Zoek.exe Version 4.0.0.4 Updated 11-September-2013 Tool run by Joke on vr 13-09-2013 at 21:07:26,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Joke\AppData\Local\Temp\Rar$EX01.463\zoek.exe [Script inserted] ==== Older Logs ====================== C:\zoek-results01-04-2012-1115.log 7329 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} deleted successfully HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-4097699093-4074805945-666118343-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Joke\AppData\Roaming\Mozilla\Firefox\Profiles\9zz77br7.default ---- Lines yahoo removed from prefs.js ---- user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com"); ---- Lines yahoo modified from prefs.js ---- ---- Lines yahoo removed from user.js ---- ---- Lines babylon removed from prefs.js ---- user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109993"); user_pref("extensions.BabylonToolbar_i.hardId", "e09dfce3000000000000001e6434e3c3"); user_pref("extensions.BabylonToolbar_i.id", "e09dfce3000000000000001e6434e3c3"); user_pref("extensions.BabylonToolbar_i.instlDay", "15394"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:30:17"); ---- Lines babylon modified from prefs.js ---- ---- Lines babylon removed from user.js ---- user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109993"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar_i.id", "e09dfce3000000000000001e6434e3c3"); user_pref("extensions.BabylonToolbar_i.hardId", "e09dfce3000000000000001e6434e3c3"); user_pref("extensions.BabylonToolbar_i.instlDay", "15394"); user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:30:17"); user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); ---- Lines mysearch removed from prefs.js ---- ---- Lines mysearch modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- user_13-09-2013_2120_.backup prefs_13-09-2013_2120_.backup ==== Deleting Files \ Folders ====================== "C:\user.js" deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted "C:\Windows\SysNative\roboot64.exe" deleted "C:\Windows\wininit.ini" deleted "C:\user.js" deleted "C:\Users\Joke\AppData\Roaming\ParetoLogic" deleted "C:\Users\Joke\AppData\Roaming\DriverCure" deleted "C:\Users\Joke\AppData\Roaming\Systweak" deleted "C:\ProgramData\Partner" deleted "C:\ProgramData\ParetoLogic" deleted "C:\ProgramData\Babylon" deleted "C:\ProgramData\Trymedia" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Joke\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-09-08 19:46:25 168AC097023807C0C6F6A072C47E2CD4 1652 ----a-w- C:\Windows\Sysnative\ASOROSet.bin 2013-09-08 18:36:38 7C482E73D291A66BFB4B9C63F4D8A959 366 ----a-w- C:\Windows\Sysnative\avgrep.txt ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2013-09-08 18:56:08 55D276B629F8030D7B459CC324276D92 282 ----a-w- C:\Windows\Tasks\RDReminder.job 2013-09-08 18:30:03 673ED9446D2E334E9FC66B38D229709D 408 ----a-w- C:\Windows\Tasks\Ad-Aware Update (Weekly).job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-09-11 18:18:20 -------- d-----w- C:\Program Files\trend micro ======= C:\Program Files (x86) ===== 2013-09-08 18:41:21 -------- d-----w- C:\Program Files (x86)\DLLSuite ======= C: ===== 2013-09-05 19:58:33 02BE872C5823227C09DB2B11AFD6092E 6640 ------w- C:\bootsqm.dat ====== C:\Users\Joke\AppData\Roaming ====== 2013-09-13 18:59:26 B9C0E3926FB1440A36F6C9F307C29832 437648 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-System.dat 2013-09-13 18:59:08 !HASH: COULD NOT OPEN FILE !!!!! 2048 --sha-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\lastalive1.dat 2013-09-13 18:59:08 !HASH: COULD NOT OPEN FILE !!!!! 