Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Michael on di 31/05/2016 at 20:41:55,50. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 31/05/2016 20:43:50 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully C:\Program Files\log deleted successfully C:\Program Files\VideoLAN deleted successfully C:\PROGRA~3\Shared Space deleted successfully C:\Users\Michael\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Michael\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Michael\AppData\Local\EmieSiteList deleted successfully C:\Users\Michael\AppData\Local\EmieUserList deleted successfully C:\Users\Michael\AppData\Local\photoOptimizeHistoryDataBase deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3281580978-1972669021-3677266868-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02068F88-D6F2-4E62-AF51-EA548DB7B9F6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\VIA_XHCI\usb3Monitor.exe C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe D:\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AcrSch2Svc] - Acronis Scheduler2 Service - c:\program files (x86)\common files\acronis\schedule2\schedul2.exe R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [afcdpsrv] - Acronis Nonstop Backup Service - c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe R2 - [CmdAgent] - COMODO Internet Security Helper Service - c:\program files\comodo\comodo internet security\cmdagent.exe R2 - [EPSON_EB_RPCV4_01] - EPSON V5 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40stb.exe R2 - [EPSON_PM_RPCV4_01] - EPSON V3 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe R2 - [MemeoBackgroundService] - MemeoBackgroundService - c:\program files (x86)\memeo\autobackup\memeobackgroundservice.exe R2 - [PURE Flow Server] - PURE Flow Server - c:\program files (x86)\pure flow server\twonkymediaserverwatchdog.exe R2 - [ss_conn_service] - SAMSUNG Mobile Connectivity Service - c:\program files (x86)\samsung\usb drivers\27_ssconn\conn\ss_conn_service.exe R2 - [syncagentsrv] - Acronis Sync Agent Service - c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe R2 - [WDDriveService] - WD Drive Manager - c:\program files (x86)\western digital\wd drive manager\wddriveservice.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe R3 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [cmdvirth] - COMODO Virtual Service Manager - c:\program files\comodo\comodo internet security\cmdvirth.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [Partner Service] - Partner Service - c:\programdata\partner\partner.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Partner Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Partner Service deleted successfully ==== Deleting Files \ Folders ====================== C:\ProgramData\Partner deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\REN1E58.tmp deleted C:\Windows\Syswow64\REN7AAC.tmp deleted C:\Windows\Syswow64\RENE88B.tmp deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3562 MB CPU Info: AMD A8-5500 APU with Radeon(tm) HD Graphics CPU Speed: 3209,6 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 7560D + 7670 Dual Graphics | AMD Radeon HD 7560D + 7670 Dual Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SH-216BB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 237,4GB | D: 629,9GB | Y: 250,6GB | Z: 50,0GB Hard Disks - Free: C: 175,0GB | D: 514,7GB | Y: 200,2GB | Z: 27,0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/09/12 | MEDION - 11112011 Time Zone: Romance (standaardtijd) Motherboard *: MEDION MS-7800 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall *Enabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} Internet Explorer Version: 11.0.9600.18314 Mozilla Firefox version: 46.0.1 (x86 nl) Google Chrome version: 51.0.2704.63 Adobe Reader version: 11.0.16.13 Sun Java version: 1.8.0_91 (32-bit) Sun Java version: 1.8.0_91 (64-bit) Flash Player version: 21.0.0.242 Shockwave Player version: 12.2.4r194 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Michael\AppData\Local\Temp ==== 2016-05-30 19:26:10 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Michael\AppData\Local\Temp\ehdrv.sys ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-05-14 12:11:38 4371705697BBB2CAA7C7523058109CE9 264936 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys 2016-05-14 12:11:38 3A9D7D464BDB3B70D7ECF689ADABBD4D 986344 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2016-05-14 12:10:43 C08CCCE2BE68D04E6C142614736959DA 154344 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-05-14 12:10:43 8308FC2E9147D7632221E3279BB14660 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-05-14 12:10:43 