exe 2014-12-01 10:23:16 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Andy\Downloads\SOFTWARE\mbam-setup-2.0.3.1025.exe 2014-12-01 09:46:28 CBDDB6C4BCD895F8879FD6AC588007A0 2154496 ----a-w- C:\Users\Andy\Desktop\Safety\adwcleaner_4.103.exe 2014-11-30 20:27:38 F8707F3F7A39D91D44DDED4BB4289E31 1137152 ----a-w- C:\Users\Andy\Desktop\Safety\testdisk-6.13.win\testdisk-6.13\testdisk_win.exe 2014-11-30 20:27:38 E628A6A950FE41B6960E69A0AA9A6835 1197056 ----a-w- C:\Users\Andy\Desktop\Safety\testdisk-6.13.win\testdisk-6.13\photorec_win.exe 2014-11-30 20:27:38 DD3558E773E7C0ED945F5C16E3148E1B 142336 ----a-w- C:\Users\Andy\Desktop\Safety\testdisk-6.13.win\testdisk-6.13\fidentify_win.exe 2014-11-30 18:03:36 B17740F4B2626BB6F10B1A05795B59E7 1395696 ----a-w- C:\Users\Andy\Documents\Skyliners afbeeldingen\Skyliners\Lisen2myRadio INFO\sc_serv2_win32_11_29_2013.exe 2014-11-30 13:10:23 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Andy\Downloads\SOFTWARE\TFC.exe 2014-11-29 16:39:21 602C842C9B9063DB76B09E1F8FFE25EA 1678013 ----a-w- C:\Users\Andy\Downloads\SOFTWARE\pc-decrapifier-2.3.1.exe 2014-11-29 16:33:58 A09B87198FFB8075358AB1466E5C7E29 14232 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\native.exe 2014-11-29 16:33:32 A6073B7978493CCD2D95AB1C5DDF2829 6463360 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 2014-11-29 16:33:30 E2219B37718E36357F2CEBFB6133896D 770944 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe 2014-11-28 20:57:31 FD1EFFD45BD615A741227F84FD1AE915 396800 ----a-w- C:\Program Files\WinRAR\Rar.exe 2014-11-28 20:57:31 C464CE70A57DA04861A29015814E0DD1 1093120 ----a-w- C:\Program Files\WinRAR\WinRAR.exe 2014-11-28 20:57:31 597CDCAD46EFBB2DE5EF7733516D1321 260096 ----a-w- C:\Program Files\WinRAR\UnRAR.exe 2014-11-28 20:57:31 07FB6FBAA38521C859C6E2C9D3508560 121856 ----a-w- C:\Program Files\WinRAR\Uninstall.exe 2014-11-28 20:56:36 18198F0D8D195BFE22EDBDC78AE3C227 1573972 ----a-r- C:\Users\Andy\Downloads\TORRENTS\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}\winrar-64Bit-400.exe 2014-11-28 20:56:33 3F4F856C6684DC8A1A4AD94055767689 1448614 ----a-r- C:\Users\Andy\Downloads\TORRENTS\WinRAR 4.00 32Bit And 64Bit Full-Version {blaze69}\winrar-32Bit-400.exe 2014-11-24 19:24:52 5A848E27E532C6A7A3C965D21EBEBD00 10975264 ----a-w- C:\Windows\System32\DriverStore\FileRepository\alcxau.inf_x86_neutral_43f2bfb06ea7fb7e\RTLCPL.EXE 2014-11-24 19:24:51 B70BCC55743C5A5BD7C7C6D6A02BB6F9 604704 ----a-w- C:\Windows\System32\DriverStore\FileRepository\alcxau.inf_x86_neutral_43f2bfb06ea7fb7e\SOUNDMAN.EXE 2014-11-24 19:24:48 4B3233D74CD69091244E6B78B2BE3630 223776 ----a-w- C:\Windows\System32\DriverStore\FileRepository\alcxau.inf_x86_neutral_43f2bfb06ea7fb7e\Alcrmv.exe === C: other files == 2014-12-01 10:25:43 8E2E9CCD873ABF180F48BCAEEEBE347D 114904 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-01 10:24:58 E89B115E1DD297DCB694B22CFA90BF61 75480 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-12-01 10:24:58 D2DED3C333A5D9CB3F4C244B0F0DD877 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-01 10:24:58 7A6526C8BD114DB7CA8930AB22D52A0B 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-11-30 20:27:18 D0918A71E0199967F6F2133D5422FE54 3432173 ----a-w- C:\Users\Andy\Downloads\SOFTWARE\testdisk-6.13.win.zip 2014-11-30 17:54:46 CACFFB671A6DFC2FBA3D5DE86511D4DB 3704310 ----a-w- C:\Users\Andy\Pictures\QUINTEN\Fotos tovenaarskamp.zip 2014-11-30 17:54:46 3D95669E580300D2C7ACC2F302924C86 3453424 ----a-w- C:\Users\Andy\Pictures\QUINTEN\Foto's baskettornooi 2 maart '14.zip 2014-11-30 17:54:46 123897687EBC6C6B47463E3609CB2886 1372109 ----a-w- C:\Users\Andy\Pictures\QUINTEN\Rapport dagelijks werk mei 2014.zip 2014-11-29 16:33:58 A6073B7978493CCD2D95AB1C5DDF2829 6463360 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com 2014-11-29 16:33:46 9264DD96883E5769EE79CB43E712BE9E 16432 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2014-11-29 16:33:42 01CE484FF6D70A39479BC6D619DE7ED6 19984 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2014-11-29 16:33:42 01CE484FF6D70A39479BC6D619DE7ED6 19984 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys 2014-11-24 19:24:51 7997B6F02CBDA0E31FA18CC85871B938 4172832 ----a-w- C:\Windows\System32\DriverStore\FileRepository\alcxau.inf_x86_neutral_43f2bfb06ea7fb7e\RTKVAC.SYS ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonQuickMenu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonQuickMenu" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\Quick Menu\\CNQMMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SoundMan" "hkey"="HKLM" "command"="SOUNDMAN.EXE" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "AthBtTray"="\"C:\\Program Files\\Bluetooth Suite\\AthBtTray.exe\"" "AtherosBtStack"="\"C:\\Program Files\\Bluetooth Suite\\BtvStack.exe\"" "SDTray"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:@C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03/08/2014 21:38] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Adobe online update program" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Java Update Scheduler" [C:\Program Files\Common Files\Java\Java Update\jusched.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{B0BCE073-D776-4CDA-8272-1453CE674056}" [C:\Windows\system32\msfeedssync.exe] ==== Chromium Look ====================== AdBlock - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.google.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {D7AC0F2A-CCCD-4883-803C-E0B75F034292} Google Url="https://www.google.com/search?q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully ==== Empty IE Cache ====================== C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=284 folders=54 38074591 bytes) ==== Empty Temp Folders ====================== C:\Users\Andy\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Andy\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 01/12/2014 at 16:23:52,21 ======================