
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by nasiga on do 22-09-2016 at 20:25:13,97.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\nas\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

22-9-2016 20:31:28 Zoek.exe System Restore Point Created Successfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\bouga_000\AppData\Roaming\Apple Computer deleted successfully
C:\Users\nas\AppData\Roaming\hpqlog deleted successfully
C:\Users\nas\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\nas\AppData\Roaming\{F7578F75-8430-4A90-982A-AEBEBDEDC517} deleted successfully
C:\Users\bouga_000\AppData\Local\VirtualStore deleted successfully
C:\Users\bouga_000\AppData\Local\WebShield deleted successfully
C:\Users\nas\AppData\Local\Adobe deleted successfully
C:\Users\nas\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\nas\AppData\Local\EmieSiteList deleted successfully
C:\Users\nas\AppData\Local\EmieUserList deleted successfully
C:\Users\nas\AppData\Local\Windows Live Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F020A2A7-F0DD-4983-B271-CB8774D8EABB} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{005D4F54-BF1F-4A6D-AC51-C71AE5E81B4E} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01091E60-ED64-478F-8B25-9AEA1F7C5A2A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E767827-E143-42E6-BB1B-5753722EB97F} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EB758B0-3019-4817-88C2-1F4F04793B05} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F5BC90E-761B-4CBC-9F16-C6F287223D65} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{144B9E75-E126-423D-B0F9-F49671D229B4} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14D136E5-5B5C-427D-AEFB-4470A469E821} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1773A92D-E119-41BB-91B5-11FCDA1B4A16} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B748322-74CA-4994-8E0C-931A73AD1543} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C84E387-0283-4ADE-900D-926DACAE4F65} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{205051E5-1CEE-4F91-BAB-C06FF6166568} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2260485A-4414-4D20-8E8E-4D4893BE57EC} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24F2FAB4-B522-453D-8A5E-16607341733E} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{273F8310-63CC-4F38-8F30-8FEA429F6B0} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C1432C-9303-4AE1-BA34-9653E43BF510} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31C0A42B-9D7D-40B0-B7F7-F35084317EFB} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31C9D3A-32B7-4244-A97C-5186F7EE2B} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33611243-9140-47A5-A285-894037F8EAFE} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{340EC333-F578-4898-A039-4E9E6039EF16} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34E420FF-D3A6-4B7D-8DC2-16FF94F6DDAF} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{383A7F28-EF7-4006-9C56-8B8465A435F0} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AB6B405-C5DD-43DF-9A96-D9B8642C42CD} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DE05A84-44B9-4A5E-8520-D614C3DBD6C0} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F8489AE-5A7C-4855-A140-31DF38755DDF} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{404F3E32-407F-4692-8876-AF525AAB1D1D} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40F62986-2CD2-4770-8C3C-A5F555F22208} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4654E03D-E365-48D5-973B-D6C2D284819C} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49939A7E-DA6E-4442-9E93-97D49703F63A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D4A0C53-4A95-4F86-8D89-C5469F1564A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53DC9515-1E01-4627-8C1C-403ACF7D2FF0} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5542176F-08C5-452C-9F76-2EE590F99C78} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55A950CA-28C1-4875-82E2-0E8E523C9F2D} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{573FA39E-840F-4A32-AE20-765519D71FBA} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5815449D-D42D-422A-A06B-F3EA02C280A9} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A546720-D510-4062-955A-7959DFBFB6F} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AD30D15-5D4B-47C0-BC1B-034054B763EC} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5BCCB1C6-DA25-48CF-887E-5A48079DE346} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C68283B-2A15-49AE-AC2C-AB65B1629055} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61BDE08A-1D63-4CBA-B3A9-472396D91F0B} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6852633C-F621-4A3B-AE17-7028E05968E5} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68CC593C-01A7-456E-9D30-972B95982B15} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69977E31-2829-4B8E-A9EA-8848D3121E47} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CCDBA96-5246-4570-97C0-A12C90C7C108} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{725A6FFD-AAC-433F-BFB4-E14468C9A3FD} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{738C6FF6-E082-410A-ACAA-E983E7CB65D5} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74AA88E3-7291-40BF-91E-F4CB93F775E} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{753F678A-46EE-4F8B-9A34-2E2F81AD8F65} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B790DAE-CD88-463D-BAA4-28CBB73805B8} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E517C0A-73F6-4FB5-8EFF-EC1B8CE55887} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80522EF5-F346-4A78-8A60-310BB9AA630A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81866B8F-2B45-4CC3-97F-55424F928854} