Zoek.exe v5.0.0.0 Updated 07-March-2014 Tool run by Gianni on zo 06/04/2014 at 12:13:13,15. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\gianni\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 6/04/2014 12:15:31 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Users\gianni\AppData\Local\cache deleted successfully C:\Users\gianni\AppData\Local\HP Quick Start deleted successfully C:\Users\gianni\AppData\Local\NokiaAccount deleted successfully C:\Users\giann_000\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3865780027-3796466655-2502497910-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-3865780027-3796466655-2502497910-1002\Software\Microsoft\Internet Explorer\SearchScopes\{4FC2B1DA-89F3-4D30-B851-B682284608B8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Users\gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\WINDOWS\syswow64\wwahost.exe C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\WINDOWS\syswow64\wwahost.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files (x86)\outobox\updateoutobox.exe C:\Program Files (x86)\outobox\bin\utiloutobox.exe C:\Program Files (x86)\outobox\bin\XTLSApp.exe C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Users\gianni\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util outobox deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\rxzs3sm5.default user.js not found ---- Lines conduit removed from prefs.js ---- user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPF758FB6F- ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So ---- FireFox user.js and prefs.js backups ---- prefs_20140604_1226_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "ApnTBMon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\SearchProtect deleted C:\Users\gianni\AppData\Roaming\newnext.me deleted C:\Program Files (x86)\Mobogenie deleted C:\Users\gianni\AppData\Local\genienext deleted C:\Users\gianni\daemonprocess.txt deleted C:\Users\gianni\.android deleted C:\PROGRA~3\AskPartnerNetwork deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\Users\gianni\AppData\Local\SearchProtect deleted C:\Users\gianni\AppData\Local\Mobogenie deleted C:\WINDOWS\Syswow64\SearchProtect deleted C:\Users\gianni\Documents\Optimizer Pro deleted C:\Users\gianni\Documents\Mobogenie deleted C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\rxzs3sm5.default\searchplugins\conduit-search.xml deleted "C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\rxzs3sm5.default\extensions\toolbar_FF3-V7@apn.ask.com.xpi" deleted "C:\Program Files (x86)\outobox\updateoutobox.exe" deleted "C:\PROGRA~2\outobox\updateoutobox.exe" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\Program Files (x86)\outobox\bin\FilterApp_C64.exe" deleted "C:\Program Files (x86)\outobox\bin\utiloutobox.exe" deleted "C:\Program Files (x86)\outobox\bin\XTLS.dll" deleted "C:\Program Files (x86)\outobox\bin\XTLSApp.exe" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\outobox\bin\FilterApp_C64.exe" deleted "C:\PROGRA~2\outobox\bin\utiloutobox.exe" deleted "C:\PROGRA~2\outobox\bin\XTLS.dll" deleted "C:\PROGRA~2\outobox\bin\XTLSApp.exe" deleted "C:\Program Files (x86)\AskPartnerNetwork" deleted "C:\Program Files (x86)\outobox" not deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\PROGRA~2\outobox" not deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar" deleted "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted "C:\Program Files (x86)\outobox\bin" not deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted "C:\PROGRA~2\outobox\bin" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 7367 MB CPU Info: AMD A8-5550M APU with Radeon(tm) HD Graphics CPU Speed: 2098,4 MHz Sound Card: luidspreker/Hoofdtelefoon (Real | Display Adapters: AMD Radeon HD 8550G N HD 8550G + HD 8600M N HD 8600M Dual Graphics | AMD Radeon HD 8550G N HD 8550G + HD 8600M N HD 8600M Dual Graphics | AMD Radeon HD 8550G N HD 8550G + HD 8600M N HD 8600M Dual Graphics | AMD Radeon HD 8550G N HD 8550G + HD 8600M N HD 8600M Dual Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #2 | Realtek RTL8188EE 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVDRAM GU70N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 911,5GB | D: 18,9GB Hard Disks - Free: C: 776,7GB | D: 1,9GB Manufacturer *: Insyde BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 1983 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Firefox 28.0 Internet Explorer Version: 11.0.9600.16521 Mozilla Firefox version: 28.0 (x86 nl) Google Chrome version: 33.0.1750.154 Flash Player version: 11.8.800.94 Shockwave Player version: 11.6.6r636 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\gianni\AppData\Local\Temp ==== 2014-04-04 14:55:00 171F1BB73D0238A7A56126D3459ECDCD 50432 ----a-w- C:\Users\gianni\AppData\Local\Temp\Extract.exe 2014-03-30 12:06:16 4B5F2C6306FBC3F6658CB47D3060A77B 6339168 ----a-w- C:\Users\gianni\AppData\Local\Temp\SPSetup.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2014-03-22 09:12:57 84FAC1112B3A3B81998FAADB4F85AE59 61112 ----a-w- C:\WINDOWS\Sysnative\drivers\wStLib64.sys 2014-03-19 10:58:09 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_wpdcomp_01_11_00.Wdf 2014-03-19 10:04:15 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys 2014-03-19 10:04:13 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys 2014-03-19 10:04:12 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys 2014-03-19 08:39:04 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2014-03-19 08:39:03 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2014-03-19 08:39:02 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2014-03-19 08:39:02 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2014-03-19 08:30:25 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2014-03-19 08:30:23 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys ====== C:\WINDOWS\Tasks ====== 2014-03-30 00:44:55 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\GenericSettingsHandler 2014-03-29 17:34:25 C71F9C4E65A41143644CC847C14B5AE5 350 ----a-w- C:\WINDOWS\Tasks\HPCeeScheduleForGianni.