Zoek.exe v5.0.0.0 Updated 14-10-2014 Tool run by Elke on di 14/10/2014 at 15:55:30,11. Microsoft Windows 7 Ultimate 6.1.7600 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Elke\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 14/10/2014 15:57:00 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\Canon deleted successfully C:\PROGRA~2\CanonIJScan deleted successfully C:\Users\Elke\AppData\Roaming\Canon deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe C:\Users\Elke\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default ---- Lines lucky leap removed from prefs.js ---- user_pref("extensions.lucky leap.aul", "1383291251484"); user_pref("extensions.lucky leap.irl", true); user_pref("extensions.lucky leap.is", "cbslugp6"); user_pref("extensions.lucky leap.ug", "F067FABA-5562-4390-8295-F1D45D0307CD"); ---- Lines a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552 removed from prefs.js ---- user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.active", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.addressbar", "NA"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.addressbarenhanced", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncdb_dbWasSet", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncinternaldb_dbWasSet", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.asyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.backgroundver", 1); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.certdomaininstaller", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.changeprevious", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.cookie.InstallationTime.expiration", "Fri Feb 01 user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.cookie.InstallationTime.value", "1383030646"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.description", "LyricsSay will allow you to displ user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.domain", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.enablesearch", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.homepage", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.iframe", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.InstallationThankYouPage", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.InstallationTime", 1383030646); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb._country_code_.expiration", "Fri Feb user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb._country_code_.value", "%22BE%22"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.installer.expiration", "Fri Feb 01 20 user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.installer.value", "%7B%22InstallerIde user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.InstallerIdentifiers.expiration", "Fr user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.InstallerIdentifiers.value", "%7B%22i user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.monetization_plugin_last_executable_r user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.monetization_plugin_last_executable_r user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_appVer.expiration", "Fri Fe user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_appVer.value", "36"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_lastVersion.expiration", "F user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_meta.expiration", "Fri Feb user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_nextCheck.expiration", "Wed user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_queue.expiration", "Fri Feb user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_remote_resources.expiration user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.internaldb.Resources_remote_resources.value", "% user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.lastDailyReport", "1386138043869"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.lastUpdate", "1386138044860"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.manifesturl", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.name", "LyricsSay-1"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.newtab", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.opensearch", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.pluginsurl", "https://w9u6a2p6.ssl.hwcdn.net/plu user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.pluginsversion", 26); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.publisher", "Lyrics"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.searchstatus", 0); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.setnewtab", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.thankyou", ""); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.updateinterval", 360); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.41552.ver", 36); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.apps", "41552"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.bic", "142030ce4d837b41c7806e71fbf48210"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.cid", 41552); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.firstrun", false); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.hadappinstalled", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.installationdate", 1383030646); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.modetype", "production"); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.reportInstall", true); user_pref("extensions.a71139f7bcef24ada9c6025f887d7e2e15b12962159ed453c9453d7593ee48c04com41552.statsDailyCounter", 85); ---- Lines crossrider removed from prefs.js ---- user_pref("extensions.crossrider.bic", "142030ce4d837b41c7806e71fbf48210"); ---- FireFox user.js and prefs.js backups ---- user_20141410_1606_.backup prefs_20141410_1606_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\WinZip Driver Updater deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater deleted C:\Users\Public\Desktop\WinZip Driver Updater.lnk deleted C:\Program Files\BrowseFox deleted C:\Program Files\MyPC Backup deleted C:\User Data deleted C:\Users\Elke\AppData\Roaming\WinZip\WinZipDU deleted C:\PROGRA~2\APN deleted C:\Users\Elke\AppData\Local\cache deleted C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job deleted C:\Windows\system32\tasks\WinZipDriverUpdater_UPDATES deleted C:\Windows\System32\SearchProtect deleted C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default\searchplugins\conduit-search.xml deleted "C:\PROGRA~2\Package Cache" deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (Build 7600) Memory (RAM): 3046 MB CPU Info: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz CPU Speed: 2323,5 MHz Sound Card: Speakers (TASCAM US-144 MKII) | Speakers (SoundMAX Integrated D | Display Adapters: Intel(R) Q35 Express Chipset Family (Microsoft Corporation - WDDM 1.0) | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) 82566DM-2 Gigabit Network Connection CD / DVD Drives: 4x (D: | E: | F: | H: | ) D: TSSTcorpDVD-ROM TS-H353B | E: HL-DT-STDVD-RAM GSA-H60L | F: DTSOFT BDROM | H: DTSOFT BDROM Ports: COM1 LPT1 Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 74,4GB Hard Disks - Free: C: 