2048 --sha-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\lastalive0.dat 2013-09-09 09:50:03 -------- d-----w- C:\Users\Joke\AppData\Roaming\PC Unleashed Online 2013-09-05 18:36:56 -------- d-----r- C:\Users\Joke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 ====== C:\Users\Joke ====== 2013-09-11 18:37:51 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joke\Downloads\RSITx64(1).exe 2013-09-11 18:17:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joke\Downloads\RSITx64.exe 2013-09-09 09:49:56 -------- d-----w- C:\ProgramData\PC Unleashed Online 2013-09-09 09:48:39 F7F18F2ADE7EB8E5FC774C7BE0E6B84A 5462936 ----a-w- C:\Users\Joke\Downloads\PC Unleashed Installer(1).exe 2013-09-09 09:47:46 F7F18F2ADE7EB8E5FC774C7BE0E6B84A 5462936 ----a-w- C:\Users\Joke\Downloads\PC Unleashed Installer.exe 2013-09-08 18:55:05 C38A2CC5409E1B1C55BAB2119FF2380F 4241280 ----a-w- C:\Users\Joke\Downloads\dffsetup-sensapi.exe 2013-09-08 18:40:31 815EE8A374F95D8C2CFF4EA2AF93B58D 16214030 ----a-w- C:\Users\Joke\Downloads\DLLSuite_Setup.exe 2013-09-06 20:44:58 2EF18E8F9DF5A2428AE212C92BCDCE86 450352 ----a-w- C:\Users\Joke\Downloads\FixitCenter_Run.exe 2013-09-06 20:26:03 63C3C419200755087C7496933C298F8F 5162600 ----a-w- C:\Users\Joke\Downloads\Repair-tool.exe 2013-09-06 14:26:31 096C3277599629BD22AF6959D20774B9 4454952 ----a-w- C:\Users\Joke\Downloads\ccsetup405.exe ====== C: exe-files == 2013-09-11 18:37:51 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joke\Downloads\RSITx64(1).exe 2013-09-11 18:18:20 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Joke.exe 2013-09-11 18:17:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Joke\Downloads\RSITx64.exe 2013-09-09 09:48:39 F7F18F2ADE7EB8E5FC774C7BE0E6B84A 5462936 ----a-w- C:\Users\Joke\Downloads\PC Unleashed Installer(1).exe 2013-09-09 09:47:46 F7F18F2ADE7EB8E5FC774C7BE0E6B84A 5462936 ----a-w- C:\Users\Joke\Downloads\PC Unleashed Installer.exe 2013-09-08 20:10:58 D6D3462051E7A3A651DAE4943D48B20B 4328856 ----a-w- C:\Users\Joke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5CZHWN3\rcpsetup_25752.exe 2013-09-08 19:38:23 AA3C66FAC78CFB477EB991222027E199 4327136 ----a-w- C:\Users\Joke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULPM1EF1\sysrc_trial_9407_dutch01.exe 2013-09-08 18:55:05 C38A2CC5409E1B1C55BAB2119FF2380F 4241280 ----a-w- C:\Users\Joke\Downloads\dffsetup-sensapi.exe 2013-09-08 18:40:31 815EE8A374F95D8C2CFF4EA2AF93B58D 16214030 ----a-w- C:\Users\Joke\Downloads\DLLSuite_Setup.exe 2013-09-06 20:44:58 2EF18E8F9DF5A2428AE212C92BCDCE86 450352 ----a-w- C:\Users\Joke\Downloads\FixitCenter_Run.exe 2013-09-06 20:26:03 63C3C419200755087C7496933C298F8F 5162600 ----a-w- C:\Users\Joke\Downloads\Repair-tool.exe === C: other files == ==== Firefox Extensions ====================== ProfilePath: C:\Users\Joke\AppData\Roaming\Mozilla\Firefox\Profiles\9zz77br7.default - AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 ==== Firefox Plugins ====================== Profilepath: C:\Users\Joke\AppData\Roaming\Mozilla\Firefox\Profiles\9zz77br7.default 0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17 31DA97B4682187C6639BBE2215814FDA - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx[25-08-2013 09:29] AVG Safe Search - Joke - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.msn.com/" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_3410&r=27360410i306l0341z125t5911v240" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://nl.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nlNL377" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="http://isearch.avg.com/search?cid={EA86CFDF-DE15-454F-95B9-8F200922CE13}&mid=3c71a50bf763f868bb68307d393d7f26-440cfb59217915f3440109306ad16920c89c2b9c&lang=nl&ds=AVG&pr=fr&d=2012-10-03" ==== Reset Google Chrome ====================== C:\Users\Joke\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Joke\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Joke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Joke\AppData\Local\Mozilla\Firefox\Profiles\9zz77br7.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Joke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Joke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 13-09-2013 at 21:32:00,67 ======================