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{847CFAAE-24C7-4D05-943B-D56B2DA14FFD} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8591D07B-EA8B-4478-A3A0-425510508331} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97D2ECDF-D042-4D67-8936-BE628B6C743} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AE496B5-B838-4956-B44D-6BC2E638CBB6} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B57C55E-F961-4B4F-8117-9D4473A68805} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3274345-0CA0-4D45-94A6-C26C9F0B2613} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A63F927F-B884-47FE-97D0-A9FF5E79EBF2} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A98C750A-C5F1-4D64-8526-FFFEF235FA19} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9F1D50C-4084-450C-B2F4-46EDA2FE2F8B} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD5980A5-7EAF-49C8-82E8-621FE32CA4C6} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B54ACCF0-ABBB-4B16-A220-1E873C33F3A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC3D3A45-F991-40D3-9A8C-E473B7412FC} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE98B108-3ADC-436E-8253-D70451475106} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFF1D9A-D41F-4CBD-ABEB-4646B4FA3E27} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C41326BE-C665-42A9-8CF8-AD7406F2B48A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C66705A9-95F5-4F6D-BC9E-BAF5F868BEE7} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9909A44-F50C-402A-9D2D-8A75F4ECDD7B} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9EE2A48-D1B6-4246-A61A-DD76E074F26A} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD496825-2FCC-4ED9-9999-38C252FA4D05} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D286986D-6FB2-4B7A-98D3-0787CBC07CE9} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3375BC1-FFB5-49FC-AC43-DF08B26EA4DD} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D61243E0-D57E-464C-996F-914EAA0582A5} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB600842-1681-4A3E-A361-E053CD819B95} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBEC604C-E5DF-47FF-9AA0-1E8563F2E9} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4AEBF5F-F9FA-4D29-9687-DCF5D8671FB8} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4E83FC3-D1CB-4776-A66B-D1812DC01820} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A28EB1-BACA-4C04-BC8A-8FAE8A02EDCF} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6643127-7435-4181-9A3C-62E6A1BDEDC} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E855F73C-5412-44AC-BC82-69FE8209D440} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8815A6-748C-44E5-AE28-1F8B3BD3C5} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB113938-08C1-415E-BE1D-68CC8BB53AF3} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC77DFE2-FFFE-4BE6-9129-382018B87851} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0ADD52D-4819-4D0C-B729-ACF21770581D} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1A79E44-EB49-464B-B787-4CC619AE830} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3DA27A6-D0DC-449D-AC53-7CEDE2B3E86} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3F369B6-188D-408A-8598-390A22F9C232} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4469B34-C746-477A-A2F6-29D31CBDF87F} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4BBAE37-6AE1-4A79-873B-2186474A8E0C} deleted successfully
HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDC3019B-D30A-43AE-9040-14462660AB42} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F020A2A7-F0DD-4983-B271-CB8774D8EABB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F020A2A7-F0DD-4983-B271-CB8774D8EABB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{93a3111f-4f74-4ed8-895e-d9708497629e} deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
C:\Users\nas\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~3\sUTjCLPQ deleted
C:\windows\SysNative\Tasks\Slamloog deleted
C:\PROGRA~2\Connected Music powered by Universal Music Group deleted
C:\Users\nas\AppData\Roaming\Edge.ico deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Edge.ico deleted
C:\PROGRA~3\CyberlinkOutput.txt deleted
C:\PROGRA~3\Radio deleted
C:\PROGRA~3\Browser deleted
C:\PROGRA~3\{BE4DD016-EE56-4AC8-9832-69281423A3D4} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\bouga_000\AppData\Local\speed browser deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\nas\Downloads\downloadmanager_1ded34c3-0bdd-49ca-a44c-16daa23b0266.tmp deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\nas\Desktop\Blackberry video\videos\iLividSetupV1.exe deleted
"C:\Windows\Installer\1107143e.msi" deleted
"C:\windows\Installer\15691.msi" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3555 MB
CPU Info: AMD A4-4300M APU with Radeon(tm) HD Graphics
CPU Speed: 2535,2 MHz
Sound Card: Luidsprekers en hoofdtelefoons  | 
Display Adapters: AMD Radeon HD 7420G | AMD Radeon HD 7420G | AMD Radeon HD 7420G | AMD Radeon HD 7420G
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe FE Family-controller | Qualcomm Atheros AR9485 802.11b|g|n WiFi-adapter
CD / DVD Drives: 1x (E: | ) E: hp      DVD A  DS8A9SH
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  448,3GB | D:  16,3GB
Hard Disks - Free: C:  318,3GB | D:  2,1GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Hewlett-Packard 184B
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
Default Browser: Firefox	49.0
Internet Explorer Version: 11.0.9600.18283 
Mozilla Firefox version: 49.0 (x86 nl)
Google Chrome version: 53.0.2785.116
Sun Java version: 1.8.0_101 (32-bit) 
Sun Java version: 1.8.0_101 (64-bit) 
Flash Player version: 23.0.0.162
Shockwave Player version: 11.6.5r635

