
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Indro on zo 26/07/2015 at 19:50:12,30.
Microsoft Windows 7 Home Premium  6.1.7600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Indro\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

26/07/2015 19:51:38 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\Users\Indro\AppData\Local\DriverToolkit deleted successfully
C:\Users\Indro\AppData\Local\Google deleted successfully
C:\Users\Indro\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3060433309-2233107251-3949603301-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Program Files (x86)\DriverToolkit deleted
C:\PROGRA~2\Photo-Service deleted
C:\PROGRA~3\Partner deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Public\Desktop\eBay.lnk deleted
"C:\Windows\tasks\DriverToolkit Autorun.job" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-07-23 22:10:37	B8D7EE225189671CE978E420D568AE99	43112	----a-w-	C:\Windows\avastSS.scr
2015-07-23 14:05:49	F06092E53BB679E513EF3A46FF03F0B7	681	----a-w-	C:\Windows\pwnativedev.bak
2015-07-23 11:13:32	26EDAC59EBC4A9C6D4453BE0BB653F62	1616	----a-w-	C:\Windows\PWCMDLST.BAK
====== C:\Users\Indro\AppData\Local\Temp ====
2015-07-23 13:09:41	67EDC5F6B09705DBB8AFCBEC4D52A96A	519680	----a-w-	C:\Users\Indro\AppData\Local\Temp\msupdate71\msvcrt.dll
2015-07-23 12:40:00	E4FECE18310E23B1D8FEE993E35E7A6F	626688	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\msvcr80.dll
2015-07-23 12:40:00	D6537A0FE51C94EA18A8CA1474207D49	1201504	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\libcrypto9.dll
2015-07-23 12:40:00	CAE6861B19A2A7E5D42FEFC4DFDF5CCF	479232	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\msvcm80.dll
2015-07-23 12:40:00	B0F191DC8CD38663A5E7AA320D0D509F	1381728	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\icu38.dll
2015-07-23 12:40:00	ABCC172978AA4648A5EE66DDE11BB9C8	259424	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\libssl9.dll
2015-07-23 12:40:00	7864FB4F06047E3298FAE5C41942D17A	2045280	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\fox.dll
2015-07-23 12:40:00	4C8A880EABC0B4D462CC4B2472116EA1	548864	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\msvcp80.dll
2015-07-23 12:40:00	39CB6AFDE7EDB1FECF592F656F0C5262	6383176	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\TrueImageHDInstallMenu_standard.exe
2015-07-23 12:40:00	38BE8412AD123A9DB953E391A511466C	1525088	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\icudt38.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-07-24 08:37:40	FA4B5940B31853ADE67A73026884C8C9	1130824	----a-w-	C:\Windows\SysWOW64\dfshim.dll
2015-07-24 08:37:40	DFF617498211FBB3D8D3FCC51A37B777	99176	----a-w-	C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-07-24 08:37:40	302964DCAC79D618CC7B72C778DA9FD2	295264	----a-w-	C:\Windows\SysWOW64\PresentationHost.exe
2015-07-24 08:37:40	15515AE1540B4EE2B75DF63FC15129DF	49472	----a-w-	C:\Windows\SysWOW64\netfxperf.dll
2015-07-24 08:37:40	128DD9AF8640DBCC711940903C8B554F	297808	----a-w-	C:\Windows\SysWOW64\mscoree.dll
