Zoek.exe v5.0.0.0 Updated 21-09-2014 Tool run by bob on di 23/09/2014 at 9:45:21,28. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\bob\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23/09/2014 9:50:32 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Ableton deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\trend micro deleted successfully C:\Program Files\URUSoft deleted successfully C:\Program Files\Common Files\Symantec Shared deleted successfully C:\PROGRA~2\ALM deleted successfully C:\PROGRA~2\Symantec deleted successfully C:\Users\bob\AppData\Roaming\Graphisoft deleted successfully C:\Users\bob\AppData\Roaming\MAXON deleted successfully C:\Users\bob\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\bob\AppData\Local\Conduit deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\afwServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\AppleOSSMgr.exe C:\Windows\system32\AppleTimeSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\lxbkcoms.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Boot Camp\Bootcamp.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Acapela Group\infovox3 demo\engine\infovox3demo.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\avastui.exe C:\Users\bob\AppData\Local\Akamai\netsession_win.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\bob\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\program files\real\realplayer\RealPlay.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\bob\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\zoek_backup deleted C:\Program Files\Java deleted C:\Program Files\Vuze deleted C:\Users\bob\AppData\Roaming\SpeechCreator.ini deleted C:\Users\bob\AppData\Roaming\Thinstall deleted C:\Users\bob\AppData\Roaming\pdfforge deleted C:\Users\bob\AppData\Local\CRE deleted C:\Users\bob\AppData\Local\Thinstall deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bytescout Lossless Video Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bytescout SWF To Video Scout (PRO) Evaluation deleted C:\Users\bob\AppData\LocalLow\PriceGong deleted C:\Users\bob\AppData\LocalLow\Conduit deleted C:\END deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\System32\tempdir deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 2792 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz CPU Speed: 2480,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 9600M GT | NVIDIA GeForce 9600M GT | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Bluetooth-apparaat (Personal Area Network) | Broadcom 802.11n-netwerkadapter | NVIDIA nForce 10/100/1000 Mbps Ethernet CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-R UJ-868 Ports: COM5 | COM7 | COM4 | COM6 | COM3 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 90,9GB | E: 206,9GB Hard Disks - Free: C: 10,3GB | E: 92,0GB Manufacturer *: Apple Inc. BIOS Info: AT/AT COMPATIBLE | 07/29/05 | ACRSYS - 7e Time Zone: Romance (standaardtijd) Motherboard *: Apple Inc. Mac-F42D86C8 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 37.0.2062.120 Internet Explorer Version: 11.0.9600.17239 Google Chrome version: 37.0.2062.120 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-09-05 03:32:58 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\bob\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== 2014-09-23 07:36:49 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2014-09-19 18:48:56 79896A78039C9A63C56197843CFBAD0B 1987584 ----a-w- C:\Windows\System32\d3d10warp.dll 2014-09-19 18:48:51 A8DDB7ACB122FC36FF0D7C9B3099A380 793600 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-09-19 18:48:37 7D11D2B186C369E39D3B3759AE2775CE 445952 ----a-w- C:\Windows\System32\aepdu.dll 2014-09-19 18:48:34 11423EFD825011A0F5EC76D89D0C89A1 302592 ----a-w- C:\Windows\System32\aeinv.dll ====== C:\Windows\system32\drivers ===== 2014-09-05 03:33:39 83378AE48209388D0F9BD16A44D19EEC 71944 ----a-w- C:\Windows\System32\drivers\aswStm.sys 2014-09-05 03:33:35 3BFBB5DAE801CB893B8B46345FED6437 24184 ----a-w- C:\Windows\System32\drivers\aswHwid.sys 2014-09-05 03:32:32 EAA4A59CFA4AB73843B13E86B50F573D 270752 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2014-09-05 03:27:33 F5030EB67FB1461D46B0A6636E73C15D 204784 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2014-09-05 03:27:30 8909E5E7BB1D3AAF2EB1B01FA4B5BD65 104752 ----a-w- C:\Windows\System32\drivers\aswFW.sys ====== C:\Windows\Tasks ====== 2014-09-19 18:41:51 E98D19BB873CAE4555355FBCDD6C46F8 3342 ----a-w- C:\Windows\system32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085478328-3706108698-3478612873-1000 2014-09-03 16:56:41 7DA136EDC426C9623852552F2AB977EE 3320 ----a-w- C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085478328-3706108698-3478612873-1000 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-11 18:36:59 -------- d-----w- C:\Program Files\ESET ======= C: ===== ====== C:\Users\bob\AppData\Roaming ====== 2014-09-11 18:47:10 -------- d-sh--w- C:\Users\bob\AppData\Locallow\EmieUserList 2014-09-11 18:47:10 -------- d-sh--w- C:\Users\bob\AppData\Locallow\EmieSiteList 2014-09-05 03:18:06 -------- d-sh--w- C:\Users\bob\AppData\Local\EmieUserList 