Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Beast on do 03/11/2016 at 10:48:13,98. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Users\Beast\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-11-02-094903.log 20038 bytes C:\zoek-results2016-11-02-104648.log 21133 bytes C:\zoek-results2016-11-02-124434.log 9651 bytes ==== Running Processes ====================== C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Beast\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BSTHDDRV\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BstHdDrv] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BSTHDDRV\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BstHdDrv] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BSTHDDRV\0000] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BstHdDrv] "BlueStacks-SplitInstaller_native.exe&SoftwareCommandLine=&LogoUrl=&SoftwareDescription="=- ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8082 MB CPU Info: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz CPU Speed: 3429,4 MHz Sound Card: Not detected Display Adapters: | RDP Encoder Mirror Driver Monitors: 1x; Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Intel(R) Ethernet Connection I217-V CD / DVD Drives: 2x (D: | G: | ) D: TSSTcorpCDDVDW SH-224DB | G: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 223,5GB | E: 1863,0GB | F: 1863,0GB Hard Disks - Free: C: 64,5GB | E: 18,9GB | F: 33,6GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 05/16/13 | ALASKA - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Gigabyte Technology Co., Ltd. Z87X-D3H-CF Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Avast Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Avast Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} Default Browser: Google Chrome 54.0.2840.71 Internet Explorer Version: 11.0.9600.18499 Mozilla Firefox version: 49.0.1 (x86 nl) Google Chrome version: 54.0.2840.71 Flash Player version: 23.0.0.205 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-10-07 07:15:43 12EBDA58437CD1EA7066FCB6455241D2 53208 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Beast\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-10-25 12:59:01 F7710C0968CDB9E4CAA7653ACB171CE0 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2016-10-25 12:59:01 7D64E699ED2153099A27681C50FF6286 497152 ----a-w- C:\Windows\SysWOW64\win32spl.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-11-01 17:20:59 3461BB433684FEAB27BCA6E7178D41AC 267912 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2016-10-25 12:59:01 A661B5183C88B8E6F8F54973D26BFE91 41984 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2016-10-25 12:59:01 7AED4A1659AAA0EC8F4C7AE58B8C560A 756736 ----a-w- C:\Windows\Sysnative\win32spl.dll 2016-10-25 12:59:01 6F2FBD68F7B475C879F79AF58786A26C 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2016-10-25 12:58:58 EE9954237F15BE4DD9304D12E4D305ED 1386496 ----a-w- C:\Windows\Sysnative\diagtrack.dll ====== C:\Windows\Sysnative\drivers ===== 2016-10-12 15:46:19 CF11CC2B73D5155533C67354F9188E09 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-10-12 15:46:19 9B38580063D281A99E68EF5813022A5F 106496 ----a-w- C:\Windows\Sysnative\drivers\dfsc.sys 2016-10-12 15:46:19 98DB1790F0A584E0A2528B92B052417F 142336 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2016-10-12 15:46:19 2E56D51B184EFB8E353B7AF446299DC8 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-10-12 15:46:18 FCA01B0C70DAE9BE557577E719469D17 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-10-12 15:46:18 8B73FEE96B60EE597CBCAA735A842A36 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-10-12 15:46:18 841474CF2EB14F826038FBCC7D85B857 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-10-12 15:46:18 386BE96797C5B480AD31E8B50CEE337C 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-11-01 13:48:04 -------- d-----w- C:\Program Files\Gramblr ======= C:\PROGRA~2 ===== 2016-10-23 19:57:34 -------- d-----w- C:\PROGRA~2\MiniLyrics ======= C: ===== 2016-11-01 10:01:21 B8E0F17848334EC2B49C6C9FB5AE9606 1728 ----a-w- C:\DelFix.txt ====== C:\Users\Beast\AppData\Roaming ====== 2016-11-02 12:44:04 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2016-11-02 12:44:04 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2016-11-02 12:44:04 