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2014-04-05 14:37:55 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\gianni\AppData\Roaming ====== ====== C:\Users\gianni ====== 2014-04-05 14:37:14 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\gianni\Downloads\RSITx64.exe 2014-03-27 17:56:33 6D43AA185492628807399A8906D8CD91 72008 ----a-w- C:\Users\gianni\Downloads\VuzeBittorrentClientInstaller.exe 2014-03-27 16:01:43 750C6570E48DAC1F8B82058410927FFF 38450564 ----a-w- C:\Users\gianni\Downloads\SafariSetup.exe 2014-03-26 20:12:45 1A5A626D106DBBECAD4C5458F188861E 36811888 ----a-w- C:\Users\gianni\Downloads\Dropbox 2.6.26.exe 2014-03-25 15:56:51 565592D342E241EB6FCA351F9C810AE3 4787368 ----a-w- C:\Users\gianni\Downloads\ccsetup412.exe 2014-03-24 17:18:20 4F2DAC9D2500387D24FAF05C5222A1D3 1071000 ----a-w- C:\Users\gianni\Downloads\install_flashplayer12x32_mssd_aaa_aih.exe ====== C: exe-files == 2014-04-05 14:37:55 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Gianni.exe 2014-04-05 14:37:14 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\gianni\Downloads\RSITx64.exe 2014-04-04 14:55:00 171F1BB73D0238A7A56126D3459ECDCD 50432 ----a-w- C:\Users\gianni\AppData\Local\Temp\Extract.exe 2014-04-04 14:39:28 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\Update\OneDriveSetup.exe 2014-04-04 14:39:28 B18FF6F1680E0B2E2F2A63AD2F335AA7 6081224 ----a-w- C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\OneDriveSetup.exe 2014-04-04 14:39:16 9E419F97E88011FB18B26FAEE9E44FD8 78536 ----a-w- C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveConfig.exe 2014-03-30 12:06:16 4B5F2C6306FBC3F6658CB47D3060A77B 6339168 ----a-w- C:\Users\gianni\AppData\Local\Temp\SPSetup.exe 2014-03-30 11:05:16 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nss3249.exe 2014-03-30 11:05:16 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsr15D7.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3865780027-3796466655-2502497910-1002\Software\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Facebook Update"="C:\Users\gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "SkyDrive"="C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [HKEY_USERS\S-1-5-21-3865780027-3796466655-2502497910-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "20131224"="C:\Program Files\AVAST Software\Avast\setup\emupdate\bab48feb-bb5d-4c26-934f-6d6c0a0c34a5.exe /check" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray" "Facebook Update"="C:\Users\gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "SkyDrive"="C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe Update" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3865780027-3796466655-2502497910-1002Core.job --a-------- C:\Users\gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe [25/10/2013 13:11] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/12/2013 20:19] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/12/2013 20:19] C:\WINDOWS\tasks\HPCeeScheduleForGianni.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 23:15] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [09/08/2013 09:56] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{4682F3ED-8337-46B0-8A55-F62E6629CB62}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [19/03/2014 10:13] ==== Firefox Extensions ====================== ProfilePath: C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\rxzs3sm5.default - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF - YouTube Video and Audio Downloader - %ProfilePath%\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\rxzs3sm5.default FF0D6F82A0EC13952E83B9439100E45D - C:\Users\gianni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash DAD55CEF682EAE6FA7B4C9487563A496 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fjpdnoojnohifgekbkmnfbiobhcbedka - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx[] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[19/03/2014 10:10] Google Docs - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast Online Security - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\gianni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjpdnoojnohifgekbkmnfbiobhcbedka_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?ctid=CT3320133&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPF758FB6F-4159-4E27-9CA9-82D6E286BFD6&SSPV=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\bab48feb-bb5d-4c26-934f-6d6c0a0c34a5.exe /check O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Facebook Update] "C:\Users\gianni\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [SkyDrive] "C:\Users\gianni\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: @oem6.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gianni\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\gianni\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\giann_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\gianni\AppData\Local\Mozilla\Firefox\Profiles\rxzs3sm5.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\gianni\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1429 folders=240 291613904 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\gianni\AppData\Local\Temp will be emptied at reboot C:\Users\giann_000\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\gianni\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\outobox" not found "C:\PROGRA~2\outobox" not found ==== EOF on zo 06/04/2014 at 12:38:03,58 ======================