Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Breezer on wo 09/12/2015 at 13:56:15,77. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: F:\00 PC Helpforum\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 9/12/2015 13:59:24 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Monitor {7842554E-6BED-11D2-8CDB-B05550C10000} C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\trend micro deleted successfully C:\Program Files\Common Files\SWF Studio deleted successfully C:\PROGRA~2\APN deleted successfully C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\PROGRA~2\Systweak deleted successfully C:\Users\Breezer\AppData\Roaming\Systweak deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1184744770-4184242545-282961723-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8013CB38-8F6B-43C1-A07E-B4E82FDBA599} deleted successfully HKEY_USERS\S-1-5-21-1184744770-4184242545-282961723-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Flash Player 19 ActiveX Adobe Flash Player 19 NPAPI Adobe Refresh Manager Adobe Shockwave Player 12.2 Apple Application Support (32-bit) Apple Mobile Device Support Apple Software Update Avast Internet Security Bonjour CCleaner Dropbox Google Chrome Google Toolbar for Internet Explorer Google Update Helper iCloud iTunes Java 8 Update 60 Java 8 Update 66 Java Auto Updater Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Search Enhancement Pack Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Nero Abstract Themes Nero Audio Pack 1 Nero Blu-ray Player Nero Core Components Nero Info Nero Kwik Themes Basic Nero MediaHome Nero MediaHome Free Nero SharedVideoCodecs Nero Update Prerequisite installer QuickTime 7 Revo Uninstaller 1.93 Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837610) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085546) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB3101555) 32-Bit Edition Security Update for Microsoft Office Access 2007 (KB2596614) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3085551) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3101558) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB3101554) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687406) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB3085548) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2880506) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3085552) 32-Bit Edition swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB3101557) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Writer ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\Shared files\brs.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\system32\DllHost.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\System32\WUDFHost.exe F:\00 PC Helpforum\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] ==== Deleting Files \ Folders ====================== C:\Program Files\trend micro not found C:\found.003 deleted C:\found.000 deleted C:\found.001 deleted C:\found.002 deleted C:\Users\Breezer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk deleted C:\Users\Breezer\AppData\Roaming\BabSolution deleted C:\Users\Breezer\AppData\Roaming\Babylon deleted C:\PROGRA~2\Ask deleted C:\PROGRA~2\Partner deleted C:\PROGRA~2\Babylon deleted C:\PROGRA~2\Package Cache deleted C:\Users\Breezer\AppData\Local\Babylon deleted C:\Users\Breezer\Downloads\ReimageRepair.exe deleted C:\Users\Breezer\AppData\LocalLow\IAC deleted C:\Windows\system32\sasnative32.exe deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 32-bits Manufacturer: MEDION - Model: P961x Install Date: 29/12/2011 12:35:31 Last Boot: 9/12/2015 12:23:50 Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Number of Processors: 2 Work Station Bootmode: Normal boot Total RAM: 3070 MB (free 2042 MB - 66) Computername: BREEZER-PC Domain: WORKGROUP User: Breezer (Non-Administrator account) Local Disk: C:\ - NTFS - 900 GB (free 835 GB) Local Disk: D:\ - NTFS - 29 GB (free 17 GB) CD \ DVD Drive: E:\ Removable Disk: F:\ - FAT32 - 29 GB (free 18 GB) Bootdevice: \Device\HarddiskVolume1 Windows update: 2015-11-26 11:12:51 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 46.0.2490.86 Internet Explorer Version: 11.0.9600.18097 Google Chrome version: 46.0.2490.86 Adobe Reader version: 15.9.20077.160923 Flash Player version: 19.0.0.245 Shockwave Player version: 12.2.1r171 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-11-26 11:00:58 D1E75542EC8D1B4851765A57AC63618E 1908 ----a-w- C:\Windows\diagwrn.xml 2015-11-26 11:00:58 0287203B96B2F0D26B2E74335DB4ED1F 2829 ----a-w- C:\Windows\diagerr.xml ====== C:\Users\Breezer\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2015-11-11 07:59:35 BB8817D0508DD5EA69C770C8DEF5AB67 74752 ----a-w- C:\Windows\System32\drivers\tdx.sys 2015-11-11 07:59:34 93B49FA857F7036A4EFF32371F6E7391 338944 ----a-w- C:\Windows\System32\drivers\afd.sys 2015-11-11 07:59:27 523091605C05F5DE880426A2FBA0F87C 138176 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-11-11 07:59:26 A061E519ACDE34843DFA3F1C7358DAA2 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-11-11 07:59:18 C7492026F6691A92C4508DDDB041CE4E 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-11-11 07:59:17 34779EBCFEAB87A236B33C365A637144 225792 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-11-11 07:59:15 C34DE43FDAD9C32383BB4A5EE60126D4 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-11-11 07:58:33 9804FB2E46077F2977552347DFCA7E05 712640 ----a-w- C:\Windows\System32\drivers\ndis.sys 2015-11-11 07:57:34 780FFC005741C9316576086155E55F56 371920 ----a-w- C:\Windows\System32\drivers\cng.