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\nas\AppData\Local\Temp ====
2016-09-15 00:00:10	B0924D83128E730F278B4B05316FF89A	772672	----a-w-	C:\Users\nas\AppData\Local\Temp\sqlite3.dll
2016-09-15 00:00:10	1F5F004AA46F9B9B18952792B46BB7B1	2458672	----a-w-	C:\Users\nas\AppData\Local\Temp\libeay32.dll
2016-09-15 00:00:10	034CCADC1C073E4216E9466B720F9849	970912	----a-w-	C:\Users\nas\AppData\Local\Temp\msvcr120.dll
====== Java Cache =====
2016-09-07 13:22:22	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\bouga_000\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-540702bd
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2016-09-15 15:42:03	78488AF2AB2111D67B3C4044707A519B	192216	----a-w-	C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2016-09-15 15:40:53	898415AC0B5F1D2A9A48ABCB68A6DC4B	65408	----a-w-	C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-09-15 15:40:53	78BFF5425E044086E74E78650A359FBB	27008	----a-w-	C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-09-15 15:40:53	1239597BAB7EED2BB16D035AF87E65D9	140672	----a-w-	C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
====== C:\WINDOWS\Tasks ======
2016-09-21 18:38:21	3E5BD56FC0171D160A60E3A04EF385A6	3600	----a-w-	C:\WINDOWS\Sysnative\Tasks\AVG EUpdate Task
2016-09-07 13:37:46	229B507273DE2104917FCBC91129F654	4042	----a-w-	C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2016-09-07 13:37:45	D1894969B177E552BACA51ECC539BDB2	1070	----a-w-	C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 13:37:44	F64F2CFE28244FD1462A574340E90C89	3806	----a-w-	C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2016-09-07 13:37:43	D1D2C574FFE1443CB8D8BE19EA034A7D	1066	----a-w-	C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 13:26:09	0D7321E204BE11FCF0C2BF0087BE451A	3966	----a-w-	C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{D3572E26-43AE-4168-8A3F-6535F8BE477B}
2016-09-07 13:20:53	6D1448AB12DB89692097C58D74C2EBC0	3596	----a-w-	C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2739720367-3800079215-714148290-1006
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-09-21 19:52:30	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
2016-09-15 19:35:41	--------	d-----w-	C:\PROGRA~2\VideoLAN
2016-09-15 17:55:41	--------	d-----w-	C:\PROGRA~2\AVG
2016-09-15 17:46:50	--------	d-----w-	C:\PROGRA~2\Mozilla Maintenance Service
2016-09-15 17:38:54	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2016-09-07 13:37:37	--------	d-----w-	C:\PROGRA~2\Google
======= C: =====
====== C:\Users\nas\AppData\Roaming ======
2016-09-21 18:37:31	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\AvgSetupLog
2016-09-15 19:39:01	--------	d-----w-	C:\Users\nas\AppData\Roaming\vlc
2016-09-15 18:11:28	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\AVG
2016-09-15 18:10:11	--------	d-----w-	C:\Users\nas\AppData\Roaming\AVG
2016-09-15 18:05:41	--------	d-----w-	C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg
2016-09-15 18:05:38	--------	d-----w-	C:\Users\nas\AppData\Roaming\TuneUp Software
2016-09-15 17:57:24	--------	d-----w-	C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg
2016-09-15 17:54:15	--------	d-----w-	C:\Users\nas\AppData\Local\AvgSetupLog
2016-09-15 17:54:15	--------	d-----w-	C:\Users\nas\AppData\Local\Avg
2016-09-15 17:38:43	--------	d-----w-	C:\Users\nas\AppData\Roaming\Sun
2016-09-07 13:37:30	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Google
2016-09-07 13:36:30	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Apps
2016-09-07 13:36:29	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Deployment
2016-09-07 13:22:10	--------	d-----w-	C:\Users\bouga_000\AppData\Locallow\Sun
2016-09-07 13:16:53	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\ICAClient
2016-09-07 13:16:34	--------	d-----w-	C:\Users\bouga_000\AppData\Local\AMD
2016-09-07 13:16:30	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Citrix