9,7GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | 01/25/08 | LENOVO - 60400d0 Time Zone: Romance Standard Time Motherboard *: LENOVO LENOVO Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Firewall: avast! Antivirus disabled Default Browser: Google Chrome 38.0.2125.101 Internet Explorer version: 8.0.7600.16385 Mozilla Firefox version: 32.0.3 (x86 nl) Google Chrome version: 38.0.2125.101 Adobe Reader version: 11.0.9.29 Flash Player version: 15.0.0.152 Shockwave Player version: 12.0.7r148 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Elke\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-10-10 13:01:16 C0C7CECCB6C85994C2BC92D58E52D3F2 232512 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-10-10 13:01:09 -------- d-----w- C:\Program Files\DAEMON Tools Lite 2014-10-02 11:51:59 -------- d-----w- C:\Program Files\trend micro 2014-09-21 10:13:25 -------- d-----w- C:\Program Files\Common Files\Skype 2014-09-21 10:13:25 -------- d-----r- C:\Program Files\Skype ======= C: ===== ====== C:\Users\Elke\AppData\Roaming ====== 2014-10-10 12:59:54 -------- d-----w- C:\Users\Elke\AppData\Roaming\DAEMON Tools Lite ====== C:\Users\Elke ====== 2014-10-10 13:01:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2014-10-10 12:59:50 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2014-10-02 11:50:30 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Elke\Documents\RSIT.exe 2014-09-21 10:13:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-18 13:02:01 -------- d-----w- C:\ProgramData\Western Digital ====== C: exe-files == 2014-10-10 12:59:04 E808A6B7751F6F980F97008D1AEB8036 11527296 ----a-r- C:\Users\Elke\Downloads\Demon Tools Lite v4.4 Latest Full Version - {RedDragon}\DTLite4413-0173.exe 2014-10-08 10:52:24 587DBD86B143A128205B544D4A2BFE69 10959952 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.101\38.0.2125.101_37.0.2062.124_chrome_updater.exe === C: other files == 2014-10-14 07:07:34 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Elke\AppData\Local\Temp\_MEI29802\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2014-10-14 07:07:34 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Elke\AppData\Local\Temp\_MEI29802\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2014-10-11 20:57:11 8528D148E3DCE35CEE54412135603B58 49681558 ----a-w- C:\Users\Elke\Documents\Swastika Wereld Symbool Ned.zip 2014-10-10 13:01:16 C0C7CECCB6C85994C2BC92D58E52D3F2 232512 ----a-w- C:\Windows\System32\DriverStore\FileRepository\dtsoftbus01.inf_x86_neutral_1cc2711e3c419337\dtsoftbus01.sys 2014-10-10 13:01:16 C0C7CECCB6C85994C2BC92D58E52D3F2 232512 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2014-10-10 13:01:16 C0C7CECCB6C85994C2BC92D58E52D3F2 232512 ----a-w- C:\Program Files\DAEMON Tools Lite\dtsoftbus01.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2414527585-3944006083-3816331441-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Daemon for Mouse Suite"="C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Akamai NetSession Interface"="C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" "GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart" "GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe" "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 10:08] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2414527585-3944006083-3816331441-1000Core.job --a------ C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe [13/10/2013 19:39] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2414527585-3944006083-3816331441-1000UA.job --a------ C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe [13/10/2013 19:39] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13/09/2013 11:01] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [13/09/2013 11:01] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2414527585-3944006083-3816331441-1000Core" [C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-2414527585-3944006083-3816331441-1000UA" [C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 306fa1163424425b8575b45cda62b786b7339f673fc947889603a642cd08b529" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 6935414a800449a5b02fe2cbdca84b2abf75b9c067134545bbb4b534a7a22992" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HP AR Program Upload - 775a7c0c46af4cbda1a8fa85ffe4c8e851d471cb03414053b8a7b0eb3e2b8252" [C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe] "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 3520 series" ["C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe"] "C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\system32\tasks\TVT\LenovoWERMonitor" ["C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor_shim.exe"] "C:\Windows\system32\tasks\TVT\TVSUUpdateTask" ["C:\Program Files\Lenovo\System Update\tvsuShim.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/09/2014 18:04] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default - Invite All for Facebook - %ProfilePath%\extensions\jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Elke\AppData\Roaming\Mozilla\Firefox\Profiles\prwxdqng.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Elke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update 0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for Director F3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin BE501CBC29B2025A263D80D399F1797A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In 7D35CB60201CED2F01AE06F1816231E2 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.100.18 ED28C44180ACE8CE6B39BAE8D33EAF4F - C:\Program Files\Virtools\3D Life Player\npvirtools.dll - 3DVIA player 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System B27CCB1168B1960AEC6E9D3E0E0F0D2A - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15/07/2014 11:10] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Elke\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[21/07/2014 20:41] Google Drive - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn avast Online Security - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Elke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=AV01" "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/?pc=AV01" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30 O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Elke\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Elke\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Session Launcher Service (PelService) - Unknown owner - C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe ==== Empty IE Cache ====================== C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Elke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=178 folders=53 73678160 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Elke\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Elke\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Elke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Users\Elke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4GWEQDD2\js.rating-widget.com" not found "C:\Users\Elke\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4GWEQDD2\www.oprah.com" not found ==== EOF on di 14/10/2014 at 16:13:24,55 ======================