2015-07-23 09:58:04	20104EA66332D24D7C65BBB087C56737	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-07-23 09:55:07	AFF8F0B3B8830CFC87C9C610108D58E6	3963320	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-23 09:55:07	1F787C654972CF059E0074DBD48747EA	3908024	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-23 09:55:06	8BCE0FBF28C2C6AEE2BB58505D345373	6656	----a-w-	C:\Windows\SysWOW64\apisetschema.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-07-24 12:56:55	3A88F81FDCAB1AF6D2508449A88DFE87	130333168	----a-w-	C:\Windows\Sysnative\MRT.exe
2015-07-24 08:37:40	E60BB0CDC5EA153F6D24C51AAD4A73FD	320352	----a-w-	C:\Windows\Sysnative\PresentationHost.exe
2015-07-24 08:37:40	CF27F49978FB0B47E6DC0B81651F463C	48960	----a-w-	C:\Windows\Sysnative\netfxperf.dll
2015-07-24 08:37:40	C675076B247D97A427014D461CDA0039	109912	----a-w-	C:\Windows\Sysnative\PresentationHostProxy.dll
2015-07-24 08:37:40	767EE8126468D91C5119F25714D78DAF	1942856	----a-w-	C:\Windows\Sysnative\dfshim.dll
2015-07-24 08:37:40	72AB6633E9B39EC7FEBEDF083A9061E5	444752	----a-w-	C:\Windows\Sysnative\mscoree.dll
2015-07-23 22:10:40	C2786FB961963DB8579522F71B50C4DF	378880	----a-w-	C:\Windows\Sysnative\aswBoot.exe
2015-07-23 11:11:13	D619356B955EEFA642F5FF72755E8B3C	12504	------w-	C:\Windows\Sysnative\pwdspio.sys
2015-07-23 11:11:13	C32ECB99AD25E9A04F01C8665DF29EF8	19152	------w-	C:\Windows\Sysnative\pwdrvio.sys
2015-07-23 11:11:13	60A412BD051FF110CD7B23DCD05BAA26	3066880	----a-w-	C:\Windows\Sysnative\pwNative.exe
2015-07-23 11:06:27	DF7C79C1FFFBBE3D4BEC2BA7FF8A8AB1	300704	------w-	C:\Windows\Sysnative\MpSigStub.exe
2015-07-23 09:58:05	F28D6538F76DC6ECFABF6176DBDD2664	142336	----a-w-	C:\Windows\Sysnative\poqexec.exe
2015-07-23 09:55:27	7E035910B46F0A18D17D5E36BDB5E1A3	17856	----a-w-	C:\Windows\Sysnative\CompatTelRunner.exe
2015-07-23 09:55:27	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\Sysnative\aitstatic.exe
2015-07-23 09:55:26	E7D32325D2B5D80D56476E37121AD902	433664	----a-w-	C:\Windows\Sysnative\devinv.dll
2015-07-23 09:55:26	458F0477D4416A333F1CCA06ACF22752	1085440	----a-w-	C:\Windows\Sysnative\appraiser.dll
2015-07-23 09:55:26	3F7CAE5F11D0FA7EC13252D06B533854	765440	----a-w-	C:\Windows\Sysnative\invagent.dll
2015-07-23 09:55:26	362C08D4B03FA42D6CC3437147DC7F0A	726528	----a-w-	C:\Windows\Sysnative\generaltel.dll
2015-07-23 09:55:26	1E4CC4B6E9CCE98EB4CC6F89C6CBCFD2	67584	----a-w-	C:\Windows\Sysnative\acmigration.dll
2015-07-23 09:55:25	E87D4371B24BC9E5BAE95AEA60FFD959	193536	----a-w-	C:\Windows\Sysnative\aepic.dll
2015-07-23 09:55:25	6BA29A063BC4F385524430EF31CB2F2D	1145856	----a-w-	C:\Windows\Sysnative\aeinv.dll
2015-07-23 09:55:22	D0AB9DBA445321E837C9BE704FBC74F1	227328	----a-w-	C:\Windows\Sysnative\aepdu.dll
2015-07-23 09:55:08	684D76120BC1FD90BFCCB64D069C003B	5503416	----a-w-	C:\Windows\Sysnative\ntoskrnl.exe
2015-07-23 09:55:06	FA64733BD65F52712F0545F56FDB4BE6	112640	----a-w-	C:\Windows\Sysnative\smss.exe
2015-07-23 09:55:06	48C41EE4E694E72235CBC57551A239EF	43520	----a-w-	C:\Windows\Sysnative\csrsrv.dll
2015-07-23 09:55:05	6A7A217A6514BE39E78A7BF58C06F712	3195392	----a-w-	C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2015-07-23 22:10:41	82F2525A22A380AA977428490AA849E3	150160	----a-w-	C:\Windows\Sysnative\drivers\aswStm.sys
2015-07-23 22:10:41	531ABFAFAE0AFA2F3E9BBB2C08477ED1	115152	----a-w-	C:\Windows\Sysnative\drivers\ngvss.sys