6474F8823C7188D2DA579F01FB6CED6B 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-05-14 12:10:43 1F8DA4ECAEA7E2BCD97E738795817431 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-05-14 12:10:43 0878723427BA190E5ABA5AA0112FA4D4 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-05-14 12:10:43 035C0A9A63DF3F3A52B90D8F6BF0F166 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-05-31 16:00:22 -------- d-----w- C:\Program Files\trend micro 2016-05-30 14:08:06 -------- d-----w- C:\Program Files\WDCSAM ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Michael\AppData\Roaming ====== 2016-05-30 19:22:19 -------- d-----w- C:\Users\Michael\AppData\Local\ESET ====== C:\Users\Michael ====== ====== C: exe-files == 2016-05-31 16:00:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Michael.exe 2016-05-30 19:22:37 5A8A8851E277577D82EE742BC1AA41C7 6858912 ----a-w- C:\Users\Michael\AppData\Local\ESET\ESETOnlineScanner\esetonlinescanner_enu_upd.exe 2016-05-26 06:16:21 FA34E3A8FF05F69B2EDEA72438E7FFFF 454144 ----a-w- C:\Windows\SysWOW64\GWX\GWX.exe 2016-05-26 06:16:21 DAE5C698C08E4FDFB052D4A2B05FAF2B 358400 ----a-w- C:\Windows\System32\GWX\GWXDetector.exe 2016-05-26 06:16:21 A93954A96CC7B19F88C8211A88E5949A 421488 ----a-w- C:\Windows\System32\GWX\GWXUXWorker.exe 2016-05-26 06:16:21 7003287A5032A3AF1CCF1B9A6FFAA057 534016 ----a-w- C:\Windows\System32\GWX\GWX.exe 2016-05-26 06:16:21 5A1761A6B80DFA60523A0A1850E214EC 755200 ----a-w- C:\Windows\System32\GWX\GWXConfigManager.exe 2016-05-26 06:16:21 246CE916C4EB466C436EFB2E1827C7B6 119296 ----a-w- C:\Windows\System32\GWX\GWXUX.exe 2016-05-25 18:35:40 B6006C521621E1EB34C22671D3A92C97 12803672 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.63\51.0.2704.63_50.0.2661.102_chrome_updater.exe === C: other files == 2016-05-30 19:26:10 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\Michael\AppData\Local\Temp\ehdrv.sys 2016-05-25 08:11:23 907B8D995783B390C551F5FC9F7524E6 2043369 ----a-w- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default\features\{0ec526cd-b7e1-45f0-b151-b539a21389c9}\loop@mozilla.org.xpi 2016-05-25 08:11:23 2AC8B15290B31440AC21AD87420A73C9 6303 ----a-w- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default\features\{0ec526cd-b7e1-45f0-b151-b539a21389c9}\e10srollout@mozilla.org.xpi 2016-05-25 08:11:23 125338DF748FBDDE546EB2C164D2FAC8 686304 ----a-w- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default\features\{0ec526cd-b7e1-45f0-b151-b539a21389c9}\firefox@getpocket.com.xpi ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3281580978-1972669021-3677266868-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "AcronisTibMounterMonitor"="C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" "WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "VIAxHCUtl"="C:\VIA_XHCI\usb3Monitor.exe" "COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesPreload" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="KiesTrayAgent" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify" "hkey"="HKCU" "command"="\"C:\\Users\\Michael\\AppData\\Roaming\\Spotify\\Spotify.exe\" -autostart -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Spotify Web Helper" "hkey"="HKCU" "command"="\"C:\\Users\\Michael\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE FlowServer Tray Control.lnk] "item"="PURE FlowServer Tray Control" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\PURE FlowServer Tray Control.lnk" "backup"="C:\\Windows\\pss\\PURE FlowServer Tray Control.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\PUREFL~1\\TWONKY~2.EXE" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/05/2016 13:12] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 15:41] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 15:41] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1460499630" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\Windows\SysNative\tasks\{683D24B5-3D25-4FA8-8BF2-45D4990F1D1D}" [C:\Program Files (x86)\CoolPro\coolpro.exe] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\Windows\SysNative\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"] "C:\Windows\SysNative\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\SysNative\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-01-25 19:14:59 -------- d-----w- C:\PROGRA~3\G DATA ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\5x1neyqd.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"); user_pref("browser.search.defaultengine", "Google (avast)"); user_pref("browser.search.selectedEngine", "Google (avast)"); user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2016 21:56] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [29/04/2016 21:56]