2016-09-07 13:16:27	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Hewlett-Packard
2016-09-07 13:16:25	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\ATI
2016-09-07 13:16:25	--------	d-----w-	C:\Users\bouga_000\AppData\Local\ATI
2016-09-07 13:16:23	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\Synaptics
2016-09-07 13:14:51	--------	d-----r-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-09-07 13:14:51	--------	d-----r-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-09-07 13:14:45	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\Identities
2016-09-07 13:12:54	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\Adobe
2016-09-07 13:12:52	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Packages
2016-09-07 13:12:12	--------	d-s---w-	C:\Users\bouga_000\AppData\Locallow\Microsoft
2016-09-07 13:12:01	--------	d-s---w-	C:\Users\bouga_000\AppData\Roaming\Microsoft
2016-09-07 13:12:01	--------	d-----w-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-09-07 13:12:01	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Temp
2016-09-07 13:12:01	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Microsoft Help
2016-09-07 13:12:01	--------	d-----w-	C:\Users\bouga_000\AppData\Local\Microsoft
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
====== C:\Users\nas ======
2016-09-22 13:59:07	B785D1D8DF61B44B23801FF238032CD4	2402816	----a-w-	C:\Users\nas\Desktop\FRST64.exe
2016-09-21 19:50:56	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\nas\Desktop\RSITx64.exe
2016-09-21 18:02:53	D0C3F0827A1CC0107E5D42E23F664A84	3861056	----a-w-	C:\Users\nas\Desktop\adwcleaner_6.020.exe
2016-09-15 19:37:41	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-15 19:33:31	7B298EFA16AC68E6E9BB02C8D34B9114	30533688	----a-w-	C:\Users\nas\Downloads\vlc-2.2.4-win32.exe
2016-09-15 18:49:08	BD1E57CCABF190A3B12D032E2ACA1116	13170912	----a-w-	C:\Users\nas\Downloads\Silverlight_x64.exe
2016-09-15 18:05:39	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-09-15 17:58:39	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-15 17:54:22	--------	d-----w-	C:\ProgramData\Avg
2016-09-15 17:54:17	--------	d--h--w-	C:\ProgramData\Common Files
2016-09-15 17:45:04	20871875AD5FE6CE6776A1AA519FDAF4	242264	----a-w-	C:\Users\nas\Downloads\Firefox Setup Stub 48.0.2 (2).exe
2016-09-15 17:38:42	--------	d-----w-	C:\Users\nas\.oracle_jre_usage
2016-09-15 17:31:06	20871875AD5FE6CE6776A1AA519FDAF4	242264	----a-w-	C:\Users\nas\Downloads\Firefox Setup Stub 48.0.2 (1).exe
2016-09-15 15:41:59	20871875AD5FE6CE6776A1AA519FDAF4	242264	----a-w-	C:\Users\nas\Downloads\Firefox Setup Stub 48.0.2.exe
2016-09-15 15:40:01	52F4695C53B02ADA7D648F95F2E2F8B4	22851472	----a-w-	C:\Users\nas\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-15 15:33:32	DB9530DFF0A71D48E4877D47990AF006	8244656	----a-w-	C:\Users\nas\Downloads\ccsetup522 (1).exe
2016-09-15 15:31:23	DB9530DFF0A71D48E4877D47990AF006	8244656	----a-w-	C:\Users\nas\Downloads\ccsetup522.exe
2016-09-07 13:23:56	--------	d---a-r-	C:\Users\bouga_000\OneDrive
2016-09-07 13:14:51	--------	d-----r-	C:\Users\bouga_000\Searches
2016-09-07 13:14:51	--------	d-----r-	C:\Users\bouga_000\Contacts
2016-09-07 13:12:07	6FC234AD3752E1267B34FB12BCD6718B	20	--sha-w-	C:\Users\bouga_000\ntuser.ini
2016-09-07 13:12:01	--------	d--h--w-	C:\Users\bouga_000\AppData
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Videos
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Saved Games
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Pictures
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Music
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Links
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Favorites
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Downloads
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Documents
2016-09-07 13:12:01	--------	d-----r-	C:\Users\bouga_000\Desktop