2015-07-23 22:10:41	25863B5A3AC02DD35063D77C1F1415FF	28656	----a-w-	C:\Windows\Sysnative\drivers\aswHwid.sys
2015-07-23 22:07:44	C384DC3DDF65F3E011DFBDFDB500F89A	93528	----a-w-	C:\Windows\Sysnative\drivers\aswRdr2.sys
2015-07-23 22:07:44	7F5ADFD9CA8EF06D020273B81BFFD731	65224	----a-w-	C:\Windows\Sysnative\drivers\aswRvrt.sys
2015-07-23 22:07:44	441FF83841FEF24969A28B6971C061D5	1048856	----a-w-	C:\Windows\Sysnative\drivers\aswSnx.sys
2015-07-23 22:07:44	2F3F0B08EBF741FE22745BECC794CE34	274808	----a-w-	C:\Windows\Sysnative\drivers\aswVmm.sys
2015-07-23 22:07:44	2894AC8C6159201940C8CD5B33CC5203	90968	----a-w-	C:\Windows\Sysnative\drivers\aswMonFlt.sys
2015-07-23 22:07:44	13E75FA8BF6403DC0F4248C648234D20	447944	----a-w-	C:\Windows\Sysnative\drivers\aswSP.sys
2015-07-23 21:51:17	B8FDEDE963B82CFD23B3A53A3084666D	1041168	----a-w-	C:\Windows\Sysnative\drivers\aswsnx.sys.1437688287665
2015-07-23 21:51:17	998B6692C48CEC0F078C9A26744DC899	426848	----a-w-	C:\Windows\Sysnative\drivers\aswsp.sys.1437688284686
2015-07-23 13:20:38	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-07-23 12:41:29	6ADC063FD51F03EF0CAB3E716A725BD2	971360	----a-w-	C:\Windows\Sysnative\drivers\timntr.sys
2015-07-23 12:41:21	C69A784BEC737CD7460EBF3C3834D65E	141920	----a-w-	C:\Windows\Sysnative\drivers\vsflt53.sys
2015-07-23 12:41:21	96A4F56CBBA3DCF5D90CDA1BC218D040	210016	----a-w-	C:\Windows\Sysnative\drivers\vididr.sys
====== C:\Windows\Tasks ======
2015-07-23 22:09:06	C5941F7C0C3C4C56950EE7B87240C61A	3924	----a-w-	C:\Windows\Sysnative\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-07-24 13:15:03	--------	d-----w-	C:\Program Files\trend micro
2015-07-24 08:39:38	--------	d-----w-	C:\Program Files\Speccy
======= C:\PROGRA~2 =====
2015-07-23 14:12:40	--------	d-----w-	C:\PROGRA~2\MiniTool Partition Wizard Professional Edition 9.0
2015-07-23 09:57:29	--------	d-----w-	C:\PROGRA~2\MiniTool Partition Wizard Free 9.0
======= C: =====
====== C:\Users\Indro\AppData\Roaming ======
2015-07-24 09:24:48	--------	d-s---w-	C:\Users\Indro\AppData\Locallow\Temp
2015-07-23 12:33:53	--------	d-----w-	C:\Users\Indro\AppData\Local\Diagnostics
2015-07-23 11:54:57	--------	d-----w-	C:\Users\Indro\AppData\Local\ElevatedDiagnostics
2015-07-23 11:50:56	--------	d-s---w-	C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2015-07-23 11:45:43	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Corsair
2015-07-23 11:45:41	--------	d-----w-	C:\Users\Indro\AppData\Local\Corsair
2015-07-23 11:45:32	--------	d-----w-	C:\Users\Indro\AppData\Local\Programs
====== C:\Users\Indro ======
2015-07-24 13:16:25	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Indro\Desktop\RSITx64.exe

====== C: exe-files ==
2015-07-24 13:16:25	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Indro\Desktop\RSITx64.exe
2015-07-24 13:15:03	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Indro.exe
2015-07-24 13:14:41	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WEBJNB2\RSITx64[1].exe
2015-07-24 12:56:55	3A88F81FDCAB1AF6D2508449A88DFE87	130333168	----a-w-	C:\Windows\System32\MRT.exe
2015-07-24 10:07:06	704CD4CAC010E8E6D8DE9B778ED17773	301568	----a-w-	C:\Windows\System32\SPReview\spreview.exe
2015-07-24 08:37:40	E60BB0CDC5EA153F6D24C51AAD4A73FD	320352	----a-w-	C:\Windows\System32\PresentationHost.exe