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2016-11-02 12:44:04 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2016-11-02 12:44:04 -------- d-----w- C:\Users\Beast\AppData\Local\Temp 2016-11-01 18:50:32 -------- d-----w- C:\Users\Beast\AppData\Local\UNDERTALE 2016-11-01 14:03:16 F71211B6AA933CE90C9C9715DA658025 139056 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2016-11-01 11:00:35 9469FEEDF3D01A3CB16D64832D10A4E8 58016 ----a-w- C:\Users\Beast\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-26 20:52:17 -------- d-----w- C:\Users\Beast\AppData\Local\Sony 2016-10-23 19:57:37 -------- d-----w- C:\Users\Beast\AppData\Roaming\MiniLyrics 2016-10-15 09:58:40 -------- d-----w- C:\Users\Beast\AppData\Locallow\SUPERHOT_Team 2016-10-15 09:58:39 -------- d-----w- C:\Users\Beast\AppData\Local\SUPERHOT_Sp_z_o.o 2016-10-04 17:23:34 -------- d-----w- C:\Users\Beast\AppData\Locallow\Playdead ====== C:\Users\Beast ====== 2016-11-01 13:48:03 -------- d-----w- C:\ProgramData\Gramblr 2016-11-01 13:47:33 EDDDA319CE6984B8D69A43067C73BA70 10133072 ----a-w- C:\Users\Beast\Desktop\gramblr.exe 2016-10-27 11:39:58 -------- d-----w- C:\ProgramData\RELOADED 2016-10-26 11:47:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2016-10-23 19:57:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics ====== C: exe-files == 2016-11-03 08:41:04 C5583FCC9409669D1FCF0BF68E49469E 73934152 ----a-w- C:\ProgramData\NVIDIA Corporation\Downloader\4016525c1e6d0b24f4b97214c468a8af\GeForce_Experience_Update_v3.1.0.52.exe 2016-11-02 11:17:32 3A2BF830761D7053E68B15BF49E2BE53 9269968 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\Packages\00009642\DAO.21322908.exe 2016-11-01 18:12:29 93D87952773A2BB59A8667D0BC06C2C0 3811840 ----a-w- C:\Users\Beast\Downloads\Undertale\UNDERTALE.exe 2016-11-01 18:12:21 A348289EF079798DC7D48FAAD4A64B87 1327184 ----a-w- C:\Users\Beast\Downloads\Undertale\unins000.exe 2016-11-01 16:25:20 51C3D748DCE2BCA6CFF0F44B05AF4784 346512 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-11-01 16:25:16 41ABEBA4C590C16E7DF3C81B0F061147 403856 ----a-w- C:\Users\Beast\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-11-01 13:48:14 68A57EAE4FFBBB97DD7B926E6EDCC654 12395520 ----a-w- C:\ProgramData\Gramblr\convert.exe 2016-11-01 13:48:04 EDDDA319CE6984B8D69A43067C73BA70 10133072 ----a-w- C:\ProgramData\Gramblr\backup\gramblr.exe 2016-11-01 13:48:04 B43E5C48DF8BDAF2881EFB7CA8D52B2D 10220624 ----a-w- C:\Program Files\Gramblr\gramblr.exe 2016-11-01 13:47:33 EDDDA319CE6984B8D69A43067C73BA70 10133072 ----a-w- C:\Users\Beast\Desktop\gramblr.exe 2016-10-27 14:22:42 BFDE72F81CC53184D5932B60E1C94AF0 2205688 ----a-w- C:\Users\Beast\AppData\Local\Google\Chrome\User Data\SwReporter\12.77.0\software_reporter_tool.exe === C: other files == 2016-11-01 13:48:23 0AF156A3F6CAE14DD7AFA1F7B2E0A2DD 285 ----a-w- C:\ProgramData\Gramblr\restart.vbs 2016-11-01 13:48:06 F673433BA1FBF7FB138F6DF2C4024AF7 307 ----a-w- C:\ProgramData\Gramblr\chrome.vbs 2016-10-31 12:01:15 281DC7FDA17CDE5A35F0FA62195FA7D0 18602 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.module.addon.signals-0.0.1.zip 2016-10-31 12:01:13 5D3EB28635C0CF0EE68D85391052532A 628370 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.web.viewer-0.9.21.zip 2016-10-31 12:01:13 17668AA0AC1C374B12EBF033AA591971 1461272 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.module.youtube.dl-16.1026.0.zip 2016-10-30 23:18:36 9E879F40AF2289301FE49649819D5A5B 968663 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\plugin.video.exodus-2.0.17.zip 2016-10-30 20:23:55 C263542412912B438DEAC50D776DE564 968651 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\plugin.video.exodus-2.0.15.zip 2016-10-29 22:26:19 FFB83A23482E7BDCBF6734D7D8B3B87E 968185 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\plugin.video.exodus-2.0.14.zip 2016-10-27 22:15:20 05B9932D3A15D73B074888818520DAA0 916742 ----a-w- C:\Users\Beast\AppData\Roaming\Kodi\addons\packages\script.module.urlresolver-3.0.23.