====== C: exe-files ==
2016-09-21 19:52:30	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\nasiga.exe
2016-09-21 19:44:17	D0FA8813EDF8B38A4ED34E0659A69704	56475224	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\53.0.2785.116\53.0.2785.116_chrome_installer.exe
2016-09-21 19:00:15	3DA54BD90C1A4EF9A12270102C047FC5	55632	----a-w-	C:\AdwCleaner\quarantine\files\yoyextabvyuarebvzmxwcuwkadrqopqw\WaNetworkEnhancer Internet Enhancer\makecert.exe
2016-09-21 19:00:10	26EEC682E545483EC5116D91B7D28DE5	917708	----a-w-	C:\AdwCleaner\quarantine\files\yoyextabvyuarebvzmxwcuwkadrqopqw\uninstall.exe
2016-09-21 18:59:58	80F7517245C5284DE2909AC8BFBBEF66	14640	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\x64\DriverInstaller64.exe
2016-09-21 18:59:55	89A1A1A6DFED3114D521B3CDEECF969F	27936	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\thirdpartyinstaller.exe
2016-09-21 18:59:54	465D288FA1C072E6B198FA532DD64FD6	104224	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\Launcher.exe
2016-09-21 18:59:53	CBFE687699216849B3352FD4BAB4ABE7	27944	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\ds_move_serial.exe
2016-09-21 18:59:53	7E27939489E28F2FB24653836860E088	27936	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\dsmonitor.exe
2016-09-21 18:59:53	2D507C6A20E310F4398C5721B11A8811	27936	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\dsnotifier.exe
2016-09-21 18:59:52	10DF926EC825F62A2854B8BC6D95C97C	93456	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\driverscanner.exe
2016-09-21 18:59:52	06BAA1F6B22D5158A3F5135238443DFC	14128	----a-w-	C:\AdwCleaner\quarantine\files\qcpzbtfgbqyaxwsyqrmitjathepoztwu\DriverScanner\DriverInstaller32.exe
2016-09-21 18:59:42	7BD2AA22663C29CD4CB9CFDCEF7C6268	1003520	----a-w-	C:\AdwCleaner\quarantine\files\gpzebmudyfyabzcwbghdezxaegophxfq\Application\45.0.2453.0\Installer\chrmstp.exe
2016-09-21 18:59:39	B942A0F8B1E227976A744DEF7A249F72	690688	----a-w-	C:\AdwCleaner\quarantine\files\gpzebmudyfyabzcwbghdezxaegophxfq\Application\45.0.2453.0\delegate_execute.exe
2016-09-21 18:59:38	1DD47931A5B3FC6C0E69C5F850265AD0	14080	----a-w-	C:\AdwCleaner\quarantine\files\gpzebmudyfyabzcwbghdezxaegophxfq\Application\LaunchBrowser_ie.exe
2016-09-21 18:59:38	1DD47931A5B3FC6C0E69C5F850265AD0	14080	----a-w-	C:\AdwCleaner\quarantine\files\gpzebmudyfyabzcwbghdezxaegophxfq\Application\LaunchBrowser.exe
2016-09-21 18:59:34	1B769C36ABC8C80CE0A9034162541134	119215	----a-w-	C:\AdwCleaner\quarantine\files\nkdxgmpgbtnxnqgwdlwbtuevpphiwijr\uninstall.exe
2016-09-21 18:59:31	5CFCD54A9318A410E1D3EF4FC08C58CE	235776	----a-w-	C:\AdwCleaner\quarantine\files\lmpnhlbtplwfnsvmgvoqxoocwzodsjoa\MustangSer3125.exe
2016-09-21 18:58:52	CCA36557CBE8701DD1CDE3254BD7DD27	1511576	----a-w-	C:\AdwCleaner\quarantine\files\mqafzvdoewoacxlutwqgfjwijcywotjj\User Data\recovery\101.3.30.3\ChromeRecovery.exe