2015-07-24 08:37:40	302964DCAC79D618CC7B72C778DA9FD2	295264	----a-w-	C:\Windows\SysWOW64\PresentationHost.exe
2015-07-24 08:37:38	678AB0E8665345E72D11149A36F965BE	5127432	----a-w-	C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38CXBPZ6\spsetup128[1].exe
2015-07-24 08:37:27	678AB0E8665345E72D11149A36F965BE	5127432	----a-w-	C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NF4ZVFFB\spsetup128[1].exe
2015-07-23 22:10:40	C2786FB961963DB8579522F71B50C4DF	378880	----a-w-	C:\Windows\System32\aswBoot.exe
2015-07-23 13:04:55	ADE449592745B54724FA70EC488B99FD	2449376	----a-w-	C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38CXBPZ6\DriverToolkitInstaller[1].exe
2015-07-23 12:40:00	39CB6AFDE7EDB1FECF592F656F0C5262	6383176	----a-w-	C:\Users\Indro\AppData\Local\Temp\9A5AA5E1B8E8438D9CE9F65EA9375139\TrueImageHDInstallMenu_standard.exe
2015-07-23 11:11:13	60A412BD051FF110CD7B23DCD05BAA26	3066880	----a-w-	C:\Windows\System32\pwNative.exe
2015-07-23 11:06:45	6DFDD5C65BF5EC8B9C4FFCDFF90F8539	31973976	----a-w-	C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFTZZC16\pwfree9[1].exe
2015-07-23 11:06:27	DF7C79C1FFFBBE3D4BEC2BA7FF8A8AB1	300704	------w-	C:\Windows\System32\MpSigStub.exe
2015-07-23 09:58:05	F28D6538F76DC6ECFABF6176DBDD2664	142336	----a-w-	C:\Windows\System32\poqexec.exe
2015-07-23 09:58:04	20104EA66332D24D7C65BBB087C56737	123904	----a-w-	C:\Windows\SysWOW64\poqexec.exe
2015-07-23 09:55:27	7E035910B46F0A18D17D5E36BDB5E1A3	17856	----a-w-	C:\Windows\System32\CompatTelRunner.exe
2015-07-23 09:55:27	7150E809474BBD4D4AD24B13FA2454E5	1239720	----a-w-	C:\Windows\System32\aitstatic.exe
2015-07-23 09:55:26	17D815AD21D4325CD589E57A9582E311	70840	----a-w-	C:\Windows\System32\CompatTel\diagtrackrunner.exe
2015-07-23 09:55:23	8D06AAF1723B514C412187C5B8B67EEF	46752	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
2015-07-23 09:55:22	4AC38FC4C6894B21698A99B9129B1EA4	161952	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2015-07-23 09:55:08	684D76120BC1FD90BFCCB64D069C003B	5503416	----a-w-	C:\Windows\System32\ntoskrnl.exe
2015-07-23 09:55:07	AFF8F0B3B8830CFC87C9C610108D58E6	3963320	----a-w-	C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-23 09:55:07	1F787C654972CF059E0074DBD48747EA	3908024	----a-w-	C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-23 09:55:06	FA64733BD65F52712F0545F56FDB4BE6	112640	----a-w-	C:\Windows\System32\smss.exe
=== C: other files ==
2015-07-24 10:03:00	52D325FD9477594D3C4B6A837DC74324	296496	----a-w-	C:\Windows\System32\vbox\VBoxSF.sys
2015-07-24 10:02:59	EDC6E9C057C9D7F83EEA22B4CEF5DCAD	145792	----a-w-	C:\Windows\System32\vbox\E1G6032E.sys
2015-07-24 10:02:51	6787699916CADE3B268C8B29E166ABF6	374216	----a-w-	C:\Windows\System32\vbox\VBoxVideoW8.sys
2015-07-24 10:02:50	4AD0D6EDCC6B49D49054C24BDF5D4A56	370120	----a-w-	C:\Windows\System32\vbox\VBoxVideoWddm.sys
2015-07-24 10:02:48	8DA9636AFA869C9A6C7A5560FB0F7D21	148688	----a-w-	C:\Windows\System32\vbox\VBoxVideo.sys
2015-07-24 10:02:47	7FACF8E7803836BB9223308927C89BF8	123432	----a-w-	C:\Windows\System32\vbox\VBoxMouse.sys
2015-07-24 10:02:46	2F5D0A6760286C5935C8C2E9D730FBB1	164096	----a-w-	C:\Windows\System32\vbox\VBoxGuest.sys
2015-07-23 22:10:41	82F2525A22A380AA977428490AA849E3	150160	----a-w-	C:\Windows\System32\drivers\aswStm.sys