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== 2015-12-08 15:03:59 3C2D63BB44AF9041D728F718EF5D32EC 3480 ------w- C:\bootsqm.dat ====== C:\Users\Breezer\AppData\Roaming ====== ====== C:\Users\Breezer ====== 2015-12-08 19:10:30 3C7707013DEEA5ED7F68A29A007A7D57 321848 ----a-w- C:\Users\Breezer\Desktop\mbam-clean-2.1.1.1001.exe 2015-11-27 12:33:42 -------- d-----w- C:\ProgramData\Cisco Systems ====== C: exe-files == 2015-12-09 08:18:10 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Breezer\Desktop\PC Helpforum\RSIT.exe 2015-12-08 19:10:30 3C7707013DEEA5ED7F68A29A007A7D57 321848 ----a-w- C:\Users\Breezer\Desktop\mbam-clean-2.1.1.1001.exe === C: other files == 2015-12-09 08:08:43 3D6757885182722B9B4221B37E32FE6A 84 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1184744770-4184242545-282961723-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CanonSolutionMenuEx" "hkey"="HKLM" "command"="C:\\Program Files\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "hkey"="HKLM" "item"="iTunesHelper" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVBg.exe /FORPCEE3" "hkey"="HKLM" "item"="RtHDVBg" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="swg" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2b4c3e32bfa2.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cd0d0b47ebd358" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore1cf2b4c3e32bfa2" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{BC64C37B-C948-45D5-9A44-58CF2AEB6E3A}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{41A89C9B-5FD4-43A4-AE42-E8492229DC13}" [C:\Program Files\Malwarebytes Anti-Malware\mbam.exe] "C:\Windows\system32\tasks\{4293EEA2-E3B3-4125-9FED-548CCE24E7DF}" [C:\Program Files\CCleaner\CCleaner.exe] "C:\Windows\system32\tasks\{A6E45A42-817A-49B3-92E4-E99EC63E0897}" [C:\Program Files\Malwarebytes Anti-Malware\mbam.exe] "C:\Windows\system32\tasks\{F33DDE7A-7679-4A15-900F-C32F672736B7}" [C:\Program Files\Canon\MP Navigator EX 5.0\Maint.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Nero\Nero Info" [C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe] ==== Folders in C:\PROGRA~2 0-6 Months Old ====================== 2015-09-24 08:20:02 -------- d-----w- C:\PROGRA~2\Microsoft Help 2015-11-27 12:33:42 -------- d-----w- C:\PROGRA~2\Cisco Systems ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Breezer\AppData\Roaming\Mozilla\Firefox\Profiles\2k2hzr5w.default user_pref("browser.startup.homepage", "https://www.google.com/"); user_pref("browser.search.defaulturl", "https://www.google.com/search"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.URL", "https://www.google.com/search"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/10/2015 10:33] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Breezer\AppData\Roaming\Mozilla\Firefox\Profiles\2k2hzr5w.default - Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF ==== Firefox Plugins ====================== Profilepath: C:\Users\Breezer\AppData\Roaming\Mozilla\Firefox\Profiles\2k2hzr5w.default DE268F7665C44D2F35C82FB40E0F24E5 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.8 3A88A94AF4E545482A5961AD57464883 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.8 8BC3C037F3090BC9DA2C43A085CBE23F - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.8 40688F92FAA4228212A48522AC3468E1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.8 38955C4736DF9B50FE355818A27C6967 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.8 7D127425BBE91DF37448A7F44C1DDA52 - C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll - Google Update 97811227D33868223F88C111AB647817 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION 77E244872D4C41CA49860BFECD4DB48C - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision 1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery 65D5FF4B089A1E1B0C1BC81F045C5094 - C:\Program Files\Virtual Earth 3D\npVE3D.dll - Virtual Earth 3D 4.00090316005 plugin for Mozilla FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60 41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ F40E8C944675BF87E605E8E02FA76EDA - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19/03/2015 18:34] Chrome Web Store Payments - Breezer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda TelevisionFanatic - Breezer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh ==== Chromium Fix ====================== C:\Users\Breezer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppgplhcfmaadpnkmnkhgadmaekeldbnh deleted successfully C:\Users\Breezer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ppgplhcfmaadpnkmnkhgadmaekeldbnh_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.kvmechelen.be/" "Search Page"="http://nl.yhs4.search.yahoo.com/yhs/search?type=tdc905&hspart=avast&hsimp=yhs-001&p={searchTerms}" "Search Bar"="https://nl.search.yahoo.com?fr=hp-avast&type=tdc905" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://nl.search.yahoo.com?fr=hp-avast&type=tdc905" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.kvmechelen.be/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {4B5905A8-A0FC-46B6-9F6A-289BDD4DE261} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {CBC3475C-FB5B-4984-91B2-A6FB6B64C376} Zoeken met Wittegids.be (Visual Search) Url="http://truvo.reference.be/IE8/VisualSearch.aspx?search={searchTerms}&countryCode=BE&languagecode=nl&type=white" {F2BB2060-6BA8-403A-8B89-0508DEEEC2CC} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393" ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\Software\Policies\Google deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing) O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe ==== Empty IE Cache ====================== C:\Users\Breezer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Breezer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Breezer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=822 folders=181 160069052 bytes) ==== Empty Temp Folders ====================== C:\Users\Breezer\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Breezer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 09/12/2015 at 14:34:20,87 ======================