2016-09-21 18:58:51	1CCFF127853CC27ABEF24ECAF2881E0B	1446728	----a-w-	C:\AdwCleaner\quarantine\files\mqafzvdoewoacxlutwqgfjwijcywotjj\User Data\recovery\101.3.28.17\ChromeRecovery.exe
2016-09-21 18:38:12	5107A11D6C9ABFDFF20E268CEF6401F4	1871632	----a-w-	C:\Program Files (x86)\AVG\Setup\avgsetupwrkx.exe
2016-09-21 18:38:08	B2927ECB5E5ABD819818BD0E8F18B41F	3672848	----a-w-	C:\Program Files (x86)\AVG\Setup\avgsetupx.exe
2016-09-21 18:38:08	2FEE1962AA96595442ABBCFD64A55D0A	711952	----a-w-	C:\Program Files (x86)\AVG\Setup\avgntdumpx.exe
2016-09-21 18:37:18	6F1CF3EB529DEA255F72E1F38F94A25B	6785880	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\ThirdPartyInstallers\VideoDownloadConverterSetup.exe
2016-09-21 18:37:15	E7E6659416CE35444FE1E91D95F780CE	30216	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\4zskplay.exe
2016-09-21 18:37:14	6EEA3E294E0E69F9AA8F97BFC15A22DA	32448	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\4zimpipe.exe
2016-09-21 18:37:14	04826C949A4DE20B5A95AD88363EA3C6	22048	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\4zmedint.exe
2016-09-21 18:37:13	635F5E4B01597D0BAF2422245C8FF541	22048	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\4zhighin.exe
2016-09-21 18:37:09	7E06D26FE4B8E771594D22AE7B8EE94E	44752	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\2.bin\4zbarsvc.exe
2016-09-21 18:37:08	6F1CF3EB529DEA255F72E1F38F94A25B	6785880	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\1.bin\ThirdPartyInstallers\VideoDownloadConverterSetup.exe
2016-09-21 18:37:04	35D6CAAA9E4D82974A74DBDB53801F98	30096	----a-w-	C:\AdwCleaner\quarantine\files\obsyvfskjeyntnmpstafydewbrgthpyy\bar\1.bin\4zbrmon.exe
2016-09-21 18:36:49	C8F83880BF832ED6B3DECA80D3AFBDF6	249224	----a-w-	C:\AdwCleaner\quarantine\files\lepubguwivheafnnzadamagyqrxdsxxb\VideoDownloadConverter.exe
2016-09-21 18:36:49	BADDF5B5D001D99CAB117B137E124FCB	1351008	----a-w-	C:\AdwCleaner\quarantine\files\lepubguwivheafnnzadamagyqrxdsxxb\uninstall.exe
2016-09-21 18:36:46	6FA327C15981B1DCBF0438003BD913DA	9476480	----a-w-	C:\AdwCleaner\quarantine\files\lepubguwivheafnnzadamagyqrxdsxxb\ffmpeg.exe
2016-09-21 14:46:00	4B0A80F9CEEBAABBBC013FF58DDDCF4A	12203608	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\53.0.2785.116\53.0.2785.116_53.0.2785.89_chrome_updater.exe
=== C: other files ==
2016-09-22 18:24:20	B31811CF7CE5B06250AA329DE517D7F3	314	----a-w-	C:\ProgramData\Avg\AV\IDS\outbox\persist.zip
2016-09-22 17:27:37	095A9E59F9E0DE5C4CA42F46956E8D1B	7076	----a-w-	C:\Users\nas\AppData\Roaming\Mozilla\Firefox\Profiles\3k197mca.default-1473961691753\features\{d880fc3a-080e-4bb6-b981-88eaa69c1c78}\e10srollout@mozilla.org.xpi
2016-09-22 17:17:36	D7A30906994124C8258A4B8A1D2D8BCD	199379	----a-w-	C:\ProgramData\Avg\AV\IDS\outbox\p0\submit.zip
2016-09-21 18:36:45	B979AD3D1780D5209EC7DCFD25B59D75	3231	----a-w-	C:\Users\nas\AppData\Local\Temp\DeleteOnReboot.bat