2015-07-23 22:10:41	531ABFAFAE0AFA2F3E9BBB2C08477ED1	115152	----a-w-	C:\Windows\System32\drivers\ngvss.sys
2015-07-23 22:10:41	25863B5A3AC02DD35063D77C1F1415FF	28656	----a-w-	C:\Windows\System32\drivers\aswHwid.sys
2015-07-23 22:07:44	C384DC3DDF65F3E011DFBDFDB500F89A	93528	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2015-07-23 22:07:44	7F5ADFD9CA8EF06D020273B81BFFD731	65224	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
2015-07-23 22:07:44	441FF83841FEF24969A28B6971C061D5	1048856	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2015-07-23 22:07:44	2F3F0B08EBF741FE22745BECC794CE34	274808	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2015-07-23 22:07:44	2894AC8C6159201940C8CD5B33CC5203	90968	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2015-07-23 22:07:44	13E75FA8BF6403DC0F4248C648234D20	447944	----a-w-	C:\Windows\System32\drivers\aswSP.sys
2015-07-23 12:41:29	6ADC063FD51F03EF0CAB3E716A725BD2	971360	----a-w-	C:\Windows\System32\drivers\timntr.sys
2015-07-23 12:41:21	C69A784BEC737CD7460EBF3C3834D65E	141920	----a-w-	C:\Windows\System32\drivers\vsflt53.sys
2015-07-23 12:41:21	96A4F56CBBA3DCF5D90CDA1BC218D040	210016	----a-w-	C:\Windows\System32\drivers\vididr.sys
2015-07-23 11:11:13	D619356B955EEFA642F5FF72755E8B3C	12504	------w-	C:\Windows\System32\pwdspio.sys
2015-07-23 11:11:13	C32ECB99AD25E9A04F01C8665DF29EF8	19152	------w-	C:\Windows\System32\pwdrvio.sys
2015-07-23 09:55:23	7EBB5DAD11B1D0B12317A191C8325991	21128	----a-w-	C:\Windows\System32\appraiser\nxquery.sys
2015-07-23 09:55:05	6A7A217A6514BE39E78A7BF58C06F712	3195392	----a-w-	C:\Windows\System32\win32k.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3060433309-2233107251-3949603301-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL"
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP"
"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe"
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe "
"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

==== Startup Folders ======================

2010-03-08 07:26:22	1258	----a-w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2010-03-08 07:26:22	1258	----a-w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F88C8151-FE5E-45F3-817D-D9C8159D7DA8}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [24/07/2015 00:10]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24/07/2015 00:10]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"
{A43EC2DF-CB18-4766-BF24-22D24B649278} Amazon  Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"
{C25C9978-FF5B-4C6E-B14D-8B39E39C4CDB} eBay  Url="http://rover.ebay.com/rover/1/1346-71494-26233-7/4?satitle={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3060433309-2233107251-3949603301-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHM792ET will be deleted at reboot
C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=873 folders=37 26840068 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Indro\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Indro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Indro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHM792ET" deleted

==== EOF on zo 26/07/2015 at 20:09:51,56 ======================