Zoek.exe v5.0.0.0 Updated 09-January-2015 Tool run by Eric on di 13-01-2015 at 13:06:29,26. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Eric\Downloads\zoek.exe [Scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-01-12-180149.log 1162 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1480275599-4233152437-25962850-1001\Software\Microsoft\Internet Explorer\SearchScopes\{20153BB6-2253-429B-82D3-B63724734AEE} deleted successfully HKEY_USERS\S-1-5-21-1480275599-4233152437-25962850-1001\Software\Microsoft\Internet Explorer\SearchScopes\{699FCA3F-2143-465D-9504-95EA463D97BB} deleted successfully HKEY_USERS\S-1-5-21-1480275599-4233152437-25962850-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 9 Plugin Adobe Photoshop Elements 6 Adobe Photoshop Elements 6.0 Adobe Reader 8 Adobe Reader 8.1.2 - Nederlands Adobe Shockwave Player 12.1 Avast Free Antivirus BuyNSave Free YouTube to MP3 Converter version 3.12.50.1111 Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper HDRegNL Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Infocentre Rev. 2.0.0.1 Intel(R) Graphics Media Accelerator Driver Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended NLD Language Pack Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Essentials neroxml Packard Bell ImageWriter Packard Bell LCD Test Packard Bell Updator Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader SeaTools for Windows Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2972106) Security Update for Microsoft .NET Framework 4 Client Profile (KB2972215) Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125) Security Update for Microsoft .NET Framework 4 Client Profile (KB2979575v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2894842v2) Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2) Shockwave Director 10.3 Skype 3.6.2.248 SkypeT 3.6 Synaptics Pointing Device Driver Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Taalpakket voor Microsoft .NET Framework 4 Extended - NLD Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) VCRedistSetup Vuze YoiutubEADDBBlocke ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\SLsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Eric\Downloads\zoek.exe C:\Windows\system32\conime.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\YoiutubEADDBBlocke deleted C:\Program Files\BuyNSave deleted C:\PROGRA~2\eobimipkfegppdljleficifgfoojeflf deleted C:\Program Files\ASP deleted C:\Program Files\Movies Toolbar deleted C:\Program Files\Vuze deleted C:\PROGRA~2\11367633232530127413 deleted C:\PROGRA~2\Real deleted C:\Program Files\WinZip Driver Updater deleted C:\Program Files\NCH Software\Components\NCHToolbars deleted C:\Program Files\Common Files\DVDVideoSoft\bin deleted C:\extensions deleted C:\install.exe deleted C:\Users\Eric\AppData\Roaming\WinZip\WinZipDU deleted C:\Users\Eric\AppData\Roaming\Tuneup Pro deleted C:\Users\Eric\AppData\Roaming\AdvancedSystemProtector deleted C:\Users\Eric\AppData\Roaming\Systweak deleted C:\PROGRA~2\Systweak deleted C:\PROGRA~2\Datamngr deleted C:\PROGRA~2\Wincert deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader deleted C:\Users\Eric\Downloads\SoftonicDownloader_voor_utorrent.exe deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Memory (RAM): 1977 MB CPU Info: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz CPU Speed: 1414,8 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: RT73 USB Wireless LAN Card | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GSA-T50N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 286,1GB Hard Disks - Free: C: 171,5GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 09/10/08 | PacBel - 20080910 Time Zone: West-Europa (standaardtijd) Motherboard *: PACKARD BELL BV PE2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 39.0.2171.95 Internet Explorer Version: 9.0.8112.16421 Google Chrome version: 39.0.2171.95 Adobe Reader version: 8.1.0.2007051100 Shockwave Player version: 12.1.5r155 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Eric\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-01-07 12:19:02 -------- d-----w- C:\Program Files\trend micro 2014-12-17 07:10:15 -------- d-----w- C:\Program Files\BouuyNssAve ======= C: ===== ====== C:\Users\Eric\AppData\Roaming ====== 2015-01-09 07:25:10 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Roaming\Adobe 2015-01-09 07:23:02 03B45753FD7D3D4E774F02563A39D891 49680 ----a-w- C:\Users\Gast.ERICS-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-09 07:22:30 -------- d-s---w- C:\Users\Gast.ERICS-PC\AppData\Locallow\Microsoft 2015-01-09 07:21:58 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Local\Google 2015-01-09 07:21:50 BEA07E6D2B8DCE396FE21BAA61B34956 6 --sha-w- C:\Users\Gast.ERICS-PC\AppData\Locallow\desktop.ini 2015-01-09 07:21:50 -------- d-----r- C:\Users\Gast.ERICS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2015-01-09 07:21:50 -------- d-----r- C:\Users\Gast.ERICS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2015-01-09 07:21:40 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Roaming\Identities 2015-01-09 07:21:33 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Local\VirtualStore 2015-01-09 07:21:21 -------- d-s---w- C:\Users\Gast.ERICS-PC\AppData\Roaming\Microsoft 2015-01-09 07:21:21 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Roaming\Media Center Programs 2015-01-09 07:21:21 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Local\Temp 2015-01-09 07:21:21 -------- d-----w- C:\Users\Gast.ERICS-PC\AppData\Local\Microsoft 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-17 07:37:49 -------- d-----w- C:\Users\Eric\AppData\Local\Daring_Development_Inc ====== C:\Users\Eric ====== 2015-01-09 07:21:50 -------- d-----r- C:\Users\Gast.ERICS-PC\Searches 2015-01-09 07:21:37 -------- d-----r- C:\Users\Gast.ERICS-PC\Contacts 2015-01-09 07:21:22 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Gast.ERICS-PC\ntuser.ini 2015-01-09 07:21:21 -------- d--h--w- C:\Users\Gast.ERICS-PC\AppData 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Videos 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Saved Games 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Pictures 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Music 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Links 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Favorites 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Downloads 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Documents 2015-01-09 07:21:21 -------- d-----r- C:\Users\Gast.ERICS-PC\Desktop 2014-12-17 06:50:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon ====== C: exe-files == 2015-01-07 12:19:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Eric.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1480275599-4233152437-25962850-1001\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "RtHDVCpl"="RtHDVCpl.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup" "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" "Skytel"="Skytel.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-12-2014 06:15] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22-10-2014 15:39] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [22-10-2014 15:39] C:\Windows\tasks\Recovery DVD Creator-Donald.job --a------ C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [] C:\Windows\tasks\Uitgebreide garantie-Donald.job --a------ C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Recovery DVD Creator-Donald" [C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe] "C:\Windows\system32\tasks\Uitgebreide garantie-Donald" [C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22-12-2014 05:23] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files\Common Files\DVDVideoSoft\plugins\ff" [21-11-2014 09:55] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\q2q7nnnx.default D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 04AF8BC83A89D9B71F7E0BCAF9FDD768 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24-11-2014 12:14] Google Voice Search Hotword (Beta) - Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Avast Online Security - Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki ClipMonkey - Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh Google Wallet - Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.mystartsearch.com/?type=hp&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065", "startup_urls": [ "http://www.mystartsearch.com/?type=hp&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065" ], C:\Users\Gast.ERICS-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.google.com/", "startup_urls": [ "http://www.google.com/" ], ==== Chromium Fix ====================== C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhodopgnkbcmfgggehanaepcofglnboh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065" "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065" "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065&q={searchTerms}" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1418800471&from=wpc&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE808H2206522065&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://services.freshy.com/general/newhometab.php?hometab=home&partner=10853&guid={B55A5F1B-48E2-4695-8147-CEC898AFDF1D}&i=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{20153BB6-2253-429B-82D3-B63724734AEE}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20153BB6-2253-429B-82D3-B63724734AEE}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="https://www.google.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PBEA_nlNL612" {B6CE8EBD-C105-42AA-8FF9-765AF5A02DF5} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559} deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast.ERICS-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Eric\AppData\Local\Mozilla\Firefox\Profiles\q2q7nnnx.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Gast.ERICS-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1433 folders=153 364862028 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Eric\AppData\Local\Temp will be emptied at reboot C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\Gast.ERICS-PC\AppData\Local\Temp emptied successfully C:\Users\Mcx1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Eric\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on di 13-01-2015 at 15:27:05,81 ======================