==== Orphaned Tasks deleted from Registry ======================

Slamloog deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2739720367-3800079215-714148290-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"Redirector"="C:\Program Files (x86)\Citrix\ICA Client\redirector.exe /startup"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe /lps=fmw"
"AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

==== Startup Folders ======================

2014-05-22 18:08:14	2453	----a-w-	C:\Users\nas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
2015-10-17 15:52:34	2071	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk
2015-10-17 15:52:34	1976	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [15-09-2016 20:20]
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [21-09-2016 21:27]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-09-2016 15:37]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07-09-2016 15:37]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [24-08-2012 11:38]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\WINDOWS\SysNative\tasks\AVG EUpdate Task" [avgsetupx.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{717B1A7D-98F6-457E-BB18-DA6DF5C45806}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{D3572E26-43AE-4168-8A3F-6535F8BE477B}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2016-09-15 15:40:52	--------	d-----w-	C:\PROGRA~3\Malwarebytes
2016-09-15 17:54:17	--------	d--h--w-	C:\PROGRA~3\Common Files
2016-09-15 17:54:22	--------	d-----w-	C:\PROGRA~3\Avg
2016-09-15 18:01:51	--------	d-----w-	C:\PROGRA~3\MFAData

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\nas\AppData\Roaming\Mozilla\Firefox\Profiles\3k197mca.default-1473961691753
user_pref("browser.startup.homepage", "www.google.nl");

==== Firefox Extensions ======================

ProfilePath: C:\Users\nas\AppData\Roaming\Mozilla\Firefox\Profiles\3k197mca.default-1473961691753
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\nas\AppData\Roaming\Mozilla\Firefox\Profiles\3k197mca.default-1473961691753
3D3CAF586124C4E8102764C8B3063BB6	- C:\windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
7FB1DC8C464CAFC230E7AD6392AE859B	- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll -	Shockwave Flash
78504F4E26F357182E9ADCC706D1CAF0	- C:\Users\nas\AppData\Local\Roblox\Versions\version-2a3769b753884f05\NPRobloxProxy.dll -	Roblox Launcher Plugin
51575E21C5F4CEB1F0CFA57C325CF131	- C:\Users\nas\AppData\Local\Roblox\Versions\version-2a3769b753884f05\NPRobloxProxy64.dll -	Roblox Launcher Plugin


==== Chromium Look ======================


Google Slides - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Norton Security Toolbar - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Google Sheets - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Norton Identity Safe - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Web Store Payments - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - bouga_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Docs - nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Chrome Web Store Payments - nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - nas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.nl/"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1442242963&z=fcf7e579a2814e00202316cd51de6594gzzoozotqc&from=tugs&uid=hitachixhts545050a7e380_te85113q2hjenr2hjenrx&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.nl/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16B7BDA1-B967-4D2D-8B27-E12727C28350} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1ADB7B61769BD2D4B8721E72722C3805 deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Citrix Receiver.lnk = C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bouga_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bouga_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\nas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\nas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bouga_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\bouga_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\nas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\nas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\nas\AppData\Local\Mozilla\Firefox\Profiles\3k197mca.default-1473961691753\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\bouga_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\nas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=81 folders=66 238042586 bytes)

==== Empty Temp Folders ======================

C:\Users\bouga_000\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\nas\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\nas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 22-09-2016 at 21:29:11,24 ======================