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3473739808-715647190-2127078386-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui" "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon" "hkey"="HKCU" "command"="\"C:\\Windows\\SysWOW64\\Rundll32.exe\" \"C:\\Users\\Beast\\AppData\\Roaming\\ValueApps\\CH\\TBVerifier.dll\",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GarminExpressTrayApp" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OscarEditor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OscarEditor" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\MOUSE Editor\\MouseEditor.exe\" Minimum" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/03/2016 19:18] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/03/2016 19:18] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Beast)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe] "C:\Windows\SysNative\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\Windows\SysNative\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\Windows\SysNative\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe] "C:\Windows\SysNative\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe] "C:\Windows\SysNative\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe] "C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1458748759" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\USER_ESRV_SVC_WILLAMETTE" ["C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\Windows\SysNative\tasks\Intel\Intel Telemetry 2" [C:\Program Files\Intel\Telemetry 2.0\lrio.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Beast\AppData\Roaming\Mozilla\Firefox\Profiles\6d2ypipm.default user_pref("browser.startup.homepage", "www.google.be"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [07/10/2016 08:15] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [07/10/2016 08:15] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Beast\AppData\Roaming\Mozilla\Firefox\Profiles\6d2ypipm.default - HTTPS-Everywhere - %ProfilePath%\extensions\https-everywhere-eff@eff.org - Disconnect - %ProfilePath%\extensions\2.0@disconnect.me.xpi - YouTube Control Center - %ProfilePath%\extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi - Undo Closed Tabs Button - %ProfilePath%\extensions\undoclosedtabsbutton@supernova00.biz.xpi - SmoothWheel AMO - %ProfilePath%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] Magic Actions for YouTube - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif Web of Trust - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp Spell Bee - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfbnahffpakjbdlccohcoglcnafhgnhm SimpleUndoClose - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhohdghchmjepmigjojkehidlielknj HTTPS Everywhere - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp Shield For Chrome - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gceighgadbamgchioaofojlblndjcggh Web Timer - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnjbdfgigejghknieofeahaknkjafim ClickClean - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod Whitelisted domains - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Hover Free - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj IE Tab - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd Social Fixer for Facebook - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb Disconnect - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo Momentum - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca Currency Converter - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg Google Dictionary (by Google) - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja GetThemAll Video Downloader - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm Save to Pocket - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj Chrome Web Store Payments - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ClickClean App - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp Virtual Keyboard - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn Gmail - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Beast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1474114344319 O17 - HKLM\System\CCS\Services\Tcpip\..\{4141A2D9-86A4-4E88-A206-76499ACA61B7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{4141A2D9-86A4-4E88-A206-76499ACA61B7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{4141A2D9-86A4-4E88-A206-76499ACA61B7}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Windows Connectiviteit voor Gramblr. (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=2 41176 bytes) ==== EOF on do 03/11/2016 at 10:49:22,32 ======================