2014-09-05 03:18:06 -------- d-sh--w- C:\Users\bob\AppData\Local\EmieSiteList ====== C:\Users\bob ====== 2014-09-11 18:36:45 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\bob\Desktop\esetsmartinstaller_enu.exe 2014-09-11 18:23:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\bob\Desktop\RSIT.exe ====== C: exe-files == 2014-09-22 09:27:49 E8A50A9E177661FA99EE0871C3B16FDB 39982160 ----a-w- C:\Users\bob\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_chrome_installer.exe 2014-09-19 18:50:09 198DC8EE284854EBDCB0977FCEA50B18 2391632 ----a-w- C:\Users\bob\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_37.0.2062.103_chrome_updater.exe 2014-09-19 18:48:36 13D383D25CB713F645937C8B183EEEE2 148136 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1085478328-3706108698-3478612873-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\bob\AppData\Local\Akamai\netsession_win.exe" "Google Update"="C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "Apple_KbdMgr"="C:\Program Files\Boot Camp\Bootcamp.exe" "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "NBAgent"="C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "i3 demo"="C:\Program Files\Acapela Group\infovox3 demo\engine\infovox3demo.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe -osboot" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\bob\AppData\Local\Akamai\netsession_win.exe" "Google Update"="C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="acaptuser32.dll" ==== Startup Folders ====================== 2014-06-23 15:56:35 1218 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085478328-3706108698-3478612873-1000Core.job --a------ C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [04/08/2012 14:55] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085478328-3706108698-3478612873-1000UA.job --a------ C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [04/08/2012 14:55] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-bob-PC-bob" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1085478328-3706108698-3478612873-1000Core" [C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1085478328-3706108698-3478612873-1000UA" [C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085478328-3706108698-3478612873-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\system32\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085478328-3706108698-3478612873-1000" [C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085478328-3706108698-3478612873-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085478328-3706108698-3478612873-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\{2833616C-9E03-490F-B32E-822848418C39}" [C:\Program Files\Skype\\Phone\Skype.exe] "C:\Windows\system32\tasks\{D698AD94-DA40-4559-8AF7-AF4117148E80}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [23/06/2014 17:57] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[05/09/2014 05:32] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10/06/2014 17:54] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 12:45] ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\bob\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ojpijjmpahflnipadmlpgbjmagmjchkk - C:\Users\bob\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx[] avast Online Security - bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki RealPlayer Downloader - bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Skype Click to Call - bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda avast WebRep - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda Skype Click to Call - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Startpages ====================== C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.be/", "startup_urls": [ "https://dub116.mail.live.com/default.aspx?id=64855" ], ==== Chromium Fix ====================== C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage deleted successfully C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:49317;https=127.0.0.1:49317" "ProxyOverride"="<-loopback>;" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\111E266FDD1556398EFC13BE47678F96E8497682 deleted successfully ==== HijackThis Entries ====================== R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [i3 demo] "C:\Program Files\Acapela Group\infovox3 demo\engine\infovox3demo.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\bob\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe O23 - Service: Apple tijdvoorziening (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==== Empty IE Cache ====================== C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3 folders=0 7162 bytes) ==== Empty Temp Folders ====================== C:\Users\bob\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\bob\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\bob\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PXYBTXFL\escape.insites.eu" not found "C:\Users\bob\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PXYBTXFL\www.sky138.com" not found ==== EOF on di 23/09/2014 at 11:06:56,51 ======================